-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Andrew,
On 12/27/19 17:23, Andrew Stanton wrote: > Hi All, > > If possible, I think it's better to let 443 (https) requests > hitting an instance be redirected to 80 so you don't have to > configure an SSL locally in the instance itself. It's very > cumbersome to do it that way. > > You can also use a single instance behind an AWS LB if you only > have one instance to use. There isn't any such thing as a secure network. IMHO, all network connections should be encrypted. TLS just isn't that tricky and, honestly, the more you do it the better you'll get at doing it. - -chris > On Fri, Dec 27, 2019 at 2:08 PM James H. H. Lampert < > jam...@touchtonecorp.com> wrote: > >>>> As it happens, one way or another (and I'm not entirely sure >>>> *which* way; I'd have to look at my notes), we *do* have >>>> Tomcat listening directly on 443 (but not 80; nothing there >>>> is currently listening on 80) on that particular EC2 instance >>>> (and I'm pretty sure we have HTTPD running on a *different* >>>> port, for the SVN and Trac sharing the box). >> >> Hmm. It seems I was mistaken about two things: (1) that the >> Tomcat server under discussion is listening *directly* on 443, >> and (2) that I could find my notes on how I set the box up. >> >> What I can find is the server.xml file, and the active connector >> definition: >> >> <Connector port="8443" proxyPort="443" >> protocol="org.apache.coyote.http11.Http11NioProtocol" . . . >> clientAuth="false" sslProtocol="TLS" /> >> >> The thing that catches my eye is port="8443" proxyPort="443" >> >> I hope that indicates how it is I'm getting this to look like >> port 443 to the outside world, because I honestly can't remember >> what I did (even though it looks like it's only been six months >> since I did it). >> >> -- James H. H. Lampert >> >> --------------------------------------------------------------------- >> >> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >> For additional commands, e-mail: users-h...@tomcat.apache.org >> >> > -----BEGIN PGP SIGNATURE----- Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/ iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAl4KSaUACgkQHPApP6U8 pFjZew/9FWTFhMx3Zx8aVdxgxMJytTDdiffxCrpv2vqUpbIS3qlxjJl8B6D8DEYW uie+KUyFrHu/DQrRYIRK+VUYUj8RJalDRAtPAkWryD4tq6Qneqfph7TGRlpJtbAI efPg3HFMDczTqeOPf93gzvx3NjSGlql+f6iCtNB8ttIlnFaS2DLWWIsYvU7Skryy k8UMycWFIh0zIex6tpwYLmTs6OsueJqMqFkuKxIRSyGiRRvsDVU1Qs8/SbKoTdA8 c30roHB0Z5jwWkfb2jDbRPYKOzTnrnCFUF7INO94/px96vrtnfNwB8aWkcM903WP KSvU4WRb9S8dDMXRXcVYIl4LvyKwMwEAlhSuNRCAXcGKsCKwoVufy63ND1v0cQKa Tc+Va5oxDBvFGVN0zWyyGi/hVlDp2ezRhdczDM/IlpKvo5v23W5sw1m0jccHCKmb IS3o9s+hhqrdzIoEVqViSK3QntEeCCm7dksjCD4JRyCtUDY7b+Qqi9cbQxg6C/PK V93BhswbLUzgfHkLvFhdDAoMJtv4rXf6woPlGV53zEwJW6YRYQu0xbBLRl1RdFYG KSalgVc6YWBfsPy7ulYdhsL66AEyGGOLjNNIrPvb+/Pkoh3eiQZj4HQb+MHxkJn2 dL9cpUQsl2clultPWj4U9c5bCGAZzWTG+Z1ZLEB2aKkGJBC4lg8= =4wzn -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
