tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From 李征 <>
Subject 回复: about Connector's attribute redirectPort
Date Tue, 16 Sep 2008 03:51:30 GMT

thx so much for the detail

i use mod_jk to make apache and tomcat work together

below is the setting for my connector
    <Connector className="org.apache.coyote.tomcat4.CoyoteConnector"
               port="8009" minProcessors="5" maxProcessors="150"
               enableLookups="true" redirectPort="8443"
               acceptCount="10" debug="0" connectionTimeout="0"

why i can't get anything from 
netstat -apn | grep 8443

-- lizheng

----- 原始邮件 ----
发件人: Christopher Schultz <>
收件人: Tomcat Users List <>
已发送: 2008/9/13(周六), 上午2:28:48
主题: Re: about Connector's attribute redirectPort

Hash: SHA1


李征 wrote:
> If this Connector is supporting non-SSL requests, and a request is
> received for which a matching <security-constraint> requires SSL
> transport, Catalina will automatically redirect the request to the
> port number specified here. The default value is 443.
> but i still don't understand what redirectPort is used for.

When you are using HTTP (non-secure) and your security settings for a
resource (set using <transport-guarantee> in the <security-constraint>
sections of web.xml) call for a CONFIDENTIAL or INTEGRAL transport, HTTP
is not considered acceptable. In this case, Tomcat will issue a redirect
to the client (web browser) indicating that HTTPS should be used.
Sometimes, the port number you want to use is not 443 (the default). If
you want to override this default, you can use the redirectPort
attribute to set that port.

For instance, if you are running a standard web server configuration,
you'll want to set redirectPort="443" (or leave it out entirely, as this
is the default). If, instead, your HTTPS server is listening on port
12345, then you'll want redireftPort="12345".

If you don't use HTTPS, then you can safely ignore this setting.

Honestly, this attribute could have a better name (perhaps,
secureRedirectPort or something like that).

- -chris
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla -


To start a new topic, e-mail:
To unsubscribe, e-mail:
For additional commands, e-mail:

  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message