單個Tomcat配置多個域並配置多個證書
阿新 • • 發佈:2019-02-14
近日,幫一個朋友配置一臺伺服器,在該伺服器上啟動一個Tomcat執行兩個應用,分別對應兩個域名:www.domain1.com 和www.domain2.cn,對於http協議(80埠),只要配置Tomcat的虛擬主機就可以了。
但朋友為了資料的安全性,分別為每個域名購買了一個CA證書。這就要求在一個Tomcat上配置兩個證書。在網上搜了好久,沒見有相同的案例。只查到有人說了兩種辦法:
一、兩個域名使用不同的HTTPS埠,比如:www.domain1.com使用443埠,www.domain2.cn使用8443埠,這種方式對於測試可以,但用於生產環境,要求普通使用者在輸入地址時還要輸入埠8443,不方便不說,有些使用者還不懂。所以這種方案只能暫時放棄。
二、使用兩個公網IP,每個域名對應一個IP,這樣就可以使每個域名都使用443作為HTTPS的埠,方便使用者使用。但沒有查到實際的配置案例。
既然沒有案例,那就自己動手,開始嘗試。經過N次嘗試之後,終於配置成功。為了防止忘記,也為了方便別人,把配置檔案貼出來。為了減少篇幅,把大部分註釋刪除了。
Xml程式碼- <?xmlversion="1.0"encoding="UTF-8"?>
- <Serverport="8005"shutdown="SHUTDOWN">
-
<!-- Comment these entries out to disable JMX MBeans support used for the administration web application -->
- <ListenerclassName="org.apache.catalina.core.AprLifecycleListener"/>
- <ListenerclassName="org.apache.catalina.mbeans.ServerLifecycleListener"/>
- <ListenerclassName="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener"/>
-
<ListenerclassName="org.apache.catalina.storeconfig.StoreConfigLifecycleListener"
- <!-- Global JNDI resources -->
- <GlobalNamingResources>
- <!-- Test entry for demonstration purposes -->
- <Environmentname="simpleValue"type="java.lang.Integer"value="30"/>
- <!-- Editable user database that can also be used by
- UserDatabaseRealm to authenticate users -->
- <Resourcename="UserDatabase"auth="Container"
- type="org.apache.catalina.UserDatabase"
- description="User database that can be updated and saved"
- factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
- pathname="conf/tomcat-users.xml"/>
- </GlobalNamingResources>
- <!-- Define the Tomcat Stand-Alone Service -->
- <Servicename="Catalina">
- <!-- Define a non-SSL HTTP/1.1 Connector on port 80 -->
- <Connectorport="80"maxHttpHeaderSize="8192"
- maxThreads="150"minSpareThreads="25"maxSpareThreads="75"
- enableLookups="false"redirectPort="8443"acceptCount="100"
- connectionTimeout="20000"disableUploadTimeout="true"/>
- <!-- Define a SSL HTTP/1.1 Connector on port 443 -->
- <Connectorport="443"maxHttpHeaderSize="8192"
- maxThreads="150"minSpareThreads="25"maxSpareThreads="75"
- enableLookups="false"disableUploadTimeout="true"
- acceptCount="100"scheme="https"secure="true"
- clientAuth="false"sslProtocol="TLS"
- keystoreFile ="D:/certs/mydomain1.com_keystore.jks"keystorePass="www.mydomain1.com"keystoreType="JKS"
- truststoreFile="D:/certs/mydomain1.com_keystore.jks"truststorePass="www.mydomain1.com"truststoreType="JKS"
- address="xxx.xxx.2.83"
- />
- <Connectorport="443"maxHttpHeaderSize="8192"
- maxThreads="150"minSpareThreads="25"maxSpareThreads="75"
- enableLookups="false"disableUploadTimeout="true"
- acceptCount="100"scheme="https"secure="true"
- clientAuth="false"sslProtocol="TLS"
- keystoreFile ="D:/certs/mydomain2.cn_keystore.jks"keystorePass="www.mydomain2.cn"keystoreType="JKS"
- truststoreFile="D:/certs/mydomain2.cn_keystore.jks"truststorePass="www.mydomain2.cn"truststoreType="JKS"
- address="xxx.xxx.2.81"
- />
- <!-- Define an AJP 1.3 Connector on port 8009 -->
- <Connectorport="8009"enableLookups="false"redirectPort="8443"protocol="AJP/1.3"/>
- <!-- Define the top level container in our container hierarchy -->
- <Enginename="Catalina"defaultHost="localhost">
- <!-- This Realm uses the UserDatabase configured in the global JNDI
- resources under the key "UserDatabase". Any edits
- that are performed against this UserDatabase are immediately
- available for use by the Realm. -->
- <RealmclassName="org.apache.catalina.realm.UserDatabaseRealm"resourceName="UserDatabase"/>
- <!-- Define the default virtual host
- Note: XML Schema validation will not work with Xerces 2.2.
- -->
- <Hostname="localhost"appBase="webapps"unpackWARs="true"autoDeploy="true"xmlValidation="false"xmlNamespaceAware="false">
- </Host>
- <Hostname="xxx.xxx.2.81"appBase="D:/mydomain2/webapp"unpackWARs="true"autoDeploy="true"xmlValidation="false"xmlNamespaceAware="false">
- <Alias>mydomain2.cn</Alias>
- <Alias>www.mydomain2.cn</Alias>
- </Host>
- <Hostname="xxx.xxx.2.83"appBase="D:/mydomain1/webapp"unpackWARs="true"autoDeploy="true"xmlValidation="false"xmlNamespaceAware="false">
- <Alias>mydomain1.com</Alias>
- <Alias>tax.mydomain1.com</Alias>
- <Alias>www.mydomain1.com</Alias>
- <Alias>www.mydomain1.cn</Alias>
- <Alias>mydomain1.cn</Alias>
- </Host>
- </Engine>
- </Service>
- </Server>
注意兩個Port="443"的Connector配置,最後面的address引數是關鍵,如果不加address,那麼Tomcat將會報錯,說443埠已被使用。其他的配置資訊,網路上都能找到例子或說明,就不多做說明了。