tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Schultz <ch...@christopherschultz.net>
Subject Re: New to Tomcat -- SSL
Date Fri, 11 Dec 2009 20:22:57 GMT
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Adria,

On 12/11/2009 2:48 PM, Adria Stembridge wrote:
> I've updated the connector as follows:
> 
>     <Connector
>         port="8080"
>         redirectPort="8443"
>         minSpareThreads="25"
>         connectionTimeout="20000"
>         maxSpareThreads="75"
>         maxThreads="150">
>     </Connector>

If you're moving to :443, why not also move to :80?

>     <Connector
>         port="443"
>         scheme="https"
>         secure="true"
>         keystoreFile="/my/secret/keystore"
>         keystorePass="mysecretpassword"
>         SSLEnabled="true"
>         sslProtocol="TLS"
>         maxSpareThreads="75"
>         maxThreads="150"
>         minSpareThreads="25"
>         clientAuth="false">
>     </Connector>

That looks good.

> And restarted Tomcat5.  (I am running Tomcat 5.5 btw).   Requesting the url
> https://mydomain.org returns the apache www page, not the tomcat default
> page.

If you get the Apache httpd welcome page, then Apache httpd is listening
on port 443, so your Tomcat configuration isn't going to work. You need
to tell Apache httpd /not/ to listen to port 443 (usually by simply
telling httpd not to serve https).

Any reason you are using Apache httpd, here, at all?

> If I access with https://mydomain.org:8443, I get the tomcat page.

This behavior does not match your Tomcat configuration above. Did you
post all of your <Connector> elements? If so, Tomcat isn't using the
configuration file you think it is.

If Apache httpd is really listening to port 443, then Tomcat should not
have been able to startup in the above configuration because of a port
conflict.

> No pages will be served with apache www, so I want the tomcat pages to
> appear over port 80 and 443.

If Apache httpd is not needed, shut it down and disable it. In fact,
uninstall it if you don't need it.

> Ports 80, 8080, 443 and 8443 are allowed through the firewall.

You shouldn't need 8080 and 8443 at all: if you just want Tomcat to
serve both ports 80 and 443, then you need to:

1. Disable / uninstall Apache httpd
2. Change the above Tomcat configuration for your HTTP connector to use
port="80" instead of port="8080"

> What else am I missing?

That should be about it.

- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAksiqiEACgkQ9CaO5/Lv0PA3ZACfSxHJMarjNW1Uy3APtmTICKJt
sUgAoJJs6Mp85aFl+VZkjitCQtWJh6/K
=+Jkp
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message