1、修改tomcat配置文件server.xml:

vim ./conf/server.xml

把配置文件：

	<Connector port="8088" Server=" "  protocol="HTTP/1.1"connectionTimeout="20000"redirectPort="8443" URIEncoding="UTF-8" maxHttpHeaderSize="65536" maxPostSize="4194304"compression="on" noCompressionUserAgents="gozilla,traviata"                          compressibleMimeType="text/html,text/xml,text/plain,text/css,text/javascript,application/x-javascript,application/xml,application/javascript,application/xhtml+xml,x-font/otf,application/x-font-woff,x-font/ttf,x-font/eot"/>

禁用：

<!--<Connector port="8088" Server=" "  protocol="HTTP/1.1"connectionTimeout="20000"redirectPort="8443" URIEncoding="UTF-8" maxHttpHeaderSize="65536" maxPostSize="4194304"compression="on" noCompressionUserAgents="gozilla,traviata"                          compressibleMimeType="text/html,text/xml,text/plain,text/css,text/javascript,application/x-javascript,application/xml,application/javascript,application/xhtml+xml,x-font/otf,application/x-font-woff,x-font/ttf,x-font/eot"/>
-->

2、server.xml单独开放一个端口，原来注释的，改造一下，并放出来：

    <Connector port="8088" protocol="org.apache.coyote.http11.Http11NioProtocol"maxThreads="150" SSLEnabled="true"><SSLHostConfig><Certificate certificateKeystoreFile="conf/youdomainfile.com.jks"type="RSA"  certificateKeystorePassword="asdf2024" /></SSLHostConfig></Connector>

3、server.xml中 AJP 1.3 Connector on port 8009相关

原来是注释的，我把他打开：

    <!-- Define an AJP 1.3 Connector on port 8009 --><Connector protocol="AJP/1.3"address="::1"port="8009"redirectPort="8088" />

4、web.xml文件中：

原来末尾是：

    <welcome-file-list><welcome-file>index.html</welcome-file><welcome-file>index.htm</welcome-file><welcome-file>index.jsp</welcome-file></welcome-file-list><security-constraint><web-resource-collection><web-resource-name>fortune</web-resource-name><url-pattern>/*</url-pattern><http-method>PUT</http-method><http-method>DELETE</http-method><http-method>HEAD</http-method><http-method>OPTIONS</http-method><http-method>TRACE</http-method></web-resource-collection><auth-constraint></auth-constraint></security-constraint><login-config><auth-method>BASIC</auth-method></login-config>
</web-app>

改成这样子：
 

    <welcome-file-list><welcome-file>index.html</welcome-file><welcome-file>index.htm</welcome-file><welcome-file>index.jsp</welcome-file></welcome-file-list><security-constraint><web-resource-collection><web-resource-name>fortune</web-resource-name><url-pattern>/*</url-pattern><http-method>PUT</http-method><http-method>DELETE</http-method><http-method>HEAD</http-method><http-method>OPTIONS</http-method><http-method>TRACE</http-method><web-resource-name >SSL</web-resource-name><url-pattern>/*</url-pattern></web-resource-collection><user-data-constraint><transport-guarantee>CONFIDENTIAL</transport-guarantee></user-data-constraint><auth-constraint></auth-constraint></security-constraint><login-config><!--	<auth-method>BASIC</auth-method> --><!-- Authorization setting for SSL --><auth-method>CLIENT-CERT</auth-method><realm-name>Client Cert Users-only Area</realm-name></login-config>
</web-app>

上述即可实现用Ip的访问:http://10.10.8.91:8088/

如果出现提示，

Bad Request
This combination of host and port requires TLS.

则用https访问即可，但是仍然有“不安全”的提示，

5、设置用域名即可完美实现安全访问：

5.1服务器端：
之前tomcat\conf\server.xml

    <Engine name="Catalina" defaultHost="localhost"><!--For clustering, please take a look at documentation at:/docs/cluster-howto.html  (simple how to)/docs/config/cluster.html (reference documentation) --><!--<Cluster className="org.apache.catalina.ha.tcp.SimpleTcpCluster"/>--><!-- Use the LockOutRealm to prevent attempts to guess user passwordsvia a brute-force attack --><Realm className="org.apache.catalina.realm.LockOutRealm"><!-- This Realm uses the UserDatabase configured in the global JNDIresources under the key "UserDatabase".  Any editsthat are performed against this UserDatabase are immediatelyavailable for use by the Realm.  --><Realm className="org.apache.catalina.realm.UserDatabaseRealm"resourceName="UserDatabase"/></Realm><Host name="localhost"  appBase="webapps"unpackWARs="true" autoDeploy="true">

改成：

    <Engine name="Catalina" defaultHost="kkk.yourdomain.com"><!--For clustering, please take a look at documentation at:/docs/cluster-howto.html  (simple how to)/docs/config/cluster.html (reference documentation) --><!--<Cluster className="org.apache.catalina.ha.tcp.SimpleTcpCluster"/>--><!-- Use the LockOutRealm to prevent attempts to guess user passwordsvia a brute-force attack --><Realm className="org.apache.catalina.realm.LockOutRealm"><!-- This Realm uses the UserDatabase configured in the global JNDIresources under the key "UserDatabase".  Any editsthat are performed against this UserDatabase are immediatelyavailable for use by the Realm.  --><Realm className="org.apache.catalina.realm.UserDatabaseRealm"resourceName="UserDatabase"/></Realm><Host name="kkk.yourdomain.com"  appBase="webapps"unpackWARs="true" autoDeploy="true">

5.2客户端dns配置：

另我在本机的C:\Windows\System32\drivers\etc\hosts

10.10.8.91       kkk.yourdomain.com

最终：可实现完美安全访问：

https://kkk.yourdomain.com:8088

后经朋友提醒，web.xml不改也行，我就没继续测试了，大家可酌情考虑。