My webapp is built using JAVA(Backend) + JavaScript(FrontEnd) and I'm using Tomcat 8.0 as server.
Currently the URL to the webapp is "localhost:8083/myapp/index.jsp" and I have been trying to change it to a domain name in the hosts file (Under win/sys32/drivers/etc/..) and server.xml (under Tomcat) but unfortunately I wasn't able to achieve that. Any tips please?
I think you can just give a new port attribute value, do not add address attribute and should Tomcat be bind to all addresses. If you want to serve just one hostname give address="192.168.1.2" attribute.
<Connector port="80" protocol="org.apache.coyote.http11.Http11Nio2Protocol"
connectionTimeout="60000" redirectPort="443"
acceptCount="1000" acceptorThreadCount="2" maxConnections="10000" maxThreads="400"
compression="on" compressionMinSize="2048"
compressableMimeType="application/json, text/json, application/xml, text/xml"
/>
<Connector port="443" protocol="org.apache.coyote.http11.Http11Nio2Protocol"
connectionTimeout="60000"
acceptCount="1000" acceptorThreadCount="2" maxConnections="10000" maxThreads="400"
keystoreFile="./keystore.jks" keystorePass="mypwd" keyAlias="tomcat"
SSLEnabled="true" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS"
compression="on" compressionMinSize="2048"
compressableMimeType="application/json, text/json, application/xml, text/xml"
/>
Related
I was following this tutorial to enable ssl in tomcat: https://medium.com/#raupach/how-to-install-lets-encrypt-with-tomcat-3db8a469e3d2
Altough tomcat is running at the end, i can not access https, says unable to connect. So i checked the logs and i got:
Caused by: java.io.IOException: SSLHostConfig attribute certificateFile must be defined when using an SSL connector
, but my certificateFile is defined as you can see:
<Connector port="443"
protocol="org.apache.coyote.http11.Http11NioProtocol"
maxThreads="100"
compression="on"
scheme="https"
SSLEnabled="true"
secure="true"
SSLVerifyClient="none"
SSLProtocol="TLSv1.2"
defaultSSLHostConfigName="test.test">
<SSLHostConfig hostName="test.test">
<Certificate certificateFile="conf/cert.pem" certificateKeyFile="conf/privkey.pem" certificateChainFile="conf/chain.pem" />
</SSLHostConfig>
</Connector>
these files are present in conf/
tomcat 9 docs: https://tomcat.apache.org/tomcat-9.0-doc/config/http.html section SSLHostConfig and Certificate
You use a mix of new (since Tomcat 8.5) and deprecated attributes (cf. Tomcat documentation). The effect of setting, e.g. SSLProtocol is the creation of a second <SSLHostConfig> with hostname _default_. That is the element that the error message is referring to.
You should replace the obsolete tags (SSLVerifyClient and SSLProtocol) with their current counterparts (or omit them if you want the default value):
<Connector port="443"
protocol="org.apache.coyote.http11.Http11NioProtocol"
maxThreads="100"
compression="on"
scheme="https"
SSLEnabled="true"
secure="true"
defaultSSLHostConfigName="test.test">
<SSLHostConfig hostName="test.test"
protocols="TLSv1.2">
<Certificate certificateFile="conf/cert.pem"
certificateKeyFile="conf/privkey.pem"
certificateChainFile="conf/chain.pem" />
</SSLHostConfig>
</Connector>
Remark: The attributes you used where specific to the APR connector. If that choice was intentional, you should change the protocol to org.apache.coyote.http11.Http11AprProtocol.
We have a hybris server behind an apache web server that are linked with ajp connectors. This is working perfectly however for some reason after updating to hybris 5.3 (and tomcat 7) the secure ajp connector is not rendering.
In the hybris tomcat config folder we have this in the server.xml:
${tomcat.connectors.ajp.plain}
which renders on ant clean all to this in the platform server.xml
<Connector protocol="AJP/1.3" port="8009" proxyPort="80" redirectPort="443" />
this works for non secure connections however we need to also render the secure connector:
<Connector protocol="AJP/1.3" port="8010" proxyPort="443" scheme="https" secure="true" />
I could just hard code this into the server.xml but that doesn't seem like the best way to do it. and I can't find where ${tomcat.connectors.ajp.plain} is actually rendered. Is there a similar property somewhere that will render the secure connector using the ports defined in the local.properties?
I'm afraid you have to declare it manually in your server.xml template in the configuration directory.
In actual fact, I prefer to do this for both AJP connectors as the templated one injected by the variable you mention is not very well configured and I have seen significant performance issues as a result. For example the number of threads is not specified and it is not associated with an executor. This means that when under large load, the number of active threads can grow to a silly number and cause the whole thing to fall over.
In fact, below is a snippet of the config/tomcat/conf/server.xml I use, which I have developed over 7 years of working exclusively on Hybris. Not only does it have sensible configurations, it also uses the more performant non-blocking IO protocols.
Hope this helps.
