Ubuntu配置tomcat 443（https）

Posted 2020-12-04

Ubuntu配置tomcat 443（https）：

生成.keystore文件：

keytool -genkey -alias tomcat -keyalg RSA

Enter keystore password:
Re-enter new password:
What is your first and last name?

What is the name of your organizational unit?

What is the name of your organization?

What is the name of your City or Locality?

What is the name of your State or Province?

What is the two-letter country code for this unit?

Is CN=aa, OU=aa, O=aa, L=aa, ST=aa, C=aa correct?

Enter key password for <tomcat>
(RETURN if same as keystore password):
Re-enter new password:

Warning:
The JKS keystore uses a proprietary format. It is recommended to migrate to PKCS12 which is an industry standard format using "keytool -importkeystore -srckeystore /root/.keystore -destkeystore /root/.keystore -deststoretype pkcs12".

mv /root/.keystore /var/lib/tomcat7/conf/

vi /var/lib/tomcat7/conf/server.xml

<Connector port="8443" protocol="org.apache.coyote.http11.Http11Protocol"
maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS" keystoreFile="/var/lib/tomcat7/conf/.keystore" keystorePass="xxxxx" />

:wq

service tomcat7 restart

netstat -nplt | grep 8443 （此时为8443端口）

apt-get install authbind

vi /etc/default/tomcat7

AUTHBIND=yes （默认为#AUTHBIND=no）
:wq

touch /etc/authbind/byport/443

chown tomcat7:tomcat7 /etc/authbind/byport/443

chmod 0755 /etc/authbind/byport/443

vi /var/lib/tomcat7/conf/server.xml

:1,$ s/8443/443/g
:wq

service tomcat7 restart

netstat -nptl | grep 443