Tomcat SSL on port 8080 - tomcat8

I have applied SSL on tomcat on port 443 but my manager asked me to apply it on port 8080 due to some constraints.
When I changed the port in connector to 8080 from 443, the server keeps on redirecting my request from https://domain_name:8080 to https://domain_name:8443.
Is there anything I can do to apply SSL on tomcat port 8080 without any redirection techniques?
Does it require any changes in "web.xml" as well?
Here is my Connector for 8080
<Connector port="8080" protocol="HTTP/1.1"
connectionTimeout="20000"
scheme="https" secure="true" SSLEnabled="true"
keystoreFile="/home/my_user/SSL-Cert/sslKey.jks"
keystorePass="pass121" clientAuth="false"
keyAlias="ssl-Key" sslProtocol="TLS"
/>
When I change the port 8080 to 8082, it works fine without any redirection. Does that have to do anything with port 8080?

Related

Redirect http to https on Tomcat 7 application

I have a webapp application running on Tomcat7 which connects easily via https but returns Unable to connect error when accessed without it.
Below is my server.xml file content
<Service name="Catalina">
<Connector protocol="org.apache.coyote.http11.Http11Protocol"
port="443"
maxThreads="200" scheme="https"
secure="true" SSLEnabled="true"
keystoreFile="/usr/share/.keystore"
Host is Amazon lightsail and port 80 and 443 are available. I noticed port 80 which is meant to enable non-http traffic is not in use. 443 is anyway.
I have tried other methods on SO and other blogs, none seem to be working.
Finally,
I stumbled on what could have been the troubling issue.
After adding the connector code for port 80 and redirecting to 443.
I changed this section of my code to
<Service name="Catalina">
**<Connector port="443" protocol="HTTP/1.1"**
maxThreads="200" scheme="https"
secure="true" SSLEnabled="true"
keystoreFile="/usr/share/.keystore"
keystorePass="xxx111!!"
And editing the web.xml file as always advised. I guessed the major change was in the code section below.
Hoping this helps someone out there.

Apache Tomcat Listen Multiple Ports

I have a Windows based Apache Tomcat installation. The application is currently listening on port 8080. I would like to create a redirect from the root of port 80 to the site being hosted in a sub directory on 8080.
Instead of entering the long URL to access the site (http://servername:8080/subdirectory/index.jsp) I would like to just enter (http://servername) and have this redirect to the sub-directory on port 8080.
I tired adding this to the server.xml without luck.
<Connector port="8080" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="8443" />
I added this:
<Connector port="80" protocol="HTTP/1.1"
connectionTimeout="20000"/>
I also modified the index.jsp in the root directory to:
<% response.sendRedirect("server:8080/subdir/login.jsp"); %>
I still don't believe the site is listening on 80 and when visiting the root site "http://sitename:8080" I it's not redirecting. Any help would be appreciated. I am somewhat familiar with Apache but not with Tomcat.
I got this to work by adding the following to server.xml
<Connector port="8080" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="8443" />
<Connector port="80" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="8080" />
I also added this to index.jsp within the root folder:
<% response.sendRedirect("http://servername:8080/subdir/page.jsp"); %>
Does this seem like an OK way to handle what I am trying to accomplish? I don't mind if users see the redirected URL.
I don't see the point of most of this. Just change the existing single connector from port 8080 to port 80 and forget about port 8080 altogether. No redirection, no dual connectors, no nothing. Or if you must have both ports just use two Connectors. There's no apparent reason to use the redirect JSP to force the port change, just redirect to the sub page.

