使用Let’s Encrypt的免费证书在Centos7搭建SSL服务 二 (Tomcat开启SSL)
安装准备
1.tomcat 8.5以上,本文用的tomcat 9
2.Centos7 系统
3.tomcat配置pem证书,需要arp支持,所有在centos 7中先安装
4.openssl 可以到 https://www.openssl.org/source 下载最新版本
5.apr,apr-util 可以到国内镜像下载最新版本:http://mirror.bit.edu.cn/apache/apr
6.tomcat-native 到 http://mirrors.tuna.tsinghua.edu.cn/apache/tomcat/tomcat-connectors/native/ 下载最新版本或者使用tomcat bin下面的压缩包
安装依赖
1 2 3 4 5 6 7 8 9 10 |
//配置gcc依赖 yum install gcc cd /home/soft //安装openssl wget https://www.openssl.org/source/openssl-1.1.1-pre8.tar.gz tar -zxvf openssl-1.1.1-pre8.tar.gz cd openssl-1.1.1-pre8 ./config --prefix=/usr/local/openssl make && make install |
1 2 3 4 5 6 7 |
//安装apr cd ../ wget http://mirror.bit.edu.cn/apache/apr/apr-1.6.3.tar.gz tar -zxvf apr-1.6.3.tar.gz cd apr-1.6.3 ./configure --prefix=/usr/local/apr make && make install |
1 2 3 4 5 6 7 |
//安装apr-util cd ../ wget http://mirror.bit.edu.cn/apache/apr/apr-util-1.6.1.tar.gz tar -zxvf apr-util-1.6.1.tar.gz cd apr-util-1.6.1 ./configure --prefix=/usr/local/apr-util --with-apr=/usr/local/apr make && make install |
安装apr-util可能会报一个异常:
1 |
xml/apr_xml.c:35:19: error: expat.h: No such file or directory |
安装expat库试试。
1 |
yum install expat-devel |
1 2 3 4 5 6 7 |
//安装tomcat-native cd ../ wget https://mirrors.tuna.tsinghua.edu.cn/apache/tomcat/tomcat-connectors/native/1.2.17/source/tomcat-native-1.2.17-src.tar.gz tar -zxvf tomcat-native-1.2.17-src.tar.gz cd tomcat-native-1.2.17-src/native ./configure --with-apr=/usr/local/apr --with-ssl=/usr/local/openssl make && make install |
如果没配置JDK环境变量还要加上JDK环境变量配置
1 2 3 4 5 6 7 8 9 |
//配置环境变量 vi /etc/profile //在末尾添加 export JAVA_HOME=/usr/java/jdk1.8.0_121 export JRE_HOME=${JAVA_HOME}/jre export CLASSPATH=.:${JAVA_HOME}/lib:${JRE_HOME}/lib export PATH=${JAVA_HOME}/bin:$PATH //然后执行 source /etc/profile |
然后配置tomcat 配置文件 conf/server.xml
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 |
<Connector port="80" protocol="HTTP/1.1" connectionTimeout="20000" redirectPort="443" /> <Connector port="443" protocol="org.apache.coyote.http11.Http11AprProtocol" maxThreads="150" SSLEnabled="true" > <UpgradeProtocol className="org.apache.coyote.http2.Http2Protocol" /> <SSLHostConfig> <Certificate certificateKeyFile="/etc/letsencrypt/live/code2048.net/privkey.pem" certificateFile="/etc/letsencrypt/live/code2048.net/cert.pem" certificateChainFile="/etc/letsencrypt/live/code2048.net/chain.pem" type="RSA" /> </SSLHostConfig> </Connector> <Connector port="8009" protocol="AJP/1.3" redirectPort="443" /> |
默认8443端口,使用443 端口在浏览器不用输端口号就和80端口一样
同时防火墙要把443端口开放
配置完启动Tomcat
参考资料:
http://913.iteye.com/blog/2390643
本文链接:使用Let’s Encrypt的免费证书在Centos7搭建SSL服务 二 (Tomcat开启SSL)
转载声明:本站文章若无特别说明,皆为原创,转载请注明来源:破晓(http://www.code2048.net),谢谢!^^