tomcat https redirect ( 톰캣 https 리다이렉트, 무료ssl , )

admin 2021.09.15

tomcat에서 SSL을 적용후에 어떤 페이지든 https로 적용하기 위해서 redirect 를 이용하게 된다

간단하게 server.xml 파일과 web.xml 파일 2가지를 수정하면 된다

사용버전 : tomcat 8.5

1. server.xml 파일 수정 ( 기본 8080 포트와 8443포트를 80 / 443포트로 수정)

[root@localhost conf]# vi /usr/local/tomcat/conf/server.xml|

<Connector port="8080" protocol="HTTP/1.1"
               connectionTimeout="20000"
               redirectPort="8443" />


<!-- 기본값이 위처럼 되어 있는데 아래값으로 변경 -->
<Connector port="80" protocol="HTTP/1.1"
               connectionTimeout="20000"
               redirectPort="443" />
    <!-- A "Connector" using the shared thread pool-->

<!-- https 적용부분 -->
<span class="crayon-h"><</span><span class="crayon-sy">!</span>-- <span class="crayon-e">PEM </span><span class="crayon-e">SSL </span><span class="crayon-e">Password </span><span class="crayon-i">NONE</span> / <span class="crayon-i">HTTP</span>/<span class="crayon-cn">1</span> / <span class="crayon-i">https</span>-<span class="crayon-i">openssl</span>-<span class="crayon-e">nio </span><span class="crayon-i">protocol</span> 사용 <span class="crayon-sy">(</span><span class="crayon-e">tomcat </span><span class="crayon-i">native</span> 상관없이 동작됨 --<span class="crayon-h">></span>
<Connector port="443" protocol="org.apache.coyote.http11.Http11NioProtocol"
 maxHttpHeaderSize="8192" maxThreads="150"
 enableLookups="false" acceptCount="100" connectionTimeout="20000"
 disableUploadTimeout="true"
 SSLEnabled="true" scheme="https" Protocol="TLS">
 <SSLHostConfig>
 <Certificate certificateKeyFile="/etc/letsencrypt/live/apm.xinet.kr/privkey.pem"
 certificateFile="/etc/letsencrypt/live/apm.xinet.kr/cert.pem"
 certificateChainFile="/etc/letsencrypt/live/apm.xinet.kr/chain.pem"
 type="RSA" />
 </SSLHostConfig>
 </Connector>

<!-- 가상호스트 적용부분 -->
<Host name="apm.xinet.kr" appBase="/home/xinet/html" unpackWARs="true" autoDeploy="true">
        <Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"
         prefix="jsp.xinet.kr_access_log" suffix=".txt"
         pattern="%h %l %u %t %r %s %b" />
        <Context path="" docBase="/home/xinet/html/" debug="0" reloadable="true"/>
        </Host>

[root@localhost conf]# vi /usr/local/tomcat/conf/server.xml|

<Connector port="8080" protocol="HTTP/1.1"

connectionTimeout="20000"

redirectPort="8443" />

<Connector port="80" protocol="HTTP/1.1"

connectionTimeout="20000"

redirectPort="443" />

<Connector port="443" protocol="org.apache.coyote.http11.Http11NioProtocol"

maxHttpHeaderSize="8192" maxThreads="150"

enableLookups="false" acceptCount="100" connectionTimeout="20000"

disableUploadTimeout="true"

SSLEnabled="true" scheme="https" Protocol="TLS">

<Certificate certificateKeyFile="/etc/letsencrypt/live/apm.xinet.kr/privkey.pem"

certificateFile="/etc/letsencrypt/live/apm.xinet.kr/cert.pem"

certificateChainFile="/etc/letsencrypt/live/apm.xinet.kr/chain.pem"

type="RSA" />

</SSLHostConfig>

</Connector>

<Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"

prefix="jsp.xinet.kr_access_log" suffix=".txt"

pattern="%h %l %u %t %r %s %b" />

</Host>

2. web.xml 파일 하단에 내용 추가 하단 </web-app> 부분 위에 아래 내용 추가

[root@localhost conf]# vi /usr/local/tomcat/conf/web.xml 

<security-constraint>
    <web-resource-collection>
    <web-resource-name>Protected Context</web-resource-name>
    <url-pattern>/*</url-pattern>
    </web-resource-collection>

    <user-data-constraint>
    <transport-guarantee>CONFIDENTIAL</transport-guarantee>
    </user-data-constraint>
   </security-constraint>

[root@localhost conf]# vi /usr/local/tomcat/conf/web.xml

<security-constraint>

<web-resource-collection>

<web-resource-name>Protected Context</web-resource-name>

<url-pattern>/*</url-pattern>

</web-resource-collection>

<user-data-constraint>

<transport-guarantee>CONFIDENTIAL</transport-guarantee>

</user-data-constraint>

</security-constraint>

3. tomcat 중지 및 시작을 하게 되면 tomcat 기본은 80포트동작 / https 443포트로 동작되며
웹에서 http://apm.xinet.kr 접속시 자동으로 https://apm.xinet.kr 동작되게 된다

태그: tomcat redirect tomcat https

상품명
주문번호
택배사
송장번호

시골청년의 엔지니어이야기 ( 진반장 )

tomcat https redirect ( 톰캣 https 리다이렉트, 무료ssl , )

코멘트 쓰기 작성취소