如何在localhost上正确启用SSL

时间:2016-08-22 11:14:44

标签: apache tomcat ssl

我在tomcat 7上运行了一个Web应用程序(java,jsp)。当我http://localhost.somedomain.com/

时,它运行得非常好

我想启用SSL,以便我可以访问我的网站https://localhost.somedomain.com/

我已经安装了自签名证书并配置了httpd.conf(在apache上) 按照

中说明的步骤操作
https://getgrav.org/blog/mac-os-x-apache-setup-ssl

当我访问https://localhost.somedomain.com/时,它似乎在寻找index.html来提供服务。我在我的Web应用程序的根目录中添加了一个虚拟index.html,它就会被提供。它似乎充当静态文件而不是将其呈现为Web应用程序(由http版本执行控制器)。当我访问https://localhost.somedomain.com/url/时,它会报告404 / url / not found

我的第一个问题是,

  1. 除了httpd.conf(apache)中的更改之外,我还需要对tomcat(server.xml)进行任何配置吗
  2. 我的第二个问题是,

    1. 在httpd.conf中我已经将文档root作为部署webapplication的文件夹(/ apps / sstp / tomcat / webapps / ROOT),这是正确的吗?我的httpd.conf条目如下
    2. 我的httpd.conf文件如下

      ServerRoot "/usr"
      Listen 80
      Listen 443
      
          LoadModule authn_file_module libexec/apache2/mod_authn_file.so
          LoadModule authn_core_module libexec/apache2/mod_authn_core.so
          LoadModule authz_host_module libexec/apache2/mod_authz_host.so
          LoadModule authz_groupfile_module libexec/apache2/mod_authz_groupfile.so
          LoadModule authz_user_module libexec/apache2/mod_authz_user.so
          LoadModule authz_core_module libexec/apache2/mod_authz_core.so
          LoadModule access_compat_module libexec/apache2/mod_access_compat.so
          LoadModule auth_basic_module libexec/apache2/mod_auth_basic.so
          LoadModule socache_shmcb_module libexec/apache2/mod_socache_shmcb.so
          LoadModule reqtimeout_module libexec/apache2/mod_reqtimeout.so
          LoadModule filter_module libexec/apache2/mod_filter.so
          LoadModule mime_module libexec/apache2/mod_mime.so
          LoadModule log_config_module libexec/apache2/mod_log_config.so
          LoadModule env_module libexec/apache2/mod_env.so
          LoadModule headers_module libexec/apache2/mod_headers.so
          LoadModule setenvif_module libexec/apache2/mod_setenvif.so
          LoadModule version_module libexec/apache2/mod_version.so
          LoadModule proxy_module libexec/apache2/mod_proxy.so
          LoadModule proxy_connect_module libexec/apache2/mod_proxy_connect.so
          LoadModule proxy_ftp_module libexec/apache2/mod_proxy_ftp.so
          LoadModule proxy_http_module libexec/apache2/mod_proxy_http.so
          LoadModule proxy_fcgi_module libexec/apache2/mod_proxy_fcgi.so
          LoadModule proxy_scgi_module libexec/apache2/mod_proxy_scgi.so
          LoadModule proxy_wstunnel_module libexec/apache2/mod_proxy_wstunnel.so
          LoadModule proxy_ajp_module libexec/apache2/mod_proxy_ajp.so
          LoadModule proxy_balancer_module libexec/apache2/mod_proxy_balancer.so
          LoadModule proxy_express_module libexec/apache2/mod_proxy_express.so
          LoadModule slotmem_shm_module libexec/apache2/mod_slotmem_shm.so
          LoadModule ssl_module libexec/apache2/mod_ssl.so
          LoadModule lbmethod_byrequests_module libexec/apache2/mod_lbmethod_byrequests.so
          LoadModule lbmethod_bytraffic_module libexec/apache2/mod_lbmethod_bytraffic.so
          LoadModule lbmethod_bybusyness_module libexec/apache2/mod_lbmethod_bybusyness.so
          LoadModule unixd_module libexec/apache2/mod_unixd.so
          LoadModule status_module libexec/apache2/mod_status.so
          LoadModule autoindex_module libexec/apache2/mod_autoindex.so
          LoadModule negotiation_module libexec/apache2/mod_negotiation.so
          LoadModule dir_module libexec/apache2/mod_dir.so
          LoadModule alias_module libexec/apache2/mod_alias.so
          LoadModule hfs_apple_module libexec/apache2/mod_hfs_apple.so
      
          <IfModule unixd_module>
              User _www
              Group _www
      
          </IfModule>
      
                      ServerAdmin you@example.com
      
                      ServerName localhost.somedomain.com
      
      
                          <Directory />
                          AllowOverride All
                          Require all granted
                      </Directory>
      
                      DocumentRoot "/apps/sstp/tomcat/webapps/ROOT"
                      <Directory "/apps/sstp/tomcat/webapps/ROOT">
                      Require all granted
                      Options Includes FollowSymLinks
                      AllowOverride All
                      Require all granted
                  </Directory>
      
                  <IfModule dir_module>
                      DirectoryIndex index.html
                  </IfModule>
      
                  <FilesMatch "^\.([Hh][Tt]|[Dd][Ss]_[Ss])">
                  Require all denied
              </FilesMatch>
      
              <Files "rsrc">
              Require all denied
          </Files>
          <DirectoryMatch ".*\.\.namedfork">
          Require all denied
          </DirectoryMatch>
      
              ErrorLog "/private/var/log/apache2/error_log"
      
              LogLevel warn
      
              <IfModule log_config_module>
                  LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
                  LogFormat "%h %l %u %t \"%r\" %>s %b" common
      
