HTTP access protocol converted to HTTPS

Keywords: Android Tomcat SSL xml Apache

Preface

Recently, I plan to write an applet, and then go to the applet development platform to fill in the request legal domain name. I found that only https protocol is supported.

So I try to convert HTTP to HTTPS. First, I want to talk about my configuration:

  • Alicloud server
  • Operating system: CentOS 7.4 64 bit
  • Web server: Tomcat 9.+

Detailed explanation

It is mainly divided into three steps:

  • Server configuration domain name and filing
  • Purchase SSL certificate, Download certificate
  • Upload and configure to server
1. Configure the domain name of the server and put it on record

The app doesn't support adding IP address. It must be a legal domain name, so we need to buy the domain name and put it on record. I'll tell you the specific method. There are many on-line.

2. Purchase SSL certificate and download

Tencent cloud, Alibaba cloud and other platforms have free certificates. You can directly apply for them.
Alibaba cloud address: https://www.aliyun.com/produc...

Choose a free SSL certificate and bind your domain name address to wait for approval. The approval time will be very fast. After success, you will be prompted that the certificate has been issued.
Then we click download:

Select the corresponding server to download:

I downloaded the Tomcat server certificate and unzipped it.

It contains the PFX format certificate file and the TXT format password file. It should be noted that each download will have a new PFX password, which is one-to-one correspondence.

3. Upload and configure to the server

Create a new cert folder in the tomcat server and upload the certificate you just downloaded

Open Tomcat/conf/server.xml, find and modify the following parameters in the server.xml file
(1).

 <Connector port="80" protocol="HTTP/1.1"    #Port changeable
               connectionTimeout="20000"
               maxHttpHeaderSize="8192"
               redirectPort="443" /> #Modify the redirectPort to the SSL default port 443 to forward HTTPS requests to port 443.

(2).
Find the following parameters:

    <Connector port="8443"
          protocol="org.apache.coyote.http11.Http11NioProtocol"
          maxThreads="150"
          SSLEnabled="true">
        <SSLHostConfig>
            <Certificate       certificateKeystoreFile="cert/keystore.pfx"
             certificateKeystorePassword="XXXXXXX"
                         certificateKeystoreType="PKCS12" />

Change the above configuration to:

    <Connector port="443" protocol="org.apache.coyote.http11.Http11NioProtocol"
               maxHttpHeaderSize="8192"
               URIEncoding="UTF-8"
         
               maxThreads="150" SSLEnabled="true">
        <SSLHostConfig>
            <Certificate 
            certificateKeystoreFile="/usr/local/apache-tomcat-9.0.22/cert/yourname.pfx"   #Your certificate path
           certificateKeystorePassword="Certificate password"   #Your certificate password 
           certificateKeystoreType="PKCS12" 
                          />
        </SSLHostConfig>
    </Connector>

Mainly add your certificate path and certificate password

(3).

<Connector port="8009" protocol="AJP/1.3" redirectPort="8443" />
#Find the above parameters, remove the comments of <! -- and -- > and change them to the following parameters:
<Connector port="8009" protocol="AJP/1.3" redirectPort="443" />  #Modify the redirectPort to 443 to forward HTTPS requests to port 443.

(4) add the following content at the bottom of the server.xml file to realize HTTP auto jump to HTTPS

<security-constraint> 
         <web-resource-collection > 
              <web-resource-name >SSL</web-resource-name>  
              <url-pattern>/*</url-pattern> 
       </web-resource-collection> 
       <user-data-constraint> 
                    <transport-guarantee>CONFIDENTIAL</transport-guarantee> 
       </user-data-constraint> 
    </security-constraint>

Finally, save the file modification and restart tomcat.

Hope to help you!

You can pay attention to my wechat public account: "Qin zishuai", a public account with quality and attitude!

This article is based on the platform of blog one article multiple sending OpenWrite Release!

Posted by mjedman1 on Thu, 17 Oct 2019 00:12:30 -0700