AWS load balancer always routes 443 to 8443

I am serving up content on an ec2 instance running tomcat 7. I have all traffic routing in the tomcat config to 8443 and a valid cert installed. When i explicitly put https://website.com:443 the site loads fine, but when i put in http://website.com it should route to the https with port 443, but it uses the port 8443 instead. Anyone have any idea why this would be happening? I have the exact same config working on another server but i have two new servers that dont want to behave.
in my tomcat server.xml i have:
<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS"
sslEnabledProtocols="TLSv1,TLSv1.1,TLSv1.2"
ciphers="TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_RC4_128_SHA,
TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA256,
TLS_RSA_WITH_AES_256_CBC_SHA,SSL_RSA_WITH_RC4_128_SHA"
keystoreFile="conf/cert.p12"
keystorePass="password"
keystoreType="PKCS12" />
and in web.xml:
<security-constraint>
<web-resource-collection>
<web-resource-name>Protected Context</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<!-- auth-constraint goes here if you requre authentication -->
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
Found an answer to this, turns out i had to route all traffic over TCP from 8443 to 8443. The client was requesting port 80, routing to 8080 per my load balancer config for tomcat to serve up content, tomcat was turning the request into requesting port 8443.
8443 wasnt being routed back to 8443 on the tomcat server so it just ended up in a dead end. hope this helps someone else someday.
Tomcat sends a redirect when using a transport-guarantee of CONFIDENTIAL
By default this is your connector port. Run a curl -vs http://website.com to confirm.
You could set the http/8080 connectors redirectPort to 443 but this means you are choosing ELB redirects to work. Local Tomcat redirects will then start failing as nothing listens locally on 443, just the ELB does.

DNS Management for Tomcat server

I have a tomcat server running perfectly at http://68.169.56.63:8080 I have a subdomain http://solar.wbe.in. Now I want my website http://solar.wbe.in to point to that tomcat server so that if I open http://solar.wbe.in site my browser it should show http://68.169.56.63:8080 I was looking at A records in DNS management. It has option to map IP but not port number. How do I map port 80 of http://solar.wbe.in to port 8080 of http://68.169.56.63
You could change the port in the Tomcat Server.xml e.g
<Connector port="80" maxHttpHeaderSize="8192"
maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
enableLookups="false" redirectPort="8443" acceptCount="100"
connectionTimeout="20000" disableUploadTimeout="true" />
Or you could install a webserver like apache to listen on port 80 and proxy the requests through to Tomact either use mod_jk or mod_proxy.

Tomcat SSL Configuration

I received a SSL cert to use for a Tomcat 6.0 server, ready to use.
I configured Tomcat to use it with the following in server.xml:
<Connector
port="8443" maxThreads="200"
scheme="https" secure="true" SSLEnabled="true"
keystoreFile="C:\Tomcat 6.0\ssl\cert" keystorePass="*****"
clientAuth="false" sslProtocol="TLS"/>
I started Tomcat using the command prompt so I could see any error message as they happened. There were none.
The results for accessing different URLS:
http://localhost -> normal page loads fine
https://localhost -> browser claims page cannot be found
https://localhost:8443 -> page cannot be found
http://localhost:8443 -> offers a certificate, after accepted redirects to https://localhost (I suspect the https:// urls initially offer the certificate which is automatically accepted by the browser, as it was issued by Verisign)
How to fix?
Edit: I've also tried port="443". Same result.
Do you require SSL on both 8443 and 443?
If all you need is 443 (the standard HTTP port), you can simply change the port="8443" to "443" and https:// URLs should work fine.
EDIT:
OK, so if you've made the change and bounced tomcat and it's still listening on 8443 then there must be another connector specified which is listening on 8443.
Here's my connector configuration from my server.xml
<Connector
port="8080"
redirectPort="443"
maxSpareThreads="75"
maxThreads="150"
minSpareThreads="25"
compression="on"
compressionMinSize="2048"
noCompressionUserAgents="gozilla, traviata"
compressableMimeType="text/html,text/xml,text/javascript,application/xml">
</Connector>
<Connector
port="443"
minProcessors="5"
maxProcessors="75"
keystorePass="*****"
enableLookups="true"
disableUploadTimeout="true"
acceptCount="100"
debug="0"
scheme="https"
secure="true"
clientAuth="false"
sslProtocol="TLS"
compression="on"
compressionMinSize="2048"
noCompressionUserAgents="gozilla, traviata"
compressableMimeType="text/html,text/xml,text/javascript,application/xml">
</Connector>
That results in traffic coming in on 8080 being (internally) redirected to the connector on port 443. Traffic from 443 doesn't have any redirect directive.
I'd do a grep of your configurations for 8443 to make sure another one hasn't sneaked in somewhere.
I looks like you referenced a cert file in the keystoreFile attribute... if that file is actually a cert file you should use something like this
SSLCertificateFile="C:\Tomcat 6.0\ssl\cert"
... if that is correct (that the file a cert) then you will also need a key, for example:
SSLCertificateKeyFile="C:\Tomcat 6.0\ssl\cert.key"
If you have intermediate certs that you need in the CA chain, add:
SSLCertificateChainFile=