tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Adria Stembridge <adrya.stembri...@gmail.com>
Subject Re: New to Tomcat -- SSL
Date Fri, 11 Dec 2009 20:40:12 GMT
Well, I appear to have something wrong.   Pages are not served over 80 or
443 after updating server.xml and iptables.

[linux]# netstat -an | grep LISTEN
tcp        0      0 0.0.0.0:897                 0.0.0.0:*
LISTEN
tcp        0      0 0.0.0.0:111                 0.0.0.0:*
LISTEN
tcp        0      0 127.0.0.1:631               0.0.0.0:*
LISTEN
tcp        0      0 127.0.0.1:25                0.0.0.0:*
LISTEN
tcp        0      0 127.0.0.1:6010              0.0.0.0:*
LISTEN
tcp        0      0 0.0.0.0:7003                0.0.0.0:*
LISTEN
tcp        0      0 ::ffff:127.0.0.1:8005       :::*
LISTEN
tcp        0      0 :::22                       :::*
LISTEN
tcp        0      0 ::1:6010                    :::*
LISTEN
tcp        0      0 :::7003                     :::*
LISTEN
[linux]#

Not listening on 80 or 443.

[linux]# more /etc/sysconfig/iptables
# Firewall configuration written by system-config-securitylevel
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT
-A RH-Firewall-1-INPUT -p 50 -j ACCEPT
-A RH-Firewall-1-INPUT -p 51 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp --dport 5353 -d 224.0.0.251 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j
ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 443 -j
ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j
ACCEPT
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
COMMIT
[linux]#

But firewall rules should open these two ports.


Connectors:
    <Connector
        port="80"
        redirectPort="8443"
        minSpareThreads="25"
        connectionTimeout="20000"
        maxSpareThreads="75"
        maxThreads="150">
    </Connector>
    <Connector
        port="443"
        scheme="https"
        secure="true"
        keystoreFile="/my/secret/keystore"
        keystorePass="mysecretpassword"
        SSLEnabled="true"
        sslProtocol="TLS"
        maxSpareThreads="75"
        maxThreads="150"
        minSpareThreads="25"
        clientAuth="false">
    </Connector>
    <Connector
        port="8009"
        redirectPort="8443"
        secure="true"
        connectionTimeout="0"
        threadPriority="5"
        connectionUploadTimeout="0"
        connectionLinger="0"
        maxSpareThreads="50"
        maxThreads="200"
        maxKeepAliveRequests="100"
        disableUploadTimeout="false"

I may be missing something obvious - but what?

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message