I am able to convert http to https by adding below entry in server.xml of the tomcat. My truststore is having password and I don't want to leave like this.
<Connector port="8443" maxHttpHeaderSize="8192"
maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
enableLookups="false" disableUploadTimeout="true"
acceptCount="100" scheme="https" secure="true"
keystoreFile="/Users/myapp/tomcat/conf/apptruststore.jks" keystorePassword="myP#ssw0rd"
clientAuth="false" sslProtocol="TLS" />
My question is any other way to implement this ? like keeping it in a server side java code or adding encryption in server.xml.
Related
I configured server.xml like below:
<Connector SSLEnabled="true" URIEncoding="UTF-8" acceptCount="100" ciphers="TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA256" clientAuth="false" connectionTimeout="20000" disableUploadTimeout="true" enableLookups="false" keystoreFile="conf/server.p12" keystorePass="${xxxx.keystorePass}" keystoreType="PKCS12" maxHttpHeaderSize="65535" maxParameterCount="-1" maxPostSize="-1" maxThreads="150" minSpareThreads="25" name="SSL" port="8443" scheme="https" secure="true" server="XXXX" sslEnabledProtocols="TLSv1,TLSv1.1,TLSv1.2" sslProtocol="TLS"/>
But my application is not started. Why the ciphers I configured are not accepted during tls handshake?
Our Bamboo application hosted on AWS ec2 instance and frontend configuration as a classic load balancer. Recently we upgraded the from ubuntu 14 to ubuntu 18 with higher bamboo version(7.0.4) after that does not work HTTP to https redirect.
Could you please help me with this matter?
Server xml configuration:
<Connector URIEncoding="UTF-8" acceptCount="100" connectionTimeout="20000" disableUploadTimeout="true" enableLookups="false" maxHttpHeaderSize="8192" maxThreads="10" minSpareThreads="5" port="8081" protocol="HTTP/1.1" proxyName="example.com" proxyPort="80" redirectPort="443" scheme="http" secure="false" useBodyEncodingForURI="true"/>
<Connector URIEncoding="UTF-8" acceptCount="100" connectionTimeout="20000" disableUploadTimeout="true" enableLookups="false" maxHttpHeaderSize="8192" maxThreads="150" minSpareThreads="25" port="8080" protocol="HTTP/1.1" proxyName="example.com" proxyPort="443" scheme="https" secure="true" useBodyEncodingForURI="true"/>
LB setting:
Regards,
Nataraj.R
I resolved the issue.
A Older tomcat version contains value(http://java.sun.com/xml/ns/j2ee). but the latest tomcat version contains with http://xmlns.jcp.org/xml/ns/javaee. because of that our ansible script skipped.
- name: Adapt {{ path }}/atlassian-bamboo/WEB-INF/web.xml
xml:
path: "{{ path }}/atlassian-bamboo/WEB-INF/web.xml"
namespaces:
x: http://java.sun.com/xml/ns/j2ee
xpath: "/x:web-app"
input_type: yaml
add_children: "{{ bamboo_configuration_webapp_additions }}"
pretty_print: True
state: present
changed_when: False
We added the below value to the web.xml file under tomcat location.
<security-constraint>
<web-resource-collection>
<web-resource-name>Bamboo</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
HTTPS works fine in nginx front-end but login refused.HTTP also works fine.
This is the Error shown in chrome console
Failed to load resource: net::ERR_SSL_PROTOCOL_ERROR favicon.ico:1 Failed to load resource: the server responded with a status of 500 ().
I have created abc.jks file.
My server.xml configuration looks like this
<Connector port="8080" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="8443" />
<!-- A "Connector" using the shared thread pool-->
<Connector executor="tomcatThreadPool"
port="8080" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="8443" />
<Connector protocol="org.apache.coyote.http11.Http11NioProtocol"
port="8443" maxThreads="200"
scheme="https" secure="true" SSLEnabled="true"
keystoreFile="/etc/ssl/certs/abc.jks" keystorePass="MYPASSWORD"
clientAuth="false" sslProtocol="TLS"/>
<!-- Define a SSL/TLS HTTP/1.1 Connector on port 8443
This connector uses the NIO implementation that requires the JSSE
style configuration. When using the APR/native implementation, the
OpenSSL style configuration is required as described in theAPR/native
documentation -->
<!-- <Connector
port="8443"protocol="org.apache.coyote.http11.Http11NioProtocol"
maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS" />
--> `
My Tomcat Websocket Server has the attribute "Connection" double in the reply header for connections via https: "upgrade" and "close". Not for connections via http, only "upgrade" here. This will cause Safari to disconnect. How can I prevent "Connection: close" from appearing in the header?
Connector configuration :
<Connector port="8080" protocol="HTTP/1.1" connectionTimeout="20000" redirectPort="8443" />
<Connector port="8443" protocol="org.apache.coyote.http11.Http11Protocol" maxThreads="150" SSLEnabled="true" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" keystoreFile="" keystorePass="" />
I could solve the problem by changing to Tomcat 9.0.8. I continue to use the same connector configuration.
I am trying to benchmark apache tomcat with static page content and it seems way slower than http-apache.
I have tried below combinations but no luck.
Machine : 12 core , 16GB ram.
Tomcat 9 , java 8
<Connector port="9080" protocol="org.apache.coyote.http11.Http11NioProtocol"
connectionTimeout="20000"
maxConnections="32000"
maxThreads="32000"
redirectPort="8443" />
<Connector port="8080" protocol="HTTP/1.1" maxThreads="150" connectionTimeout="20000" redirectPort="8443" />