问题描述
在tomcat7上,我们的Web应用程序正在通过端口8443
上的https运行,并且工作正常,但无法将https默认端口(443
)重定向到8443
,因此':8443'具有当我们必须访问应用程序时,将其包含在URL中.我包括了server.xml文件的某些部分.为了能够加载我们的页面而不必在URL中输入端口信息,应该怎么做?
On tomcat7, our web application is running through https over port 8443
and works fine except that we are unable to redirect https default port (443
) to 8443
so as a consequence the ':8443' has to be included in the URL whenever we have to access the application.I include some parts of our server.xml file. What should be done in order to be able to load our pages without having to enter port information in the URL?
<Connector port="8080" protocol="HTTP/1.1"
connectionTimeout="20000"
URIEncoding="UTF-8"
enableLookups="false"
redirectPort="8443" />
<Connector port="80" protocol="HTTP/1.1"
connectionTimeout="20000"
URIEncoding="UTF-8"
enableLookups="false"
redirectPort="8443" />
<Connector port="443" protocol="HTTP/1.1"
connectionTimeout="20000"
URIEncoding="UTF-8"
enableLookups="false"
redirectPort="8443" />
...
<Connector port="8443"
maxHttpHeaderSize="65536"
scheme="https"
secure="true"
SSLEnabled="true"
clientAuth="false"
enableLookups="true"
acceptCount="100"
disableUploadTimeout="true"
maxThreads="200"
sslProtocol="TLS"
keystoreFile="/toto/has/a/certificate.jks"
keystorePass="totohasapassword"
protocol="org.apache.coyote.http11.Http11NioProtocol" />
推荐答案
我在使用iptables的coderanch上找到了一个简单的解决方案: http://coderanch.com/t/601907/Tomcat/SSL-work
I found a simple solution on coderanch using iptables: http://coderanch.com/t/601907/Tomcat/SSL-work
这是要输入的行:
iptables -t nat -A PREROUTING -p tcp --dport 443 -j REDIRECT --to-port 8443
新修改
这是我的完整答案.上一个答案有一个问题,因为当我们从http调用url时,重定向是可以的,但是总是在末尾添加:8443",这不是很好.
New edit
Here is my complete answer now. We had a problem with the previous answer as when we were calling the url from http, the redirection was ok but was always adding ':8443' at the end which was not very nice.
因此,就iptable而言,这是我们写的:
So in terms of iptable, here is what we wrote:
sudo iptables -t nat -I PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-ports 8080
sudo iptables -t nat -A OUTPUT -p tcp -d <your_ip_address>,<your_ip_address> --dport 80 -j REDIRECT --to-port 8080
sudo iptables -t nat -I PREROUTING -p tcp --destination-port 443 -j REDIRECT --to-ports 8443
现在同样重要的是在tomcat conf文件 server.xml 中添加重定向:
Now also important is to add redirections in tomcat conf file server.xml:
<Connector port="8080"
enableLookups="false"
redirectPort="443" />
<Connector port="443" protocol="HTTP/1.1"
enableLookups="false"
redirectPort="8443" />
就是这样,重新启动tomcat,一切都应该正常工作.我不是iptable配置专家,因此在修改生产环境中的任何现有配置之前,请先与sysadmins进行验证.
That's it, restart tomcat and all should be working. I'm not an expert in iptable configurations so please validate with sysadmins before modifying any existing config in production.
这篇关于Tomcat 7:自动将https请求重定向到端口8443的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!