單個tomcat配置多個證書

近日，幫一個朋友配置一臺服務器，在該服務器上啓動一個Tomcat運行兩個應用，分別對應兩個域名： www.domain1.com 和 www.domain2.cn ，對於http協議（80端口），只要配置Tomcat的虛擬主機就可以了。

但朋友爲了數據的安全性，分別爲每個域名購買了一個CA證書。這就要求在一個Tomcat上配置兩個證書。在網上搜了好久，沒見有相同的案例。只查到有人說了兩種辦法：

一、兩個域名使用不同的HTTPS端口，比如：www.domain1.com使用443端口，www.domain2.cn 使用8443端口，這種方式對於測試可以，但用於生產環境，要求普通用戶在輸入地址時還要輸入端口8443，不方便不說，有些用戶還不懂。所以這種方案只能暫時放棄。

二、使用兩個公網IP，每個域名對應一個IP，這樣就可以使每個域名都使用443作爲HTTPS的端口，方便用戶使用。但沒有查到實際的配置案例。

既然沒有案例，那就自己動手，開始嘗試。經過N次嘗試之後，終於配置成功。爲了防止忘記，也爲了方便別人，把配置文件貼出來。爲了減少篇幅，把大部分註釋刪除了。

    <?xml version="1.0" encoding="UTF-8"?>  
      
    <Server port="8005" shutdown="SHUTDOWN">  
      
      <!-- Comment these entries out to disable JMX MBeans support used for the administration web application -->  
      <Listener className="org.apache.catalina.core.AprLifecycleListener" />  
      <Listener className="org.apache.catalina.mbeans.ServerLifecycleListener" />  
      <Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" />  
      <Listener className="org.apache.catalina.storeconfig.StoreConfigLifecycleListener"/>  
      
      <!-- Global JNDI resources -->  
      <GlobalNamingResources>  
      
        <!-- Test entry for demonstration purposes -->  
        <Environment name="simpleValue" type="java.lang.Integer" value="30"/>  
      
        <!-- Editable user database that can also be used by  
             UserDatabaseRealm to authenticate users -->  
        <Resource name="UserDatabase" auth="Container"  
                  type="org.apache.catalina.UserDatabase"  
           description="User database that can be updated and saved"  
               factory="org.apache.catalina.users.MemoryUserDatabaseFactory"  
              pathname="conf/tomcat-users.xml" />  
      
      </GlobalNamingResources>  
      
      <!-- Define the Tomcat Stand-Alone Service -->  
      <Service name="Catalina">  
      
        <!-- Define a non-SSL HTTP/1.1 Connector on port 80 -->  
        <Connector port="80" maxHttpHeaderSize="8192"  
                   maxThreads="150" minSpareThreads="25" maxSpareThreads="75"  
                   enableLookups="false" redirectPort="8443" acceptCount="100"  
                   connectionTimeout="20000" disableUploadTimeout="true" />  
      
        <!-- Define a SSL HTTP/1.1 Connector on port 443 -->  
        <Connector port="443" maxHttpHeaderSize="8192"  
                   maxThreads="150" minSpareThreads="25" maxSpareThreads="75"  
                   enableLookups="false" disableUploadTimeout="true"  
                   acceptCount="100" scheme="https" secure="true"  
                   clientAuth="false" sslProtocol="TLS"  
        keystoreFile  ="D:/certs/mydomain1.com_keystore.jks" keystorePass="www.mydomain1.com" keystoreType="JKS"   
        truststoreFile="D:/certs/mydomain1.com_keystore.jks" truststorePass="www.mydomain1.com" truststoreType="JKS"  
        address="xxx.xxx.2.83"  
                   />  
      
        <Connector port="443" maxHttpHeaderSize="8192"  
                   maxThreads="150" minSpareThreads="25" maxSpareThreads="75"  
                   enableLookups="false" disableUploadTimeout="true"  
                   acceptCount="100" scheme="https" secure="true"  
                   clientAuth="false" sslProtocol="TLS"  
        keystoreFile  ="D:/certs/mydomain2.cn_keystore.jks" keystorePass="www.mydomain2.cn" keystoreType="JKS"   
        truststoreFile="D:/certs/mydomain2.cn_keystore.jks" truststorePass="www.mydomain2.cn" truststoreType="JKS"  
        address="xxx.xxx.2.81"  
                   />  
      
        <!-- Define an AJP 1.3 Connector on port 8009 -->  
        <Connector port="8009" enableLookups="false" redirectPort="8443" protocol="AJP/1.3" />  
      
            <!-- Define the top level container in our container hierarchy -->  
            <Engine name="Catalina" defaultHost="localhost">  
      
          <!-- This Realm uses the UserDatabase configured in the global JNDI  
               resources under the key "UserDatabase".  Any edits  
               that are performed against this UserDatabase are immediately  
               available for use by the Realm.  -->  
          <Realm className="org.apache.catalina.realm.UserDatabaseRealm"  resourceName="UserDatabase"/>  
      
          <!-- Define the default virtual host  
               Note: XML Schema validation will not work with Xerces 2.2.  
           -->  
          <Host name="localhost" appBase="webapps" unpackWARs="true" autoDeploy="true" xmlValidation="false" xmlNamespaceAware="false">  
          </Host>  
      
          <Host name="xxx.xxx.2.81" appBase="D:/mydomain2/webapp" unpackWARs="true" autoDeploy="true" xmlValidation="false" xmlNamespaceAware="false">  
        <Alias>mydomain2.cn</Alias>  
        <Alias>www.mydomain2.cn</Alias>  
          </Host>  
      
          <Host name="xxx.xxx.2.83" appBase="D:/mydomain1/webapp" unpackWARs="true" autoDeploy="true" xmlValidation="false" xmlNamespaceAware="false">  
        <Alias>mydomain1.com</Alias>  
        <Alias>tax.mydomain1.com</Alias>  
        <Alias>www.mydomain1.com</Alias>  
        <Alias>www.mydomain1.cn</Alias>  
        <Alias>mydomain1.cn</Alias>  
          </Host>  
      
      
        </Engine>  
      
      </Service>  
      
    </Server>

注意兩個Port="443"的Connector配置，最後面的address參數是關鍵，如果不加address，那麼Tomcat將會報錯，說443端口已被使用。其他的配置信息，網絡上都能找到例子或說明，就不多做說明了。

轉自：https://www.iteye.com/topic/554238

單個tomcat配置多個證書

nginx添加緩存模塊

tomcat access日誌含義

安裝nginx

nginx 通過proxy_next_upstream實現容災和重複處理問題

nginx添加fair模塊

Mac下配置sublime實現LaTeX

https://yachay.unat.edu.pe/blog/index.php?comment_area=format_blog&comment_component=blog&comment_co

linux以太網驅動總結