VS: Tomcat configuration with multiple services
Thanks for advices, transport-guarantee 'tip' was exactly what I need. I have now following configuration: server.xml: Service name=Catalina Connector port=80 protocol=HTTP/1.1 connectionTimeout=2 redirectPort=443 / Connector port=443 minSpareThreads=5 maxSpareThreads=75 enableLookups=true disableUploadTimeout=true acceptCount=100 maxThreads=200 scheme=https secure=true SSLEnabled=true keystoreFile=/path/keystore keystorePass= clientAuth=false sslProtocol=TLS/ Engine name=Catalina defaultHost=mydomain.com Host name=mydomain.com appBase=httpapps unpackWARs=true autoDeploy=true xmlValidation=false xmlNamespaceAware=false /Host Host name=admin.mydomain.com appBase=adminapps unpackWARs=true autoDeploy=true xmlValidation=false xmlNamespaceAware=false /Host /Engine /Service ...and I added this in admin application web.xml for ssl forwarding: security-constraint web-resource-collection web-resource-nameSLL Forwarding/web-resource-name url-pattern/*/url-pattern /web-resource-collection user-data-constraint transport-guaranteeCONFIDENTIAL/transport-guarantee /user-data-constraint /security-constraint The reason why I have two Host element is that I have configured my applications to different appBase directories as ROOT. That way I got urls: http://mydomain.com and https://admin.mydomain.com don't want to show my appName in url like http://mydomain.com/myapp and https://admin.mydomain.com/myadminapp Is there better way? I know I could use UrlRewriteFilter module but right now I wouldn't like to add any additional modules to my Tomcat. -- Jaakko -Alkuperäinen viesti- Lähettäjä: Caldarale, Charles R [mailto:chuck.caldar...@unisys.com] Lähetetty: 3. helmikuuta 2009 16:44 Vastaanottaja: Tomcat Users List Aihe: RE: Tomcat configuration with multiple services From: Jaakko Taipale [mailto:jaakko.taip...@dbmanager.fi] Subject: VS: Tomcat configuration with multiple services Connector port=80 protocol=HTTP/1.1 connectionTimeout=2 redirectPort=8443 / Connector port=443 minSpareThreads=5 maxSpareThreads=75 enableLookups=true disableUploadTimeout=true acceptCount=100 maxThreads=200 scheme=https secure=true SSLEnabled=true keystoreFile=/path/somekeystore keystorePass=* clientAuth=false sslProtocol=TLS/ Your redirectPort should target the configured HTTPS port, not thin air. Engine name=Public defaultHost=mydomain.com Host name=mydomain.com appBase=httpapps unpackWARs=true autoDeploy=true xmlValidation=false xmlNamespaceAware=false /Host Host name=hastobehttps.mydomain.com appBase=httpsapps unpackWARs=true autoDeploy=true xmlValidation=false xmlNamespaceAware=false /Host /Engine What are you trying to achieve with the two Host elements? How can I force that users use https(or prevent http) when they access to hastobehttps.mydomain.com? Read the servlet spec; use a transport-guarantee of CONFIDENTIAL for all your webapps. If you want HTTPS to be used for everything, put the security-constraint element in conf/web.xml so it will be picked up by all webapps. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
VS: Tomcat configuration with multiple services
If I put two connectors under the same service like this: Service name=Public Connector port=80 protocol=HTTP/1.1 connectionTimeout=2 redirectPort=8443 / Connector port=443 minSpareThreads=5 maxSpareThreads=75 enableLookups=true disableUploadTimeout=true acceptCount=100 maxThreads=200 scheme=https secure=true SSLEnabled=true keystoreFile=/path/somekeystore keystorePass=* clientAuth=false sslProtocol=TLS/ Engine name=Public defaultHost=mydomain.com Host name=mydomain.com appBase=httpapps unpackWARs=true autoDeploy=true xmlValidation=false xmlNamespaceAware=false /Host Host name=hastobehttps.mydomain.com appBase=httpsapps unpackWARs=true autoDeploy=true xmlValidation=false xmlNamespaceAware=false /Host /Engine /Service How can I force that users use https(or prevent http) when they access to hastobehttps.mydomain.com? I know I can make eg. httpsapps/ROOT/index.html for redirecting user always to https://hastobehttps.mydomain.com/myapp but then I have to define myapp directory in url and still it is possible to access my application via http(http://hastobehttps.mydomain.com/myapp). That's why I have defined two different services. (The previous configuration is working fine, but sometimes I have to restart tomcat twice to get it running) -- Jaakko -Alkuperäinen viesti- Lähettäjä: Caldarale, Charles R [mailto:chuck.caldar...@unisys.com] Lähetetty: 2. helmikuuta 2009 17:21 Vastaanottaja: Tomcat Users List Aihe: RE: Tomcat configuration with multiple services From: Jaakko Taipale [mailto:jaakko.taip...@dbmanager.fi] Subject: Tomcat configuration with multiple services There is two services other for http and other for https connections. Is this right way to do this I've never seen anyone try that. Can't imagine what your requirements would be that result in having multiple Service elements in Tomcat. One normally simply has two Connector elements, one for HTTP, one for HTTPS: http://tomcat.apache.org/tomcat-6.0-doc/ssl-howto.html Also I point users accessing by ip to directory that doesn't exist because I want that robots that are scanning ip addresses doesn't get anything as response, Lack of a valid appBase directory will cause a 500 response, not no response, so that's pretty much a waste of time. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org