我有一个在 tomcat 7 上运行的 Web 应用程序(java、jsp)。当我执行 http://localhost.somedomain.com/
我想启用 SSL 以便我可以访问我的网站 https://localhost.somedomain.com/
我已经安装了自签名证书并配置了 httpd.conf(在 apache 上) 按照
中说明的步骤操作https://getgrav.org/blog/mac-os-x-apache-setup-ssl
当我访问 https://localhost.somedomain.com/
时,它似乎在寻找 index.html 来提供服务。我在我的 Web 应用程序的根目录中添加了一个虚拟 index.html 并且它得到了服务。它似乎充当静态文件而不是将其呈现为 Web 应用程序(按照 http 版本执行 Controller )。当我访问 https://localhost.somedomain.com/url/它报告 404/url/not found
我的第一个问题是,
- 除了更改 httpd.conf (apache) 之外,我还需要对 tomcat (server.xml) 进行任何配置吗
我的第二个问题是,
- 在 httpd.conf 中,我将文档根目录指定为 Web 应用程序部署到的文件夹 (/apps/sstp/tomcat/webapps/ROOT),这是正确的吗?我的 httpd.conf 条目如下
我的httpd.conf文件如下
ServerRoot "/usr"
Listen 80
Listen 443
LoadModule authn_file_module libexec/apache2/mod_authn_file.so
LoadModule authn_core_module libexec/apache2/mod_authn_core.so
LoadModule authz_host_module libexec/apache2/mod_authz_host.so
LoadModule authz_groupfile_module libexec/apache2/mod_authz_groupfile.so
LoadModule authz_user_module libexec/apache2/mod_authz_user.so
LoadModule authz_core_module libexec/apache2/mod_authz_core.so
LoadModule access_compat_module libexec/apache2/mod_access_compat.so
LoadModule auth_basic_module libexec/apache2/mod_auth_basic.so
LoadModule socache_shmcb_module libexec/apache2/mod_socache_shmcb.so
LoadModule reqtimeout_module libexec/apache2/mod_reqtimeout.so
LoadModule filter_module libexec/apache2/mod_filter.so
LoadModule mime_module libexec/apache2/mod_mime.so
LoadModule log_config_module libexec/apache2/mod_log_config.so
LoadModule env_module libexec/apache2/mod_env.so
LoadModule headers_module libexec/apache2/mod_headers.so
LoadModule setenvif_module libexec/apache2/mod_setenvif.so
LoadModule version_module libexec/apache2/mod_version.so
LoadModule proxy_module libexec/apache2/mod_proxy.so
LoadModule proxy_connect_module libexec/apache2/mod_proxy_connect.so
LoadModule proxy_ftp_module libexec/apache2/mod_proxy_ftp.so
LoadModule proxy_http_module libexec/apache2/mod_proxy_http.so
LoadModule proxy_fcgi_module libexec/apache2/mod_proxy_fcgi.so
LoadModule proxy_scgi_module libexec/apache2/mod_proxy_scgi.so
LoadModule proxy_wstunnel_module libexec/apache2/mod_proxy_wstunnel.so
LoadModule proxy_ajp_module libexec/apache2/mod_proxy_ajp.so
LoadModule proxy_balancer_module libexec/apache2/mod_proxy_balancer.so
LoadModule proxy_express_module libexec/apache2/mod_proxy_express.so
LoadModule slotmem_shm_module libexec/apache2/mod_slotmem_shm.so
LoadModule ssl_module libexec/apache2/mod_ssl.so
LoadModule lbmethod_byrequests_module libexec/apache2/mod_lbmethod_byrequests.so
LoadModule lbmethod_bytraffic_module libexec/apache2/mod_lbmethod_bytraffic.so
LoadModule lbmethod_bybusyness_module libexec/apache2/mod_lbmethod_bybusyness.so
LoadModule unixd_module libexec/apache2/mod_unixd.so
LoadModule status_module libexec/apache2/mod_status.so
LoadModule autoindex_module libexec/apache2/mod_autoindex.so
LoadModule negotiation_module libexec/apache2/mod_negotiation.so
LoadModule dir_module libexec/apache2/mod_dir.so
LoadModule alias_module libexec/apache2/mod_alias.so
LoadModule hfs_apple_module libexec/apache2/mod_hfs_apple.so
<IfModule unixd_module>
User _www
Group _www
</IfModule>
ServerAdmin you@example.com
ServerName localhost.somedomain.com
<Directory />
AllowOverride All
Require all granted
</Directory>
DocumentRoot "/apps/sstp/tomcat/webapps/ROOT"
<Directory "/apps/sstp/tomcat/webapps/ROOT">
Require all granted
Options Includes FollowSymLinks
AllowOverride All
Require all granted
</Directory>
<IfModule dir_module>
DirectoryIndex index.html
</IfModule>
<FilesMatch "^\.([Hh][Tt]|[Dd][Ss]_[Ss])">
Require all denied
</FilesMatch>
<Files "rsrc">
Require all denied
</Files>
<DirectoryMatch ".*\.\.namedfork">
Require all denied
</DirectoryMatch>
ErrorLog "/private/var/log/apache2/error_log"
