tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Caldarale, Charles R" <Chuck.Caldar...@unisys.com>
Subject RE: Tomcat configuration with multiple services
Date Tue, 03 Feb 2009 14:43:44 GMT
> From: Jaakko Taipale [mailto:jaakko.taipale@dbmanager.fi]
> Subject: VS: Tomcat configuration with multiple services
>
>    <Connector port="80" protocol="HTTP/1.1"
>                connectionTimeout="20000"
>                redirectPort="8443" />
>         <Connector
>         port="443" minSpareThreads="5" maxSpareThreads="75"
>         enableLookups="true" disableUploadTimeout="true"
>         acceptCount="100"  maxThreads="200"
>         scheme="https" secure="true" SSLEnabled="true"
>         keystoreFile="/path/somekeystore" keystorePass="*********"
>         clientAuth="false" sslProtocol="TLS"/>

Your redirectPort should target the configured HTTPS port, not thin air.

>    <Engine name="Public" defaultHost="mydomain.com">
>         <Host name="mydomain.com" appBase="httpapps"
>         unpackWARs="true" autoDeploy="true"
>         xmlValidation="false" xmlNamespaceAware="false">
>         </Host>
>          <Host name="hastobehttps.mydomain.com" appBase="httpsapps"
>         unpackWARs="true" autoDeploy="true"
>         xmlValidation="false" xmlNamespaceAware="false">
>         </Host>
>    </Engine>

What are you trying to achieve with the two <Host> elements?

> How can I force that users use https(or prevent http) when
> they access to hastobehttps.mydomain.com?

Read the servlet spec; use a <transport-guarantee> of CONFIDENTIAL for all your webapps.
 If you want HTTPS to be used for everything, put the <security-constraint> element
in conf/web.xml so it will be picked up by all webapps.

 - Chuck


THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus
for use only by the intended recipient. If you received this in error, please contact the
sender and delete the e-mail and its attachments from all computers.

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message