将HTTP重定向到HTTPS:Tomcat中的PORT
我有一个正在运行的tomcat应用程序,它已经具有从HTTP到HTTP的以下重定向规则:
I have a running tomcat application that already have the following redirection rule from HTTP to HTTPs:
<Connector executor="tomcatThreadPool"
port="80" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="443" />
是否可以添加例外HTTP规则的异常/规则( http://www.example.com ),将被重定向到另一个指定端口的特定地址(例如 https://www.example.com:8443/test ),无需更改/删除上述连接器?
Is it possible to add an exception/rule, that a specific HTTPrequest (http://www.example.com), will be redirected to another specific address , with a port specified (say https://www.example.com:8443/test), without changing/removing the above Connector ?
您显示的连接器配置不会以您想象的方式重定向特定URL。
The connector configuration you shown does not redirect a specific URL in the way you suppose.
如果您为该servlet容器内的Web应用程序配置了 CONFIDENTIAL 传输保证,则该配置会起作用。
That configuration acts if you have configured a CONFIDENTIAL transport guarantee for a web application inside that servlet container.
我的意思是,如果你在该连接器上部署了任何应用程序,那么其 web.xml 描述符的 security-constraint 如下:
I mean, if you have deployed any application on that connector, where its web.xml descriptor has a security-constraint as follows:
<security-constraint>
<web-resource-collection>
<web-resource-name>Secured</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
...
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
然后,Tomcat将重定向任何匹配的 url-pattern 到配置的端口,以便使用HTTPS作为传输机密性的保证。
Then, Tomcat will redirect any matching url-pattern to the configured port in order to use HTTPS as guarantor of confidentiality in transport.
因此,如果要重定向特定的URL,则必须补充连接器的配置具体的应用程序配置。
So, if you want to redirect a specific URL, you have to complement connector's configuration with specific application configuration.
正如您在评论中所建议的那样,这可能是另一个步骤这个配置工作。如图所示配置http连接器,然后按照我的说明配置应用程序,您只需要确保您的Tomcat服务器配置了HTTPS连接器,其他方式重定向将无效。
As you suggest in your comment, it could be another step to get this configuration working. Once you have configured http connector as shown, and then configured app as I told you, you only to ensure that your Tomcat server has an HTTPS connector configured, other way redirection won't work.
要配置此HTTPS连接器,您可以使用如下配置:
To configure this HTTPS connector, you can use a configuration as following:
<Connector connectionTimeout="20000"
acceptCount="100" scheme="https" secure="true"
port="443" clientAuth="false" sslProtocol="TLS"
keystoreFile="PATH_TO_KEY_STORE"
keystorePass="KEY_STORE_PASS"
keyAlias="KEY_STORE_ALIAS"/>
这是一个示例配置,我没有把一些对你来说很重要的属性作为线程attrs,executors等。
This is a sample configuration where I didn't put some attributes that can be important for you as threads attrs, executors, and so on.
最重要的是提供HTTPS连接所需的KeyStore配置。 这里您有准备java KeyStore的官方文档为Tomcat提供HTTPS服务。
The most important thing is the KeyStore configuration that you need to serve HTTPS connections. Here you have the official documentation to prepare a java KeyStore for Tomcat to serve HTTPS.