tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Matthew Kerle <matthew.ke...@sra.com.au>
Subject Re: Removing the port identifier
Date Wed, 15 Aug 2007 04:12:12 GMT

the only way to get rid of the port number is to have something 
listening on :443 (that's the way browsers are, sorry), and then hand 
requests over to tomcat, so to get what you want something will have to 
bind to :443 at some point, requiring root privs. What you want is 
something that will bind to the port as a privileged user and 
subsequently drop priv's to a limited user. the Apache web server is 
excellent for this kind of thing.

The easiest way to do this would be with apache sitting in front of 
tomcat with either mod_jk2 or forwarding requests with mod_rewrite. It 
doesn't really matter where the port forwarder sits, but usually you 
want to align with existing IT infrastructure and use an existing 
internal/internet web server to redirect requests to your app. If your 
company already has apache then this is a cinch, otherwise you'll have 
to figure out how to reverse-proxy with the web server du jour...

Is this close to what you're after?

-- 

* Matthew Kerle
** IT Consultant* **
* Canberra, Australia*

Mobile: +61404 096 863
Email:     <mailto:mattkerle@gmail.com> Matthew Kerle 
<mailto:mattkerle@gmail.com>
Web:      Matthew Kerle <http://threebrightlights.blogspot.com/>


Stephen Caine wrote:
> Is there a way to remove the port number from a https request where 
> the original url looks something like this:
>
> https://host_name:8443/
>
> The approach to change the server.xml file (where the connector port 
> is changed from 8443 to 443) is not practical for us.  When this is 
> done, Tomcat requires the root user to run.  We consider this a 
> security risk.
>
> We have considered a port forwarder, but we are unclear whether to 
> install this on the Tomcat server or router.  In any event, we are not 
> at all sure this is the best approach.  Any advice will be 
> appreciated.  Our operating system is Mac OS X.
>
> Thanks,
>
> Stephen
>
> ---------------------------------------------------------------------
> To start a new topic, e-mail: users@tomcat.apache.org
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>


---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message