強制HTTPS訪問

Tomcat自動跳轉

在tomcatconfweb.xml中的</welcome-file-list>後面加上這樣一段：

<login-config>
<!-- Authorization setting for SSL -->
<auth-method>CLIENT-CERT</auth-method>
<realm-name>Client Cert Users-only Area</realm-name>
</login-config>
<security-constraint>
<!-- Authorization setting for SSL -->
<web-resource-collection >
<web-resource-name >SSL</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>

在tomcatconfserver.xml中將http站點下配置的ssl端口改為和ssl配置端口（默認為443）一致：

<Connector port="80"
protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="443" />

Apache自動跳轉

在需要跳轉的http站點配置文件，<VirtualHost *:80> </VirtualHost>中間，添加重定向代碼：

RewriteEngine on
RewriteCond %{SERVER_PORT} !^443$
RewriteRule ^.*$ https://%{SERVER_NAME}%{REQUEST_URI} [L,R]

Nginx自動跳轉

在需要跳轉的http站點配置文件中，添加如下第4行rewrite語句：

server {
listen 80;
server_name test.com;
rewrite ^(.*)$ https://$host$1 permanent;
}