Tomcat8配置多个SSL连接器
Tomcat 8 configure multiple SSL connectors
我有一个 tomcat 服务器实例,它有 2 个服务,每个 运行 在不同的端口上:
<Service name="service-1">
<Connector port="8080" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="8443" maxThreads="300" />
<Connector port="8009" protocol="AJP/1.3" redirectPort="8443" />
<Engine name="service-1" defaultHost="localhost" >
<Realm className="org.apache.catalina.realm.UserDatabaseRealm"
resourceName="UserDatabase"/>
<Host name="localhost" appBase="service-1"
unpackWARs="true" autoDeploy="true"
xmlValidation="false" xmlNamespaceAware="false">
</Host>
</Engine>
</Service>
<Service name="service-2">
<Connector port="8181" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="8443" maxThreads="300" />
<Connector port="8099" protocol="AJP/1.3" redirectPort="8443" />
<Engine name="service-2" defaultHost="localhost">
<Realm className="org.apache.catalina.realm.UserDatabaseRealm"
resourceName="UserDatabase"/>
<Host name="localhost" appBase="service-2"
unpackWARs="true" autoDeploy="true"
xmlValidation="false" xmlNamespaceAware="false">
</Host>
</Engine>
</Service>
这 2 个服务工作于:{public-ip}:8080/service-1 and {public-ip}:8181/service-2。
现在,我想在此服务器上安装 SSL 证书以保护与两个端点的连接,我该怎么做?我发现的所有相关答案都使用端口 8443 上的单个连接器:
<Connector connectionTimeout="20000"
acceptCount="100" scheme="https" secure="true"
port="443" clientAuth="false" sslProtocol="TLS"
keystoreFile="PATH_TO_KEY_STORE"
keystorePass="KEY_STORE_PASS"
keyAlias="KEY_STORE_ALIAS"/>
但我需要使用多个连接器。
我刚刚为这两个服务更改了连接器,如下所示:
<Connector port="8080" maxHttpHeaderSize="8192" maxThreads="100"
minSpareThreads="25" maxSpareThreads="75"
enableLookups="false" disableUploadTimeout="true"
acceptCount="100" scheme="https" secure="true"
SSLEnabled="true" clientAuth="false"
sslProtocol="TLS" keyAlias="server"
keystoreFile="cert.jks"
keystorePass="password" />
和
<Connector port="8181" maxHttpHeaderSize="8192" maxThreads="100"
minSpareThreads="25" maxSpareThreads="75"
enableLookups="false" disableUploadTimeout="true"
acceptCount="100" scheme="https" secure="true"
SSLEnabled="true" clientAuth="false"
sslProtocol="TLS" keyAlias="server"
keystoreFile="cert.jks"
keystorePass="password" />
现在我的端点在 HTTPS 上工作。
我有一个 tomcat 服务器实例,它有 2 个服务,每个 运行 在不同的端口上:
<Service name="service-1">
<Connector port="8080" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="8443" maxThreads="300" />
<Connector port="8009" protocol="AJP/1.3" redirectPort="8443" />
<Engine name="service-1" defaultHost="localhost" >
<Realm className="org.apache.catalina.realm.UserDatabaseRealm"
resourceName="UserDatabase"/>
<Host name="localhost" appBase="service-1"
unpackWARs="true" autoDeploy="true"
xmlValidation="false" xmlNamespaceAware="false">
</Host>
</Engine>
</Service>
<Service name="service-2">
<Connector port="8181" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="8443" maxThreads="300" />
<Connector port="8099" protocol="AJP/1.3" redirectPort="8443" />
<Engine name="service-2" defaultHost="localhost">
<Realm className="org.apache.catalina.realm.UserDatabaseRealm"
resourceName="UserDatabase"/>
<Host name="localhost" appBase="service-2"
unpackWARs="true" autoDeploy="true"
xmlValidation="false" xmlNamespaceAware="false">
</Host>
</Engine>
</Service>
这 2 个服务工作于:{public-ip}:8080/service-1 and {public-ip}:8181/service-2。 现在,我想在此服务器上安装 SSL 证书以保护与两个端点的连接,我该怎么做?我发现的所有相关答案都使用端口 8443 上的单个连接器:
<Connector connectionTimeout="20000"
acceptCount="100" scheme="https" secure="true"
port="443" clientAuth="false" sslProtocol="TLS"
keystoreFile="PATH_TO_KEY_STORE"
keystorePass="KEY_STORE_PASS"
keyAlias="KEY_STORE_ALIAS"/>
但我需要使用多个连接器。
我刚刚为这两个服务更改了连接器,如下所示:
<Connector port="8080" maxHttpHeaderSize="8192" maxThreads="100"
minSpareThreads="25" maxSpareThreads="75"
enableLookups="false" disableUploadTimeout="true"
acceptCount="100" scheme="https" secure="true"
SSLEnabled="true" clientAuth="false"
sslProtocol="TLS" keyAlias="server"
keystoreFile="cert.jks"
keystorePass="password" />
和
<Connector port="8181" maxHttpHeaderSize="8192" maxThreads="100"
minSpareThreads="25" maxSpareThreads="75"
enableLookups="false" disableUploadTimeout="true"
acceptCount="100" scheme="https" secure="true"
SSLEnabled="true" clientAuth="false"
sslProtocol="TLS" keyAlias="server"
keystoreFile="cert.jks"
keystorePass="password" />
现在我的端点在 HTTPS 上工作。