RE: Remove Port from Https URL || SSL Port Issue || Important
> From: Christoph Nenning [mailto:christoph.nenn...@lex-com.net] > Subject: Re: Remove Port from Https URL || SSL Port Issue || Important > ports below 1024 are privileged ports and can be opened by root only. Of > course you don't want to run tomcat as root. There are several ways to > open them anyway as non-root, e.g. the capability CAP_NET_BIND_SERVICE or > the tool authbind (not sure if available in your version of redhat). There's a wiki entry for this: http://wiki.apache.org/tomcat/HowTo#How_to_run_Tomcat_without_root_privileges.3F - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Remove Port from Https URL || SSL Port Issue || Important
> > Hello Gurus, > > > > We are using Tomcat to serve our User Base (we are not using > Apache http Server but only Tomcat). We have recently enabled SSL in > our Project and everything runs just fine. We raised the CSR using > keytool, got the Certificates, So both of my below URLs work perfectly: > > > > http://hostname:8080 > > https://hostname:8443 > > > > Framework Details: > > OS: Red Hat Enterprise Linux Server release 5.9 (Tikanga) > > Tomcat Version: 7.x > > > > Port 8443 which was not coming in the netstat o/p, now comes: > > > > netstat -an | grep 8443 > > tcp0 0 0.0.0.0:84430.0.0.0:* LISTEN > > > > > > Here is how the server.xml looks like (excluding the ciphers list): > > > > > === > > > > > port="8080" protocol="HTTP/1.1" > > connectionTimeout="2" > > redirectPort="8443" /> > > > > > > > > > > > > > maxThreads="150" scheme="https" secure="true" > > keystoreFile="/abc/xyz/ > XX.keystore" keystorePass="XX" > > clientAuth="false" sslProtocol="TLS" > > ciphers="X" /> > > > > > = > > > > Now the requirement is that, we exclude the Port no. from the URL. > Believe the only way out is to use Port 443 instead of 8443, so in > the above configuration in the SSL section we just replace the port > "8443" with Port "443" and give the redirectPort as "8443". > > > > However, it is not working out for us. We did a lot of > investigation, surfing but could not find any solution. > > Also we confirmed that Port 443 is not blocked anywhere. Also > "netstat -an" doesn't give any o/p for Port 443:Below is how our > config looks like when we tried it out enabling 443 (excluding ciphers). > > > > > == > > > > > port="8080" protocol="HTTP/1.1" > > connectionTimeout="2" > > redirectPort="8443" /> > > > > > > > > > > > > protocol="HTTP/1.1" SSLEnabled="true" > > maxThreads="150" scheme="https" secure="true" > > keystoreFile="/abc/xyz/ > XX.keystore" keystorePass="XX" > > clientAuth="false" sslProtocol="TLS" redirectPort="8443" > > ciphers="XXX" /> > > > > > > > == > > > > Really appreciate your help and guidance towards resolving the > issue. Many thanks in advance... > > > > Hi. > Thanks for the info provided above. > (Suggested improvement still : provide the exact Tomcat version, and > the Java version.) > > Others : > - the "redirectPort" attribute above (on the SSL Connector), is not > needed (and ignored) > if the Connector is already HTTPS anyway. See : > http://tomcat.apache.org/tomcat-7.0-doc/config/http.html#Attributes > --> redirectPort > > but more importantly : what does the Tomcat logfile say ? > (It should open port 443; if it doesn't, it may be that this port is > already in use by > another program. The log would tell you that.) > > netstat -pan | grep LISTEN | grep 443 > > (-pan will also list the program name and PID of what owns it) > > > > Hi, ports below 1024 are privileged ports and can be opened by root only. Of course you don't want to run tomcat as root. There are several ways to open them anyway as non-root, e.g. the capability CAP_NET_BIND_SERVICE or the tool authbind (not sure if available in your version of redhat). Hope that points you in the right direction. Regards, Christoph This Email was scanned by Sophos Anti Virus
Re: Remove Port from Https URL || SSL Port Issue || Important
On 10.06.2016 12:14, varun gulati wrote: Hello Gurus, We are using Tomcat to serve our User Base (we are not using Apache http Server but only Tomcat). We have recently enabled SSL in our Project and everything runs just fine. We raised the CSR using keytool, got the Certificates, So both of my below URLs work perfectly: http://hostname:8080 https://hostname:8443 Framework Details: OS: Red Hat Enterprise Linux Server release 5.9 (Tikanga) Tomcat Version: 7.x Port 8443 which was not coming in the netstat o/p, now comes: netstat -an | grep 8443 tcp0 0 0.0.0.0:84430.0.0.0:* LISTEN Here is how the server.xml looks like (excluding the ciphers list): === = Now the requirement is that, we exclude the Port no. from the URL. Believe the only way out is to use Port 443 instead of 8443, so in the above configuration in the SSL section we just replace the port "8443" with Port "443" and give the redirectPort as "8443". However, it is not working out for us. We did a lot of investigation, surfing but could not find any solution. Also we confirmed that Port 443 is not blocked anywhere. Also "netstat -an" doesn't give any o/p for Port 443:Below is how our config looks like when we tried it out enabling 443 (excluding ciphers). == == Really appreciate your help and guidance towards resolving the issue. Many thanks in advance... Hi. Thanks for the info provided above. (Suggested improvement still : provide the exact Tomcat version, and the Java version.) Others : - the "redirectPort" attribute above (on the SSL Connector), is not needed (and ignored) if the Connector is already HTTPS anyway. See : http://tomcat.apache.org/tomcat-7.0-doc/config/http.html#Attributes --> redirectPort but more importantly : what does the Tomcat logfile say ? (It should open port 443; if it doesn't, it may be that this port is already in use by another program. The log would tell you that.) netstat -pan | grep LISTEN | grep 443 (-pan will also list the program name and PID of what owns it) - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
