Results 1 to 7 of 7

Thread: using Tomcat with / without SSL

  1. #1

    Default using Tomcat with / without SSL

    Hi everybody,

    I'm trying to run my tomcat6 server with and without SSL on Port 81.

    First, i created the keyfile and added a few line to the server.xml:
    Code:
    <?xml version='1.0' encoding='utf-8'?>
    
    <Server port="8005" shutdown="SHUTDOWN">
    
    
      <Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" />
      
      <Listener className="org.apache.catalina.core.JasperListener" />
    
      <Listener className="org.apache.catalina.mbeans.ServerLifecycleListener" />
      <Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" />
    
    <GlobalNamingResources>
     
        <Resource name="UserDatabase" auth="Container"
                  type="org.apache.catalina.UserDatabase"
                  description="User database that can be updated and saved"
                  factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
                  pathname="conf/tomcat-users.xml" />
      </GlobalNamingResources>
     <Service name="Catalina">
    
    <Connector port="81"
    maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
    enableLookups="true" disableUploadTimeout="true"
    acceptCount="100" debug="0" scheme="https" secure="true"
    clientAuth="false" sslProtocol="TLS"
    keystoreFile="../webapps/techtracer.bin"
    keystorePass="ttadmin" />
    
    
     <Connector port="8009" protocol="AJP/1.3" redirectPort="8443" />
    <Engine name="Catalina" defaultHost="localhost">
      <Realm className="org.apache.catalina.realm.UserDatabaseRealm"
                 resourceName="UserDatabase"/>
    
    
          <Host name="localhost"  appBase="webapps"
                unpackWARs="true" autoDeploy="true"
                xmlValidation="false" xmlNamespaceAware="false">
    
    
          </Host>
        </Engine>
      </Service>
    </Server>
    now, everything works fine for https and port 81.
    but additionally, i need to redirect any request on http (also port 81) to https.

    how can i do that?

    when i try to open somthing on http and port 81, my browser offers me to download the jspx files.

    i hope thats not too complex

    Thank you very much!
    Elenio

  2. #2

    Default Re: using Tomcat with / without SSL

    any hint?

    thx

  3. #3
    Join Date
    Dec 2009
    Location
    Moldova
    Posts
    130

    Default Re: using Tomcat with / without SSL

    Hello, I think you had a better chance to get an answer in application thread.
    I do not use tomcat at all, but as I remember, some of my friend said that it is not recommended to use tomcat web capability but to proxy through apache which is more secured. and there are a lot of doc how to use ssl in apache.

  4. #4
    Join Date
    Dec 2009
    Location
    Moldova
    Posts
    130

    Default Re: using Tomcat with / without SSL

    Hello, I just have some free time and had a look in tmcat documentation : The Apache Tomcat 5.5 Servlet/JSP Container - SSL Configuration HOW-TO

    The port attribute (default value is 8443) is the TCP/IP port number on which Tomcat will listen for secure connections. You can change this to any port number you wish (such as to the default port for https communications, which is 443). However, special setup (outside the scope of this document) is necessary to run Tomcat on port numbers lower than 1024 on many operating systems.

    If you change the port number here, you should also change the value specified for the redirectPort attribute on the non-SSL connector. This allows Tomcat to automatically redirect users who attempt to access a page with a security constraint specifying that SSL is required, as required by the Servlet Specification.
    as I understand you have changed default https port but didn't change redirectPort. Logically if you'll change it then it should work.

  5. #5

    Default Re: using Tomcat with / without SSL

    Thanks for your posts!

    @isemionov:
    is this redirectPort meant?


    <Connector port="8009" protocol="AJP/1.3" redirectPort="8443" />
    <Engine name="Catalina" defaultHost="localhost">
    <Realm className="org.apache.catalina.realm.UserDatabaseRealm"
    resourceName="UserDatabase"/>
    thx

  6. #6
    Join Date
    Dec 2009
    Location
    Moldova
    Posts
    130

    Default Re: using Tomcat with / without SSL

    Quote Originally Posted by elenio View Post
    Thanks for your posts!

    @isemionov:
    is this redirectPort meant?




    thx
    Yes , as I can see non-SSL connector is this on port 8009. The second ssl enabled connector in your configuration is on port 81. So sounds logically to put in non-SSL connector redirectPort=81.

    However documentation do not recommend to use in tomcat ports lower than 1024:
    The port attribute (default value is 8443) is the TCP/IP port number on which Tomcat will listen for secure connections. You can change this to any port number you wish (such as to the default port for https communications, which is 443). However, special setup (outside the scope of this document) is necessary to run Tomcat on port numbers lower than 1024 on many operating systems.

  7. #7

    Default Re: using Tomcat with / without SSL

    Hi,

    IT'S SOLVED

    i had to add a second Connecter with scheme="http" and redirectPort="81"


    Thank you guys!

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •