tomcat同一端口绑定多域名开启SSL

115 阅读 0 评论 76 点赞

我是靠谱客的博主阳光大炮，这篇文章主要介绍tomcat同一端口绑定多域名开启SSL，现在分享给大家，希望可以做个参考。

需求是tomcat一个443端口，配置两个域名ssl证书。查了一些资料总结如下：

1.需要tomcat 8.5 版本以上，低版本不支持配置多个。我用的版本是8.5.58 ，如果你用更高版本的tomcat也是可以的。我之所以用8.5.58版本的是因为

我的jdk是1.7 的。

conf下的server.xml文件。配置如下

复制代码

<?xml version="1.0" encoding="UTF-8"?>
  <Listener className="org.apache.catalina.startup.VersionLoggerListener" ></Listener>
  <Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" ></Listener>
  <Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener" ></Listener>
  <Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" ></Listener>
  <Listener className="org.apache.catalina.core.ThreadLocalLeakPreventionListener" ></Listener>
  <GlobalNamingResources>
    <Resource name="UserDatabase" auth="Container"
              type="org.apache.catalina.UserDatabase"
              description="User database that can be updated and saved"
              factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
              pathname="conf/tomcat-users.xml" ></Resource>
  </GlobalNamingResources>
  <Service name="Catalina">
    
    <Connector port="80" protocol="HTTP/1.1"
              connectionTimeout="20000"
              maxHttpHeaderSize="8192"
              maxThreads="1000"
              minSpareThreads="25"
              maxSpareThreads="75"
              enableLookups="false"
              compression="on"
              compressionMinSize="2048"
              compressableMimeType="text/html,text/xml,text/javascript,text/css,text/plain"
              redirectPort="443" ></Connector>
    
    <Connector port="443" protocol="org.apache.coyote.http11.Http11NioProtocol"
      maxThreads="150" SSLEnabled="true" defaultSSLHostConfigName="www.aaa.com">
      <SSLHostConfig hostName="www.aaa.com">
          <Certificate certificateKeystoreFile="cert/3098620_www.aaa.com.pfx"
              certificateKeystorePassword="xxx" 
              certificateKeystoreType="PKCS12" ></Certificate>
      </SSLHostConfig>
      <SSLHostConfig hostName="www.bbb.net">
          <Certificate certificateKeystoreFile="cert/4536437_www.bbb.net.pfx"
              certificateKeystorePassword="xxx" 
              certificateKeystoreType="PKCS12" ></Certificate>
      </SSLHostConfig>
    </Connector>
    
    <Connector port="777" protocol="org.apache.coyote.http11.Http11NioProtocol"
            maxThreads="150" SSLEnabled="true" >
      <SSLHostConfig>
           <Certificate certificateKeystoreFile="cert/4333994.net.pfx"
              certificateKeystorePassword="xxx" 
              certificateKeystoreType="PKCS12" ></Certificate>
      </SSLHostConfig>
    </Connector>
    <Connector protocol="AJP/1.3" 
               address="::1" port="8009" 
               redirectPort="443" 
               secretRequired="" ></Connector>
    <Engine name="Catalina" defaultHost="localhost">
      <Realm className="org.apache.catalina.realm.LockOutRealm">
        <Realm className="org.apache.catalina.realm.UserDatabaseRealm"
               resourceName="UserDatabase"></Realm>
      </Realm>
      <Host name="localhost"  appBase="webapps" 
        unpackWARs="true" autoDeploy="true">
        <Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"
               prefix="localhost_access_log" suffix=".txt"
               pattern="%h %l %u %t "%r" %s %b" ></Valve>
        
        <Context path="/" docBase="/home/website/" reloadable="false" ></Context>
      </Host>
    </Engine>
  </Service>
</Server>

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
<?xml version="1.0" encoding="UTF-8"?>
  <Listener className="org.apache.catalina.startup.VersionLoggerListener" />
  <Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" />
  <Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener" />
  <Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" />
  <Listener className="org.apache.catalina.core.ThreadLocalLeakPreventionListener" />
  <GlobalNamingResources>
    <Resource name="UserDatabase" auth="Container"
              type="org.apache.catalina.UserDatabase"
              description="User database that can be updated and saved"
              factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
              pathname="conf/tomcat-users.xml" />
  </GlobalNamingResources>
  <Service name="Catalina">
    <!-- 80端口专向443端口 -->
    <Connector port="80" protocol="HTTP/1.1"
              connectionTimeout="20000"
              maxHttpHeaderSize="8192"
              maxThreads="1000"
              minSpareThreads="25"
              maxSpareThreads="75"
              enableLookups="false"
              compression="on"
              compressionMinSize="2048"
              compressableMimeType="text/html,text/xml,text/javascript,text/css,text/plain"
              redirectPort="443" />
    <!-- 
      443端口配置了两个域名对应两个证书，注意defaultSSLHostConfigName参数的值必须与SSLHostConfig中的一个的hostName相同，
      即defaultSSLHostConfigName="www.aaa.com" 或 defaultSSLHostConfigName="www.bbb.net" ，官方文档就是这么要求的。
     -->
    <Connector port="443" protocol="org.apache.coyote.http11.Http11NioProtocol"
      maxThreads="150" SSLEnabled="true" defaultSSLHostConfigName="www.aaa.com">
      <SSLHostConfig hostName="www.aaa.com">
          <Certificate certificateKeystoreFile="cert/3098620_www.aaa.com.pfx"
              certificateKeystorePassword="xxx" 
              certificateKeystoreType="PKCS12" />
      </SSLHostConfig>
      <SSLHostConfig hostName="www.bbb.net">
          <Certificate certificateKeystoreFile="cert/4536437_www.bbb.net.pfx"
              certificateKeystorePassword="xxx" 
              certificateKeystoreType="PKCS12" />
      </SSLHostConfig>
    </Connector>
    <!-- 777端口配置了一个域名，就不需要上面那么复杂了。 -->
    <Connector port="777" protocol="org.apache.coyote.http11.Http11NioProtocol"
            maxThreads="150" SSLEnabled="true" >
      <SSLHostConfig>
           <Certificate certificateKeystoreFile="cert/4333994.net.pfx"
              certificateKeystorePassword="xxx" 
              certificateKeystoreType="PKCS12" />
      </SSLHostConfig>
    </Connector>
    <Connector protocol="AJP/1.3" 
               address="::1" port="8009" 
               redirectPort="443" 
               secretRequired="" />
    <Engine name="Catalina" defaultHost="localhost">
      <Realm className="org.apache.catalina.realm.LockOutRealm">
        <Realm className="org.apache.catalina.realm.UserDatabaseRealm"
               resourceName="UserDatabase"/>
      </Realm>
      <Host name="localhost"  appBase="webapps" 
        unpackWARs="true" autoDeploy="true">
        <Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"
               prefix="localhost_access_log" suffix=".txt"
               pattern="%h %l %u %t &quot;%r&quot; %s %b" />
        <!-- 设置默认项目名称 -->
        <Context path="/" docBase="/home/website/" reloadable="false" />
      </Host>
    </Engine>
  </Service>
</Server>