docker tomcat keytool 新增ssl認證 (1)
阿新 • • 發佈:2018-11-25
tomcat新增ssl認證可以參考:
準備工作
1、安裝jdk
2、安裝docker/1.8.2
*****************************
1、keytool生成.keystore,密碼及關鍵資訊請自行補足
keytool -genkey -alias tomcat -keyalg RSA -keystore /home/tomcat/.keystore -dname "CN=***,OU=***,O=***,L=SHANGHAI,ST=SH,C=CN" -keypass *** -storepass *** -validity 3650
有效期10年,檢視證書資訊,需要輸入密碼
keytool -list -v -keystore /home/tomcat/.keystore -storepass ***
將.keystore檔案移動到Dockerfile同層目錄
tomcat Dockerfile
FROM tomcat ADD web.xml /usr/local/tomcat/webapps/manager/WEB-INF/ ADD tomcat-users.xml /usr/local/tomcat/conf/ ADD server.xml /usr/local/tomcat/conf/ ADD setenv.sh /usr/local/tomcat/bin/ ADD .keystore /usr/local/tomcat/ RUN chmod +x /usr/local/tomcat/bin/setenv.sh ADD catalina.sh /usr/local/tomcat/bin/ RUN chmod +x /usr/local/tomcat/bin/catalina.sh RUN echo "Asia/shanghai" > /etc/timezone EXPOSE 8080 EXPOSE 443
上述部分檔案請自行檢視官網說明
這裡說下和ssl有關的server.xml
原檔案
<!-- <Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol" maxThreads="150" SSLEnabled="true" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" /> -->
修改後的檔案,改為開放443埠,注意keystore的位置及密碼
<Connector SSLEnabled="true" acceptCount="100" clientAuth="false"
disableUploadTimeout="true" enableLookups="false" maxThreads="25"
port="443" keystoreFile="/usr/local/tomcat/.keystore" keystorePass="***"
protocol="org.apache.coyote.http11.Http11NioProtocol" scheme="https"
secure="true" sslProtocol="TLS" />
生成映象tomcatssl
docker build -t tomcatssl /home/tomcat/
執行容器,開放8080及443埠,訪問packags目錄war包,部分對映可忽略,請自行配置
docker run -d -p 8080:8080 -p 443:443 -v /etc/localtime:/etc/localtime:ro -v /home/web_server:/usr/local/tomcat/logs -v /home/packages/web_server:/usr/local/tomcat/webapps/ -v /home/packages/web_server/config:/usr/local/tomcat/webapps/config --net=host --name web_server_ssl tomcatssl
訪問測試