tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Schultz <ch...@christopherschultz.net>
Subject Re: Removing the port identifier
Date Tue, 14 Aug 2007 22:29:35 GMT
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Stephen,

Stephen Caine wrote:
> Is there a way to remove the port number from a https request where the
> original url looks something like this:
> 
> https://host_name:8443/

If the URL does not contain the port number, then the web browser will
fail to make a connection since it will use the default port for the
service (443 for HTTPS).

> The approach to change the server.xml file (where the connector port is
> changed from 8443 to 443) is not practical for us.  When this is done,
> Tomcat requires the root user to run.  We consider this a security risk.

Tomcat does not require you to run it as root in order to use port 443.
There are various techniques, including using a web server such as
Apache httpd to front Tomcat, iptables (or similar) tricks to re-route
ports, or using jsvc to gain non-root access to port 443 (and others).

- -chris

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFGwizP9CaO5/Lv0PARApHhAJ46d3DI8B8/7RwJm9VPrUNNpPtBXACfVt26
Ybxw/4LYf2+lF4w14NVwMec=
=Uhgb
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message