java web网站配置apache代理tomcat的模式下，将http转成https，同时http和https共存

2020-02-22 00:00:00   作者：MangoCool   来源：MangoCool

服务器：阿里云

其他：Centos6.8、Apache2.2、Tomcat7 

域名：

mc.com

hhs.com

xx.com

证书可以在阿里云，腾讯云申请免费的。

 

安装：
yum install mod_ssl openssl

httpd.conf配置，里面内容较多，贴出主要的：

NameVirtualHost *:80
#ProxyPreserveHost On
ServerName localhost:80

#www.mc.com
<Virtualhost *:80>
ServerName mc.com
RewriteEngine on
RewriteRule ^/(.*)$ https://mc.com/$1 [R=301,L]
</VirtualHost>
#这里都是我的强迫症
<VirtualHost *:80>
ServerName www.mc.com
RewriteEngine On
RewriteRule ^/(.*)$ https://mc.com/$1 [R=301,L]
</VirtualHost>

#www.hhs.com
<Virtualhost *:80>
ServerName hhs.com
RewriteEngine on
RewriteRule ^/(.*)$ https://hhs.com/$1 [R=301,L]
</VirtualHost>
#这里都是我的强迫症
<VirtualHost *:80>
ServerName www.hhs.com
RewriteEngine On
RewriteRule ^/(.*)$ https://hhs.com/$1 [R=301,L]
</VirtualHost>

#www.xx.com
<Virtualhost *:80>
ServerName xx.com
ProxyPass /    http://localhost:8888/xx/
ProxyPassReverse / http://localhost:8888/xx/
ProxyPassReverseCookieDomain localhost www.xx.com
ProxyPassReverseCookiePath /xx /
</VirtualHost>
#这里都是我的强迫症
<VirtualHost *:80>
ServerName www.xx.com
RewriteEngine On
RewriteRule ^/(.*)$ http://xx.com/$1 [R=301,L]
</VirtualHost>

ssl.conf配置：

LoadModule ssl_module modules/mod_ssl.so
Listen 443
SSLPassPhraseDialog  builtin
SSLSessionCache         shmcb:/var/cache/mod_ssl/scache(512000)
SSLSessionCacheTimeout  300
SSLMutex default
SSLRandomSeed startup file:/dev/urandom  256
SSLRandomSeed connect builtin
SSLCryptoDevice builtin
NameVirtualHost *:443
// 暂时没发现这个的作用，可能在不支持SNI的客户端会体现出来吧
SSLStrictSNIVHostCheck off

<VirtualHost *:443>     
ServerName mc.com
ServerAlias www.mc.com				   		  
ProxyPass / http://localhost:8080/mc/         // 代理
ProxyPassReverse / http://localhost:8080/mc/  // 代理
ProxyPassReverseCookieDomain localhost mc.com // session不丢失
ProxyPassReverseCookiePath /mc /              // session不丢失      
SSLEngine on
SSLProtocol all -SSLv2 -SSLv3
SSLCipherSuite HIGH:!RC4:!MD5:!aNULL:!eNULL:!NULL:!DH:!EDH:!EXP:+MEDIUM
SSLCertificateFile /你的目录/mc_public.crt
SSLCertificateKeyFile /你的目录/mc.key 
SSLCertificateChainFile /你的目录/mc_chain.crt
</VirtualHost>

<VirtualHost *:443>
ServerName hhs.com
ServerAlias www.hhs.com // 不设置这个 可能会出现第二个站访问时提示不安全
ProxyPass / http://localhost:8080/hhs/
ProxyPassReverse / http://localhost:8080/hhs/
ProxyPassReverseCookieDomain localhost hhs.com
ProxyPassReverseCookiePath /hhs /
SSLEngine on
SSLProtocol all -SSLv2 -SSLv3
SSLCipherSuite HIGH:!RC4:!MD5:!aNULL:!eNULL:!NULL:!DH:!EDH:!EXP:+MEDIUM
SSLCertificateFile /你的目录/hhs_public.crt
SSLCertificateKeyFile /你的目录/hhs.key
SSLCertificateChainFile /你的目录/hhs_chain.crt
</VirtualHost>

以下是我踩过的坑，记录一下：

1、启动apache提示

[warn] _default_ VirtualHost overlap on port 443, the first has precedenc
同时你配置的第二个站，也不能正常，提示不安全链接 

解决办法：
NameVirtualHost *:443

2、apache日志

tail -f error_log

[notice] caught SIGTERM, shutting down
[Sat Feb 22 02:01:41 2020] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Sat Feb 22 02:01:41 2020] [notice] Digest: generating secret for digest authentication ...
[Sat Feb 22 02:01:41 2020] [notice] Digest: done
[Sat Feb 22 02:01:41 2020] [notice] Apache/2.2.15 (Unix) DAV/2 mod_ssl/2.2.15 OpenSSL/1.0.1e-fips configured -- resuming normal operations

tail -f ssl_error_log

[warn] RSA server certificate CommonName (CN) `hanhaisha.com' does NOT match server name!?

以上两种提示 都是没问题的 

[error] Hostname 112.74.98.106:443 provided via SNI and hostname 112.74.98.106 provided via HTTP are different

出现这种有error信息的才要注意，这个应该是你访问的https站中有http的请求，应该跟你的站的内容有关系，需要修改

3、还有最重要的一点，就是如果你是使用的阿里云的服务器，记得在安全组配置中打开网站入443端口，我就被这个足足折腾了两晚，欲哭无泪

以上配置后的结果就是：

xx.com/www.xx.com 都只是http://xx.com  

mc.com/www.mc.com、hhs.com/www.hhs.com都跳转到https://mc.com和https://hhs.com

标签： java apache tomcat http https

分享：

上一篇HttpsURLConnection GET 请求 部分乱码问题

下一篇Maven项目打包，将依赖包一起打入包中