Tomcat 7:自动将https请求重定向到端口8443 [英] tomcat 7: automatically redirect https requests to port 8443

问题描述

在tomcat7上，我们的Web应用程序正在通过端口8443上的https运行，并且工作正常，但无法将https默认端口(443)重定向到8443，因此':8443'具有当我们必须访问应用程序时，将其包含在URL中. 我包括了server.xml文件的某些部分.为了能够加载我们的页面而不必在URL中输入端口信息，应该怎么做?

On tomcat7, our web application is running through https over port 8443 and works fine except that we are unable to redirect https default port (443) to 8443 so as a consequence the ':8443' has to be included in the URL whenever we have to access the application. I include some parts of our server.xml file. What should be done in order to be able to load our pages without having to enter port information in the URL?

 <Connector port="8080" protocol="HTTP/1.1"
           connectionTimeout="20000"
           URIEncoding="UTF-8"
           enableLookups="false"
           redirectPort="8443" />

<Connector port="80" protocol="HTTP/1.1"
           connectionTimeout="20000"
           URIEncoding="UTF-8"
           enableLookups="false"
           redirectPort="8443" />

<Connector port="443" protocol="HTTP/1.1"
           connectionTimeout="20000"
           URIEncoding="UTF-8"
           enableLookups="false"
           redirectPort="8443" />
...

<Connector port="8443"
            maxHttpHeaderSize="65536"
            scheme="https"
            secure="true"
            SSLEnabled="true"
            clientAuth="false"
            enableLookups="true"
            acceptCount="100"
            disableUploadTimeout="true"
            maxThreads="200"
            sslProtocol="TLS"
            keystoreFile="/toto/has/a/certificate.jks"
            keystorePass="totohasapassword"
            protocol="org.apache.coyote.http11.Http11NioProtocol" />

推荐答案

我在使用iptables的coderanch上找到了一个简单的解决方案: http://coderanch.com/t/601907/Tomcat/SSL-work

I found a simple solution on coderanch using iptables: http://coderanch.com/t/601907/Tomcat/SSL-work

这是要输入的行:

iptables -t nat -A PREROUTING -p tcp --dport 443 -j REDIRECT --to-port 8443

新修改

这是我的完整答案.上一个答案有一个问题，因为当我们从http调用url时，重定向是可以的，但是总是在末尾添加:8443"，这不是很好.

New edit

Here is my complete answer now. We had a problem with the previous answer as when we were calling the url from http, the redirection was ok but was always adding ':8443' at the end which was not very nice.

因此，就iptable而言，这是我们写的:

So in terms of iptable, here is what we wrote:

sudo iptables -t nat -I PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-ports 8080
sudo iptables -t nat -A OUTPUT -p tcp -d <your_ip_address>,<your_ip_address>  --dport 80 -j  REDIRECT --to-port 8080
sudo iptables -t nat -I PREROUTING -p tcp --destination-port 443 -j REDIRECT --to-ports 8443

现在同样重要的是在tomcat conf文件 server.xml 中添加重定向:

Now also important is to add redirections in tomcat conf file server.xml:

<Connector port="8080"
           enableLookups="false"
           redirectPort="443" />

<Connector port="443" protocol="HTTP/1.1"
           enableLookups="false"
           redirectPort="8443" />

就是这样，重新启动tomcat，一切都应该正常工作.我不是iptable配置专家，因此在修改生产环境中的任何现有配置之前，请先与sysadmins进行验证.

That's it, restart tomcat and all should be working. I'm not an expert in iptable configurations so please validate with sysadmins before modifying any existing config in production.

这篇关于Tomcat 7:自动将https请求重定向到端口8443的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！