tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From John Dale <>
Subject Re: Wildcard certificates
Date Wed, 17 Apr 2019 14:42:10 GMT
My understanding is that the folks at SUN really put their backs into
it from the beginning:

Since hot spot compilers have matured, Java is virtually as fast as
C/++ (the Java is slow argument falls in my deaf ears, even if it is
amazingly repeated still today by members of other programming

Other proxies/balancers also do threat mitigation (DDOS, flooding,
etc).  I have written some of my own code to deal with this .. because
of the way I handle data and MVC, I have a central place to park all
of the heuristics.  I bet these heuristics could become robust and
maintainable over time.

I would be happy to share (would need a little time to isolate and
deliver). I have always wondered how difficult it is to have
Apache/Tomcat evaluate new projects.  Part of  this certbot solution
requires providing some automated validation for the certbot CSA
agent.  This code can stand alone, but I have it integrated with some
other tools that have also proven helpful.  I wonder if I might
attract a sponsorship from someone within ASF for my project?

I call it DB2DOM.COM - it's a "pseudosingularity" because it is used
to extend and maintain itself.

Any ideas I'd love to hear them.

Have a good one,


On 4/17/19, TurboChargedDad . <> wrote:
>   I would have the opposite feeling.  I would not want a java process
> parked out in the internet.  Not saying you're wrong just my personal
> feeling.  Maybe things have shifted in a different direction over the
> year.  I do agree that something like that would be helpful to other tomcat
> admins.  Would you consider putting it into github ?
> Thanks,
> J
> On Wed, Apr 17, 2019 at 9:18 AM John Dale <> wrote:
>> I have a really nice process that works great with certbot.  Single
>> command to renew all of my certs and I'm finished.
>> I get some piece of mind having a Java process guarding the front
>> door.  Seems to be more impervious to overflows.  What am I missing?
>> I think what I have might be easily developed into something to help
>> other Tomcat users.
>> On 4/17/19, TurboChargedDad . <> wrote:
>> >   We terminated SSL above the tomcat layer using NGINX or Apache to
>> > avoid
>> > the complexities that come with managing a JKS.  I want to hear all I
>> > can
>> > on this subject.
>> >
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail:
>> For additional commands, e-mail:

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message