LogLevel warn
<IfModule log_config_module>
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %b" common
<IfModule logio_module>
# You need to enable mod_logio.c to use %I and %O
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio
</IfModule>
CustomLog "/private/var/log/apache2/access_log" common
</IfModule>
<IfModule alias_module>
ScriptAliasMatch ^/cgi-bin/((?!(?i:webobjects)).*$) "/Library/WebServer/CGI-Executables/$1"
</IfModule>
<IfModule cgid_module>
</IfModule>
<Directory "/Library/WebServer/CGI-Executables">
AllowOverride None
Options None
Require all granted
</Directory>
<IfModule mime_module>
TypesConfig /private/etc/apache2/mime.types
AddType application/x-compress .Z
AddType application/x-gzip .gz .tgz
</IfModule>
TraceEnable off
Include /private/etc/apache2/extra/httpd-mpm.conf
Include /private/etc/apache2/extra/httpd-autoindex.conf
Include /private/etc/apache2/extra/httpd-vhosts.conf
<IfModule proxy_html_module>
Include /private/etc/apache2/extra/proxy-html.conf
</IfModule>
Include /private/etc/apache2/extra/httpd-ssl.conf
<IfModule ssl_module>
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
</IfModule>
Include /private/etc/apache2/other/*.conf
我的 httpd-vhosts.conf 如下
<VirtualHost *:443>
ServerAdmin a@b.com
DocumentRoot "/apps/sstp/tomcat/webapps/ROOT"
ServerName localhost.somedomain.com
SSLEngine on
SSLCertificateFile "/private/etc/apache2/server.crt"
SSLCertificateKeyFile "/private/etc/apache2/server.key"
</VirtualHost>
我的httpd-ssl.conf如下
Listen 443
SSLCipherSuite HIGH:MEDIUM:!MD5:!RC4
SSLProxyCipherSuite HIGH:MEDIUM:!MD5:!RC4
SSLHonorCipherOrder on
SSLProtocol all -SSLv3
SSLProxyProtocol all -SSLv3
SSLPassPhraseDialog builtin
SSLSessionCache "shmcb:/private/var/run/ssl_scache(512000)"
SSLSessionCacheTimeout 300
<VirtualHost *:443>
DocumentRoot "/apps/sstp/tomcat/webapps/ROOT"
ServerName localhost.somedomain.com
ErrorLog "/private/var/log/apache2/error_log"
TransferLog "/private/var/log/apache2/access_log"
SSLEngine on
SSLCertificateFile "/private/etc/apache2/server.crt"
SSLCertificateKeyFile "/private/etc/apache2/server.key"
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory "/Library/WebServer/CGI-Executables">
SSLOptions +StdEnvVars
</Directory>
BrowserMatch "MSIE [2-5]" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
CustomLog "/private/var/log/apache2/ssl_request_log" \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
</VirtualHost>
我的tomcat server.xml如下
<?xml version='1.0' encoding='utf-8'?>
<Server port="8005" shutdown="SHUTDOWN">
<Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on"/>
<Listener className="org.apache.catalina.core.JasperListener"/>
<Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener"/>
<Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener"/>
<Listener className="org.apache.catalina.core.ThreadLocalLeakPreventionListener" />
<GlobalNamingResources>
</GlobalNamingResources>
<Service name="Catalina">
<Connector port="8080" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="8443"
address="127.0.0.1"
maxThreads="1500"
acceptCount="100"
secure="@tomcat.session.secure@"/>
<Connector port="8009" protocol="AJP/1.3" redirectPort="8443"/>
<Engine name="Catalina" defaultHost="localhost">
<Host name="localhost" appBase="webapps"
unpackWARs="true" autoDeploy="true"
xmlValidation="false" xmlNamespaceAware="false">
<Context docBase="/apps/sstp/tomcat/html" path="/info"/>
</Host>
</Engine>
</Service>
</Server>
用非常简单的话来说,我想配置使我的应用程序以 http://localhost.somedomain.com
运行以通过 ssl 作为 https://localhost 运行所需的一切。 somedomain.com
最佳答案
这在 httpd-vhosts.conf 中缺失
ProxyPreserveHost On
ProxyPass / ajp://localhost:8009/
ProxyPassReverse / ajp://localhost:8009/
因此,请求不会从 apache 路由到 tomcat
关于apache - 如何在本地主机上正确启用 SSL,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/39078110/