As it is done with Apache and mod_jk to access applications without the need to type the port numbers, but i want to do it with Glassfish. Ff possible how to do it?
No it is not possible because it doesn't make sense. Glassfish is an application server and not intended for use as a reverse proxy. There are other tools which perfectly fit for this job, like Apache, Nginx or Squid.
without the need to type the port numbers, but i want to do it with
Glassfish
For applications running on Glassfish, you can do this by changing the port of the specific http-listener to 80 (HTTP) or 443 (HTTPS).
See also:
How can I use Glassfish under Linux as a reverse-proxy?
Related
I'd like to know if is a good decision to configure tomcat through port 80 (in apache with virtual-hosts ).
I need to setup a tomcat service in the same server I have apache, plus I need to use Tomcat through port 80.
Is this right? or is best to use them in separated servers?
That's OK. But sometimes tomcat is deployed with Apache. The Apache is a front-end server to balance load. And many tomcats are as back-end servers.
I have recently bought Amazon EC2 server.
Instead of installing it trough command line, I downloaded the latest zip file and deployed my application in WebApps folder.
The problem is tomcat is listening all the requests on port 8080 instead of 80.
I have tried changing the server.xml file in conf folder but no help!!
It is still listening to port 8080.
How do I make it listen to port 80
Oddly enough, Tomcat has its own documentation about doing this:
http://wiki.apache.org/tomcat/HowTo#How_to_run_Tomcat_without_root_privileges.3F
Probably the most straightforward way on *NIX is to use jsvc which is a small utility that works by binding to a port, dropping privileges, and then launching Tomcat, which can then use lower-numbered ports.
There are a bunch of other ways, but jsvc is the easiest and offers some other benefits as well. Discovering those benefits is left as an exercise for the reader.
The following would apply toward various systems, while the second link would related toward windows based systems.
First link :http://www.klawitter.de/tomcat80.html
Second link:
http://javarevisited.blogspot.com/2011/12/how-to-change-tomcat-default-port-8080.html?m=1
Ok. So finally I figured out way to solve this problem.
First of all i was doing it wrong way. One should not open port 80 for tomcat7. Tomcat7 should always run port 8080 or anything which is greater than 1024.
So to make your web site work without port. Follow below steps.
Install Apache2. (By default it runs on port 80).
Go to localhost and make sure apache2 is installed properly.
Then you will have to redirect all the requests which are going on port to redirect to port 8080.
To do that follow below link. (this is important step)
https://www.digitalocean.com/community/tutorials/how-to-use-apache-http-server-as-reverse-proxy-using-mod_proxy-extension
Hope this answer helps!!!
Thanks
Fahad Mullaji
I wouldn't recommend doing that, for what it is worth...
That could work in theory, but you are literally using httpd as a proxy to forward every request. There isn't much of a reason, IMHO, to choose this over simply changing the port to 80 in the Tomcat configuration and ditching httpd. You can use port 80 for Tomcat but historically, in production environments, httpd is generally used to serve static assets and such and dynamic content would be served by Tomcat. Generally one would install mod_jk and use the jkMount directive to connect Tomcat to httpd via AJP, which is a lot faster being a binary protocol than using HTTP.
There used to be a much bigger difference in terms of performance, here.
Tomcat is able to serve static resources via its DefaultServlet pretty well these days.
For AJP setup, see the documentation here:
https://tomcat.apache.org/tomcat-4.0-doc/config/ajp.html
I have a java application running on glassfish 4.1, the url to access the system is a sobdomain, eg
subdomain.mydomain.com:8060/ProjectName
I wanted to make it work without entering the port
(subdomain.mydomain.com/ProjectName)
.
I've tried to change the port of the http-listener-1 to 80, but after that the domain of glassfish does not boot anymore.
Any idea how to run without the user having to enter the port?
There are a couple of reasons why you should not use Glassfish listening to 80 directly.
Firstly port 80 is reserved, it's not easy to make a non special user to open 80 on a *nix environment.
It's common and recommended to install apache or nginx on port 80 and use mod_proxy_ajp to connect Apache or nginx to Glassfish through port 8009
Oracle wiki
I have tomcat installed and running on an ubuntu 12.04 LTS system utilizing port 443 for https requests (GeoTrust certificate installed).
On the same machine, apache2 responds to requests on port 80.
Now I was given to task to secure the webapps (php) running on apache2 with SSL as well, but with a different server certificate.
Is this possible at all? - My assumption would be "no", because I cannot have two servers listening on the same port, but I'm not too sure and haven't found any helpful information about this so far.
Any help would be highly appreciated..
These days, you'll still have difficulty serving more than one certificate on a single interface/port combination (e.g. 0.0.0.0:443). IF you want to use two separate ports for HTTPS, it's no problem. If you want to bind to different interfaces (e.g. 1.2.3.4:443 and 4.3.2.1:443) it's no problem. If you want them both on the same interface/port, you'll have to rely on Server Name Indication which may or may not be supported by your web server version and/or client.
If you want different certificates, you probably want different hostnames, too, so maybe you can get a second interface configured on the machine. Note that you don't need to have multiple NICs on the machine just to enable a different interface: your OS should be able to create another interface with a different IP address and still share the NIC. Then you just set DNS to point each hostname to a different IP address and make sure you bind each SSL VirtualHost to the proper IP address (instead of using 0.0.0.0 or * for the hostname).
Honestly, SNI is the easiest thing to do: just use VirtualHosts with SSL enabled (with different certs) in each one the way you'd "expect" it to work and see if the server starts up without complaint. If so, you'll need to test your clients to see if it's going to work for your audience. For the SNI scenario, I am assuming that Apache httpd would handle all of the SSL traffic and that you'd use something like mod_proxy_* or mod_jk to proxy to Tomcat.
For the split-IP scenarios, you can do whatever you want: terminate SSL within Tomcat or use httpd for everything and proxy for dynamic content to Tomcat.
We want to front-end our Tomcat instance with an Apache instance (running on the same machine) that will be serving everything on HTTPS and connect Apache to Tomcat using AJP. When using AJP, do we need to do anything to make sure that the connection between Apache and Tomcat is secure? (We dont want passwords to be sniffable on the network between Apache and Tomcat). The O/S is Red Hat Enterprise Linux 6.3
You are saying
Tomcat instance with an Apache instance (running on the same machine)
and later you are saying
We dont want passwords to be sniffable on the network between Apache and Tomcat
This just contradicts each other.
EDIT: AJP is not designed to be secure, if you need security, use mod_proxy_http and proxy over https, or create SSH tunnel. Needless to say, you will have to pay for this overhead.
When using AJP you cannot do anything to ensure it is secure. It isn't. There is no SSL version. You would have to use HTTPS. AJP is designed for the usual case where HTTPD and Tomcat are in the same private LAN and security isn't an issue.