Tomcat配置8080強制跳轉https端口變成8443或者80跳轉443

Tomcat配置強制https端口變成8443

跳轉端口：
http默認端口 8080
https默認端口 8443

或者

http默認端口 80
https默認端口 443
這裏只講tomcat配置，至於證書生成請參考其餘文檔；
修改tomcat配置文件 vim /etc/tomcat/server.xml 啓用ssl

service.xml
    <Connector port="80" protocol="HTTP/1.1"
               connectionTimeout="20000"
               redirectPort="8443" />

    <Connector port="8443" protocol="HTTP/1.1"
                SSLEnabled="true"
                maxThreads="150" 
                scheme="https" 
                secure="true"
                keystoreFile="/usr/ca/server/server.keystore.jks"
                keystorePass="yzd2019"
                clientAuth="false" 
                sslProtocol="TLS"

強制跳轉：
訪問http的8080或者80自動跳轉
修改 web.xml

在welcome-file-list標籤後加入
<login-config>  
        <!-- Authorization setting for SSL -->  
        <auth-method>CLIENT-CERT</auth-method>  
        <realm-name>Client Cert Users-only Area</realm-name>  
    </login-config>  
    <security-constraint>  
        <!-- Authorization setting for SSL -->  
        <web-resource-collection >  
            <web-resource-name >SSL</web-resource-name>  
            <url-pattern>/*</url-pattern>  
        </web-resource-collection>  
        <user-data-constraint>  
            <transport-guarantee>CONFIDENTIAL</transport-guarantee>  
        </user-data-constraint>  
    </security-constraint>

注意： 若是是YUM安裝的tomcat沒法使用1024如下的端口固沒法使用80與443 ；
若修改監聽端口爲80休要修改tomcat運行用戶爲root；安全起見官方不建議這麼幹；
修改下面的tomcat用戶爲root
vim /usr/lib/systemd/system/tomcat.service

# Systemd unit file for default tomcat
# 
# To create clones of this service:
# DO NOTHING, use tomcat@.service instead.

[Unit]
Description=Apache Tomcat Web Application Container
After=syslog.target network.target

[Service]
Type=simple
EnvironmentFile=/etc/tomcat/tomcat.conf
Environment="NAME="
EnvironmentFile=-/etc/sysconfig/tomcat
ExecStart=/usr/libexec/tomcat/server start
SuccessExitStatus=143
# User=Tomcat
User=root

[Install]
WantedBy=multi-user.target