我可以在端口 443 上安全地运行 Tomcat 而在 8080 上不安全地运行 Tomcat

发布于 2024-09-15 16:48:07 字数 813 浏览 7 评论 0原文

让我解释一下我的情况。

目前,我有很多应用程序在 Tomcat 6 上运行,默认端口为 8080。

我刚刚创建了一些需要登录的应用程序。我将购买一个 SSL 证书来安装在此服务器上。

我不喜欢使用端口 8443,因为它使 URL 更加复杂。 如果我在端口 80 上运行 Tomcat,则必须更改数十个链接,并且必须以 root 身份运行 Tomcat(而不是 tomcat )。

在端口 8080 上运行不安全应用程序但在端口 443 上运行安全应用程序是否存在问题?

我想象我的设置将具有如下所示的 URL:

http://mydomain.com:8080/report/controller?id=weather< /a>

https://mydomain.com/secure/controller?id=profile< /p>

这可能吗?

Let me explain my situation.

Currently, I have a lot of applications running on Tomcat 6, on the default port 8080.

I just created some applications that will need a log in. I'm going to buy an SSL certificate to install on this server.

I don't like the idea of using port 8443 because it makes the URL more complicated.
If I run Tomcat on port 80, I'd have to change dozens of links and I'd have to run Tomcat as root ( rather than tomcat ).

Is there any problem running the insecure applications on port 8080 but having the secure run on port 443?

I'm imagining my setup will have URLs that look like this:

http://mydomain.com:8080/report/controller?id=weather

https://mydomain.com/secure/controller?id=profile

Is this possible?

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(2

痴意少年 2024-09-22 16:48:07

在 8080 上设置 HTTP 连接器,在 8443 上设置 HTTPS 连接器。在 声明中添加 proxyPort 属性并将其设置为默认 HTTP 和 HTTPS 端口(分别为 80 和 443) 。设置防火墙重定向规则从 80 到 8080 以及从 443 到 8443。然后服务器将接受常规的 http 和 https URL,而无需指定端口号。

以下是这些连接器的声明示例。

<Connector
  maxSpareThreads='75'
  port='8080'
  proxyPort='80'
  enableLookups='false'
  maxThreads='150'
  connectionTimeout='20000'
  disableUploadTimeout='true'
  minSpareThreads='5'
  maxHttpHeaderSize='8192'
  redirectPort='443'
  acceptCount='200'
/>

<Connector
  SSLEnabled='true'
  keystoreFile='/path/to/keystore.jks'
  maxSpareThreads='75'
  port='8443'
  proxyPort='443'
  algorithm='SunX509'
  enableLookups='false'
  secure='true'
  maxThreads='150'
  connectionTimeout='20000'
  disableUploadTimeout='true'
  scheme='https'
  minSpareThreads='5'
  maxHttpHeaderSize='8192'
  sslProtocol='SSL'
  acceptCount='200'
  clientAuth='false'
/>

以下是一些重定向 IPTABLES 命令:

# Redirect external packets
-A PREROUTING -j NAT-Port-Redirect

# redirect http traffic
-A NAT-Port-Redirect -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 8080
# redirect https traffic
-A NAT-Port-Redirect -p tcp -m tcp --dport 443 -j REDIRECT --to-ports 8443

Setup HTTP connector on 8080 and HTTPS connector on 8443. In your <Connector> declaration add proxyPort attribute and set it to default HTTP and HTTPS port ( 80 and 443 respectively ). Setup firewall redirect rule from 80 to 8080 and from 443 to 8443. Then the server will accept regular http and https URLs without the need to specify port numbers.

Below is a sample declaration of these connectors.

<Connector
  maxSpareThreads='75'
  port='8080'
  proxyPort='80'
  enableLookups='false'
  maxThreads='150'
  connectionTimeout='20000'
  disableUploadTimeout='true'
  minSpareThreads='5'
  maxHttpHeaderSize='8192'
  redirectPort='443'
  acceptCount='200'
/>

<Connector
  SSLEnabled='true'
  keystoreFile='/path/to/keystore.jks'
  maxSpareThreads='75'
  port='8443'
  proxyPort='443'
  algorithm='SunX509'
  enableLookups='false'
  secure='true'
  maxThreads='150'
  connectionTimeout='20000'
  disableUploadTimeout='true'
  scheme='https'
  minSpareThreads='5'
  maxHttpHeaderSize='8192'
  sslProtocol='SSL'
  acceptCount='200'
  clientAuth='false'
/>

And here are some redirect IPTABLES commands:

# Redirect external packets
-A PREROUTING -j NAT-Port-Redirect

# redirect http traffic
-A NAT-Port-Redirect -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 8080
# redirect https traffic
-A NAT-Port-Redirect -p tcp -m tcp --dport 443 -j REDIRECT --to-ports 8443
烟织青萝梦 2024-09-22 16:48:07

是的,完全没问题。只需配置连接器以使用相应的端口即可。但对于 443 我猜想 root 也需要。

Yes, it's perfectly OK. Just configure the connectors to use the respective ports. But for 443 I'd guess root would be required as well.

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文