centos 7 / let's Encrypt / tomcat 8

*1. let's Encrypt 설치 *
yum -y update

yum -y upgrade

yum install -y gcc gcc-c++ wget perl-devel curl-devel git

cd /opt

git clone https://github.com/letsencrypt/letsencrypt

cd /opt/letsencrypt/

*2. 인증서 받기 *

./letsencrypt-auto certonly --manual --email [이메일 주소] -d [사용할 도메인주소1] -d [사용할 도메인주소2] -d [사용할 도메인주소3]

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Create a file containing just this data:

_mEYFagPrJHAnPWBuGdkc7ERx5bkeKqf_R5EXswb56A.YLiWcR690Xz4CkFs9bDbFYK4XRLKeogxQpn7mxQROIU

And make it available on your web server at this URL:

http://[사용할 도메인주소1]/.well-known/acme-challenge/_mEYFagPrJHAnPWBuGdkc7ERx5bkeKqf_R5EXswb56A

(This must be set up in addition to the previous challenges; do not remove,
replace, or undo the previous challenge tasks yet.)

별도접속하여 처리

mkdir -p /ROOT/.well-known/acme-challenge
vi /ROOT/.well-known/acme-challenge/_mEYFagPrJHAnPWBuGdkc7ERx5bkeKqf_R5EXswb56A

*3. tomcat 설정 *

conf/server.xml

...

<Connector port="**80**" protocol="HTTP/1.1"  
           connectionTimeout="20000"  
           redirectPort="**443**"   

URIEncoding="UTF-8"
/>

....

<SSLHostConfig hostName="[사용할 도메인주소1]">
    <Certificate 
    certificateKeyFile="/etc/letsencrypt/live/[사용할 도메인주소1]/privkey.pem"
    certificateFile="/etc/letsencrypt/live/[사용할 도메인주소1]/cert.pem"
    certificateChainFile="/etc/letsencrypt/live/[사용할 도메인주소1]/fullchain.pem" 
    type="RSA" />
</SSLHostConfig>

4. web.xml 설정 (http로 접속해도 https로 접속되도록 )

web.xml

... 중간 생략...  

 <security-constraint>  
    <web-resource-collection>  
         <web-resource-name>HTTP</web-resource-name>  
         <url-pattern>/\*</url-pattern>  
     </web-resource-collection>  
     <user-data-constraint>  
         <transport-guarantee>CONFIDENTIAL</transport-guarantee>  
     </user-data-constraint>  
 </security-constraint>  

5. OS 처리

- port open

- port fowording ( 8080 의 경우 8080 -> 80 )