using Tomcat with / without SSL

elenio · April 27, 2011, 3:48pm

Hi everybody,

I’m trying to run my tomcat6 server with and without SSL on Port 81.

First, i created the keyfile and added a few line to the server.xml:

<?xml version='1.0' encoding='utf-8'?>

<Server port="8005" shutdown="SHUTDOWN">


  <Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" />
  
  <Listener className="org.apache.catalina.core.JasperListener" />

  <Listener className="org.apache.catalina.mbeans.ServerLifecycleListener" />
  <Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" />

<GlobalNamingResources>
 
    <Resource name="UserDatabase" auth="Container"
              type="org.apache.catalina.UserDatabase"
              description="User database that can be updated and saved"
              factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
              pathname="conf/tomcat-users.xml" />
  </GlobalNamingResources>
 <Service name="Catalina">

<Connector port="81"
maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
enableLookups="true" disableUploadTimeout="true"
acceptCount="100" debug="0" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS"
keystoreFile="../webapps/techtracer.bin"
keystorePass="ttadmin" />


 <Connector port="8009" protocol="AJP/1.3" redirectPort="8443" />
<Engine name="Catalina" defaultHost="localhost">
  <Realm className="org.apache.catalina.realm.UserDatabaseRealm"
             resourceName="UserDatabase"/>


      <Host name="localhost"  appBase="webapps"
            unpackWARs="true" autoDeploy="true"
            xmlValidation="false" xmlNamespaceAware="false">


      </Host>
    </Engine>
  </Service>
</Server>

now, everything works fine for https and port 81.
but additionally, i need to redirect any request on http (also port 81) to https.

how can i do that?

when i try to open somthing on http and port 81, my browser offers me to download the jspx files.

i hope thats not too complex

Thank you very much!
Elenio

elenio · April 29, 2011, 10:07am

any hint?

thx

isemionov · April 29, 2011, 12:33pm

Hello, I think you had a better chance to get an answer in application thread.
I do not use tomcat at all, but as I remember, some of my friend said that it is not recommended to use tomcat web capability but to proxy through apache which is more secured. and there are a lot of doc how to use ssl in apache.

isemionov · April 29, 2011, 1:07pm

Hello, I just have some free time and had a look in tmcat documentation : The Apache Tomcat 5.5 Servlet/JSP Container - SSL Configuration HOW-TO

The port attribute (default value is 8443) is the TCP/IP port number on which Tomcat will listen for secure connections. You can change this to any port number you wish (such as to the default port for https communications, which is 443). However, special setup (outside the scope of this document) is necessary to run Tomcat on port numbers lower than 1024 on many operating systems.

If you change the port number here, you should also change the value specified for the redirectPort attribute on the non-SSL connector. This allows Tomcat to automatically redirect users who attempt to access a page with a security constraint specifying that SSL is required, as required by the Servlet Specification.

as I understand you have changed default https port but didn’t change redirectPort. Logically if you’ll change it then it should work.

elenio · April 29, 2011, 2:04pm

Thanks for your posts!

@isemionov:
is this redirectPort meant?

<Connector port=“8009” protocol=“AJP/1.3” redirectPort=“8443” />
<Engine name=“Catalina” defaultHost=“localhost”>
<Realm className=“org.apache.catalina.realm.UserDatabaseRealm”
resourceName=“UserDatabase”/>

thx

isemionov · April 29, 2011, 2:12pm

Yes , as I can see non-SSL connector is this on port 8009. The second ssl enabled connector in your configuration is on port 81. So sounds logically to put in non-SSL connector redirectPort=81.

However documentation do not recommend to use in tomcat ports lower than 1024:

The port attribute (default value is 8443) is the TCP/IP port number on which Tomcat will listen for secure connections. You can change this to any port number you wish (such as to the default port for https communications, which is 443). However, special setup (outside the scope of this document) is necessary to run Tomcat on port numbers lower than 1024 on many operating systems.

elenio · April 29, 2011, 10:18pm

Hi,

IT’S SOLVED

i had to add a second Connecter with scheme=“http” and redirectPort=“81”

Thank you guys!