- 设置https:
<Connector port="443" protocol="HTTP/1.1" SSLEnabled="true" maxThreads="150" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" keystoreFile="cert/your-name.pfx" keystorePass="your password"/>
keystoreFile : cer path
keystorePass:cer password
- 配置80端口,将8080改成80, redirectPort为443 <Connector port="80" protocol="HTTP/1.1" connectionTimeout="20000" URIEncoding="UTF-8" redirectPort="443" />
- 配置8009端口重定向 <Connector port="8009" protocol="AJP/1.3" redirectPort="443" />
- 在 $TOMCAT_HOME/conf/web.xml中在</welcome-file-list >后面加入以下配置,禁止http访问
<login-config>
<!-- Authorization setting for SSL -->
<auth-method>CLIENT-CERT</auth-method>
<realm-name>Client Cert Users-only Area</realm-name>
</login-config>
<security-constraint>
<!-- Authorization setting for SSL -->
<web-resource-collection >
<web-resource-name >SSL</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>