一、实验环境

操作系统： CentOS7.5 Minimal

IP： 192.18.1.105

tomcat版本：apache-tomcat-8.5.24.tar.gz

jdk版本： jdk-8u144-linux-x64.tar.gz

注：纯粹的服务运行，jre就够了，不用jdk。

二、下载jdk和tomcat 

 jdk-8u144-linux-x64.tar.gz

https://download.oracle.com/otn/java/jdk/8u144-b01/090f390dda5b47b9b721c7dfaa008135/jre-8u144-linux-x64.tar.gz

apache-tomcat-8.5.24.tar.gz

https://archive.apache.org/dist/tomcat/tomcat-8/v8.5.24/bin/apache-tomcat-8.5.24.tar.gz

三、安装jdk

#  tar -zxf jdk-8u144-linux-x64.tar.gz -C /usr/local/

# echo "export JAVA_HOME=/usr/local/jdk1.8.0_144"  > /etc/profile.d/jdk.sh

# source   /etc/profile.d/jdk.sh

# echo "export PATH=$JAVA_HOME/bin:$PATH"          >>  /etc/profile.d/jdk.sh

# source   /etc/profile.d/jdk.sh

# java -version 

四、安装tomcat

关闭防火墙

# systemctl stop firewalld

# systemctl disable firewalld

创建tomcat服务运行用户

# groupadd -g 2019 tomcat

# useradd -g 2019 tomcat

#  id tomcat 

解压tomcat二进制软件包

# tar -zxf apache-tomcat-8.5.24.tar.gz -C /usr/local/

#  mv  /usr/local/apache-tomcat-8.5.24/  /usr/local/tomcat

# chown -R tomcat:tomcat   /usr/local/tomcat

# ll  /usr/local/tomcat

创建tomcat的service文件

# vim /etc/systemd/system/tomcat.service

##################################################

[Unit]

Description=Apache Tomcat Web Application Container

After=syslog.target network.target

[Service]

Type=forking

Environment=JAVA_HOME=/usr/local/jdk1.8.0_144

Environment=CATALINA_PID=/usr/local/tomcat/temp/tomcat.pid

Environment=CATALINA_HOME=/usr/local/tomcat

Environment=CATALINA_BASE=/usr/local/tomcat

Environment='CATALINA_OPTS=-Xms512M -Xmx1024M -server -XX:+UseParallelGC'

Environment='JAVA_OPTS=-Djava.awt.headless=true -Djava.security.egd=file:/dev/./urandom'

ExecStart=/usr/local/tomcat/bin/startup.sh

ExecStop=/bin/kill -15 $MAINPID

User=tomcat

Group=tomcat

UMask=0007

RestartSec=10

Restart=always

[Install]

WantedBy=multi-user.target

##################################################

#  systemctl daemon-reload

# systemctl start tomcat

# systemctl enable tomcat

# systemctl status tomcat

# ps aux | grep tomca

# ss  -tan  | grep 8080

浏览器访问 http://192.168.1.104:8080

五、更改tomcat的默认监听IP和端口

默认监听IP为0.0.0.0，http监听端口为8080

# ss  -tan  | grep 8080

tomcat相关配置文件路径：

#  vim /usr/local/tomcat/conf/server.xml  

# systemctl restart tomcat 

#  ss  -tan  | grep  8080

六、在 tomcat 中配置 SSL/TLS 以支持 HTTPS

生成自签名证书

# keytool \

  -genkeypair \

  -keystore keystore.jks \

  -storetype PKCS12 \

  -alias tomcat \

  -keypass 123456 \

  -storepass 123456 \

  -keyalg RSA \

  -keysize 2048 \

  -validity 3650 \

  -dname "CN=localhost,OU=Test,O=Test,L=ShenZhen,ST=GuangDong,C=CN"

# keytool -list -v -keystore keystore.jks -storepass "123456"

# cp keystore.jks  /usr/local/tomcat/conf/

# chown tomcat:tomcat /usr/local/tomcat/conf/keystore.jks

# chmod 400 /usr/local/tomcat/conf/keystore.jks

浏览器访问 https://192.168.1.105:8443

浏览器访问 http://192.168.1.105:8080

tomcat HTTP的端口号和redirectPort（重定向）端口号

 # vim /usr/local/tomcat/conf/server.xml

将8080重定向到8443

###########################################################

<Connector port="8080" protocol="HTTP/1.1"

              connectionTimeout="20000"

              redirectPort="8443" />

#############################################################

配置HTTPs访问

##############################################################

<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"

              address="192.168.1.105"

              maxThreads="150" SSLEnabled="true">

        <SSLHostConfig>

            <Certificate certificateKeystoreFile="conf/keystore.jks"

                        certificateKeystorePassword="123456"

                        type="RSA" />

        </SSLHostConfig>

    </Connector>

################################################################

设置Http自动跳转Https

# vim /usr/local/tomcat/conf/web.xml

配置具体的web应用的web.xml中的</welcome-file-list>后面添加配置段

####################################################

<login-config>

        <!-- Authorization setting for SSL -->

        <auth-method>CLIENT-CERT</auth-method>

        <realm-name>Client Cert Users-only Area</realm-name>

    </login-config>

    <security-constraint>

        <!-- Authorization setting for SSL -->

        <web-resource-collection >

            <web-resource-name >SSL</web-resource-name>

            <url-pattern>/*</url-pattern>

        </web-resource-collection>

        <user-data-constraint>

            <transport-guarantee>CONFIDENTIAL</transport-guarantee>

        </user-data-constraint>

    </security-constraint>

####################################################

#  systemctl restart tomcat

# systemctl status tomcat

# ss -tan

浏览器访问 https://192.168.1.105:8443

浏览器访问 http://192.168.1.105:8080

七、参考

Apache Tomcat 8

https://tomcat.apache.org/tomcat-8.5-doc/windows-service-howto.html

How To Install Apache Tomcat 8 on CentOS 7

https://www.digitalocean.com/community/tutorials/how-to-install-apache-tomcat-8-on-centos-7

Tomcat下部署HTTPs并且配置HTTP重定向到HTTPs

https://blog.csdn.net/kmyhy/article/details/6431609

Tomcat下部署HTTPs并且配置HTTP重定向到HTTPs

https://www.hifreud.com/2018/08/04/tomcat-https

Keytool或Keystore使用及证书转换

https://blog.csdn.net/meng564764406/article/details/79427687

JAVA中常见证书类型和密钥库类型

https://blog.csdn.net/liaomin416100569/article/details/76020675