tomcat问题整理

1. SSL证书:
keytool -genkey -v -alias testKey -keyalg RSA -validity 3650 -keystore /root/***.keystore
Enter keystore password: ***
 
修改tomcat server.xml
<Connector port="8443" protocol="org.apache.coyote.http11.Http11Protocol"
               maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
               clientAuth="false" sslProtocol="TLS" keystoreFile="/opt/tools/***.keystore" keystorePass="***"  />
阿里云证书安装:
<Connector port="443"    #https默认端口
    protocol="HTTP/1.1"
    SSLEnabled="true"
    scheme="https"
    secure="true"
    keystoreFile="domain name.pfx"   #此处keystoreFile代表证书文件的路径,请用您证书的文件名替换domain name。
    keystoreType="PKCS12"
    keystorePass="证书密码"   #请用您证书密码替换文件中的内容。
    clientAuth="false"
    SSLProtocol="TLSv1+TLSv1.1+TLSv1.2" ciphers="TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA256"/>

 

2. http强跳https
修改server.xml
<Connector port="80" protocol="HTTP/1.1"
                    maxThreads="150" connectionTimeout="20000"
                    redirectPort="443" />
<Connector port="8009" protocol="AJP/1.3" redirectPort="443" />
修改web.xml添加红色部分:
<welcome-file-list>
        <welcome-file>index.html</welcome-file>
        <welcome-file>index.htm</welcome-file>
        <welcome-file>index.jsp</welcome-file>
    </welcome-file-list>
    <security-constraint>
        <web-resource-collection >
              <web-resource-name >SSL</web-resource-name>
              <url-pattern>/*</url-pattern>
        </web-resource-collection>
        <user-data-constraint>
             <transport-guarantee>CONFIDENTIAL</transport-guarantee>
        </user-data-constraint>
    </security-constraint>

 

3. 设置tomcat6主页:
修改web.xml添加:
<welcome-file-list>
        <welcome-file>index.html</welcome-file>
        <welcome-file>index.htm</welcome-file>
        <welcome-file>index.jsp</welcome-file>
    </welcome-file-list>
在webapps/Root下添加index.jsp页面,页面内容:
<%response.sendRedirect("http://<host:port>/<applicationName>"); %>
 
4. pdf图片无法显示,url为https,报错:
javax.net.ssl.SSLHandshakeException: No appropriate protocol
需要修改/opt/tools/jdk1.8.0_291/jre/lib/security/java.security文件,去掉红色部分:
jdk.tls.disabledAlgorithms=SSLv3, TLSv1, TLSv1.1, RC4, DES, MD5withRSA, \
 
5. tomcat修改端口:
https://www.cnblogs.com/wuxu/p/10380704.html
posted @ 2022-04-28 08:33  dvkc  阅读(21)  评论(0)    收藏  举报