<Executor name="hybrisExecutor"
namePrefix="hybrisHTTP"
maxThreads="${tomcat.maxthreads}"
minSpareThreads="${tomcat.minsparethreads}"
maxIdleTime="${tomcat.maxidletime}"/>
<Connector port="${tomcat.http.port}"
maxHttpHeaderSize="8192"
maxThreads="${tomcat.maxthreads}"
protocol="org.apache.coyote.http11.Http11NioProtocol"
executor="hybrisExecutor"
enableLookups="false"
acceptCount="${tomcat.acceptcount}"
connectionTimeout="20000"
URIEncoding="UTF-8"
disableUploadTimeout="true" />
<Connector port="${tomcat.ssl.port}"
maxHttpHeaderSize="8192"
maxThreads="${tomcat.maxthreads}"
protocol="org.apache.coyote.http11.Http11NioProtocol"
executor="hybrisExecutor"
enableLookups="false"
acceptCount="${tomcat.acceptcount}"
connectionTimeout="20000"
disableUploadTimeout="true"
URIEncoding="UTF-8"
SSLEnabled="true"
scheme="https"
secure="true"
clientAuth="false"
sslProtocol="TLS"
keystoreFile="${catalina.home}/lib/keystore"
keystorePass="123456" />
<!--
We explicitly declare the AJP connectors as we want to separate HTTP and SSL traffic and the default connector setting Hybris provides is not good enough.
-->
<Connector protocol="org.apache.coyote.ajp.AjpNioProtocol"
executor="hybrisExecutor"
enableLookups="false"
acceptCount="${tomcat.acceptcount}"
connectionTimeout="120000"
maxThreads="${tomcat.maxthreads}"
port="${tomcat.ajp.port}"
proxyPort="${proxy.http.port}"
redirectPort="${proxy.ssl.port}"
URIEncoding="UTF-8"
useIPVHosts="${tomcat.ajp.useipv}" />
<Connector protocol="org.apache.coyote.ajp.AjpNioProtocol"
executor="hybrisExecutor"
enableLookups="false"
acceptCount="${tomcat.acceptcount}"
connectionTimeout="120000"
maxThreads="${tomcat.maxthreads}"
port="${tomcat.ajp.secureport}"
proxyPort="${proxy.ssl.port}"
redirectPort="${proxy.http.port}"
scheme="https"
secure="true"
URIEncoding="UTF-8"
useIPVHosts="${tomcat.ajp.useipv}" />
The variables are just properties you declare in local.properties. They are substituted at build time by the ant deploy task when it builds the actual server.xml in the platform tomcat directory.
I think you should try with:
<Connector
protocol="AJP/1.3"
port="8010"
connectionTimeout="20000"
scheme="https"
SSLEnabled="true"
secure="true"
maxThreads="200"
proxyPort="443"/>
I've got a problem setting up my tomcat on linux for secure connection. My servlets work fine for normal http requests, but when changing the server.xml file to https configuration, the servlet is only addressable through the intern IP. I created a .keystore file in my home directory. The fact, that the https connection(after accepting the certificate) works within the intern network makes me believe it is a router related problem (I opend and forwarded port 8443 on my router).
Thanks for any help!
Server.xml:
<Connector port="8080" protocol="HTTP/1.1" connectionTimeout="20000" URIEncoding="UTF-8" redirectPort="8443"/>
...
<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS"
keystoreFile="/home/user/.keystore"
keystorePass="password" />
I am using Tomcat 5.5 & JDK 1.5.0_21. Tomcat 5.5 is successful started. I need to access tomcat in secure mode, but not able to access the application using 'https:localhost' but able to access as 'http:localhost:portno.'.
The SSL settings is as below :
<!-- Define a non-SSL HTTP/1.1 Connector on port 8080 -->
<Connector URIEncoding="UTF-8" acceptCount="100" connectionTimeout="20000" disableUploadTimeout="true" enableLookups="false" maxHttpHeaderSize="8192" maxSpareThreads="75" maxThreads="150" minSpareThreads="25" port="8080" redirectPort="443"/>
<!-- Define a SSL HTTP/1.1 Connector on port 8443 -->
<Connector URIEncoding="UTF-8" acceptCount="100" clientAuth="false" debug="0" disableUploadTimeout="true" enableLookups="false" keystoreFile=".keystore" maxSpareThreads="75" maxThreads="150" minSpareThreads="25" port="443" scheme="https" secure="true" sslProtocol="TLS"/>
Would there be any other server setting issue or browser settings i need to check for ? Please suggest
Thanks in Advance
You have a typo in the SSL configuration.
port="443"
Change it to port="8443"
Below is the snippet from server.xml.Connector port for https is 8444 and i have changed the entry in redirect port as well.
<Connector port="8444" maxHttpHeaderSize="8192"
maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
enableLookups="false" disableUploadTimeout="true"
acceptCount="100" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS"
keystoreFile="c:\keystorefile" keystorePass="tom123"
/>
<!-- Define an AJP 1.3 Connector on port 8009 -->
<Connector port="8009"
enableLookups="false" redirectPort="8444" protocol="AJP/1.3" />
I am trying to access one jsp through http url and i was expecting that it will redirect to https but i got an error in my firefox browser ie
Firefox can't establish a connection to the server at 192.168.9.7:8443.
Why it is looking for 8443 instead for port 8444.
Please help ???
Note : If i try to access the jsp from https url with 8444 port directly then i can access the same.
I am using tomcat 5.5.27
It is requested to throw some light on
Connector port="8009"
this as well.What is the use of this 8009 port.
<!-- Define a non-SSL HTTP/1.1 Connector on port 8080 -->
<Connector port="8090" maxHttpHeaderSize="8192"
maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
enableLookups="false" redirectPort="8444" acceptCount="100"
connectionTimeout="20000" disableUploadTimeout="true" />
Required changes in NON SSL connector.redirectPort="8444"
Now running fine.