                  <IfModule logio_module>
                      # You need to enable mod_logio.c to use %I and %O
                      LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio
                  </IfModule>
      
                  CustomLog "/private/var/log/apache2/access_log" common
      
              </IfModule>
      
              <IfModule alias_module>
      
                  ScriptAliasMatch ^/cgi-bin/((?!(?i:webobjects)).*$) "/Library/WebServer/CGI-Executables/$1"
      
              </IfModule>
      
              <IfModule cgid_module>
              </IfModule>
      
              <Directory "/Library/WebServer/CGI-Executables">
              AllowOverride None
              Options None
              Require all granted
          </Directory>
      
          <IfModule mime_module>
              TypesConfig /private/etc/apache2/mime.types
              AddType application/x-compress .Z
              AddType application/x-gzip .gz .tgz
          </IfModule>
      
          TraceEnable off
          Include /private/etc/apache2/extra/httpd-mpm.conf
          Include /private/etc/apache2/extra/httpd-autoindex.conf
          Include /private/etc/apache2/extra/httpd-vhosts.conf
          <IfModule proxy_html_module>
              Include /private/etc/apache2/extra/proxy-html.conf
          </IfModule>
      
          Include /private/etc/apache2/extra/httpd-ssl.conf
          <IfModule ssl_module>
              SSLRandomSeed startup builtin
              SSLRandomSeed connect builtin
          </IfModule>
          Include /private/etc/apache2/other/*.conf
      

      我的httpd-vhosts.conf如下

      <VirtualHost *:443>
                  ServerAdmin a@b.com
                  DocumentRoot "/apps/sstp/tomcat/webapps/ROOT"
                  ServerName localhost.somedomain.com
                  SSLEngine on
                  SSLCertificateFile "/private/etc/apache2/server.crt"
                  SSLCertificateKeyFile "/private/etc/apache2/server.key"
           </VirtualHost>
      

      我的httpd-ssl.conf如下所示

              Listen 443
          SSLCipherSuite HIGH:MEDIUM:!MD5:!RC4
          SSLProxyCipherSuite HIGH:MEDIUM:!MD5:!RC4
          SSLHonorCipherOrder on
          SSLProtocol all -SSLv3
          SSLProxyProtocol all -SSLv3
          SSLPassPhraseDialog  builtin
          SSLSessionCache        "shmcb:/private/var/run/ssl_scache(512000)"
          SSLSessionCacheTimeout  300
      <VirtualHost *:443>
          DocumentRoot "/apps/sstp/tomcat/webapps/ROOT"
          ServerName localhost.somedomain.com
          ErrorLog "/private/var/log/apache2/error_log"
          TransferLog "/private/var/log/apache2/access_log"
          SSLEngine on
          SSLCertificateFile "/private/etc/apache2/server.crt"
          SSLCertificateKeyFile "/private/etc/apache2/server.key"
      <FilesMatch "\.(cgi|shtml|phtml|php)$">
              SSLOptions +StdEnvVars
          </FilesMatch>
      <Directory "/Library/WebServer/CGI-Executables">
          SSLOptions +StdEnvVars
          </Directory>
          BrowserMatch "MSIE [2-5]" \
          nokeepalive ssl-unclean-shutdown \
          downgrade-1.0 force-response-1.0
          CustomLog "/private/var/log/apache2/ssl_request_log" \
          "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
      </VirtualHost>
      

      我的tomcat server.xml如下所示

      <?xml version='1.0' encoding='utf-8'?> 
      <Server port="8005" shutdown="SHUTDOWN">
          <Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on"/>
          <Listener className="org.apache.catalina.core.JasperListener"/>
          <Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener"/>
          <Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener"/>
          <Listener className="org.apache.catalina.core.ThreadLocalLeakPreventionListener" />
      
          <GlobalNamingResources>
          </GlobalNamingResources>
      
          <Service name="Catalina">
              <Connector port="8080" protocol="HTTP/1.1"
                         connectionTimeout="20000"
                         redirectPort="8443"
                          address="127.0.0.1"
                          maxThreads="1500"
                          acceptCount="100"
                          secure="@tomcat.session.secure@"/>
              <Connector port="8009" protocol="AJP/1.3" redirectPort="8443"/>
              <Engine name="Catalina" defaultHost="localhost">
      
                  <Host name="localhost" appBase="webapps"
                        unpackWARs="true" autoDeploy="true"
                        xmlValidation="false" xmlNamespaceAware="false">
                      <Context docBase="/apps/sstp/tomcat/html" path="/info"/>
      
                  </Host>
              </Engine>
          </Service>
      </Server>
      

      简单来说,我想配置使我的应用程序作为http://localhost.somedomain.com运行所需的任何内容,以便在https://localhost.somedomain.com

      上运行ssl

2 个答案:

答案 0 :(得分:1)

httpd-vhosts.conf

中缺少这个
ProxyPreserveHost On
ProxyPass / ajp://localhost:8009/
ProxyPassReverse / ajp://localhost:8009/

因此,请求不会从apache路由到tomcat

答案 1 :(得分:0)

根据你问题中的描述,我读到你在apache上设置了SSL,并希望使用AJP协议将请求传递给tomcat。在这种情况下,您不应将DocumentRoot的{​​{1}}指定为某个tomcat目录,而应指定正确的VirtualHost(如果您使用的是mod_jk)或{{1} (如果您使用的是mod_proxy_ajp)指令。看一下端口80上虚拟主机的配置,它应该包含正确的语句,你可以将它们复制到你的SSL-virtualHost。