On Thu, Feb 11, 2016 at 02:33:06PM -0500, m...@kimwana.com wrote: > On Thu, Feb 11, 2016 at 07:19:10PM +0000, Mark Thomas wrote: > > On 11/02/2016 19:17, m...@kimwana.com wrote: > > > If I want to run Tomcat using ssl only do I still need to set up a > > > non-ssl connector and redirect the port? > > > > That depends if you want Tomcat to respond at all if a user tries to use > > a non-TLS connection.
Perhaps I should have phrased this differently. I want to force clients to ssl. When they hit http://app.myurl.com their browser should load https://app.myurl.com > > I do not want any unencrypted traffic. Ideally I would have iptables redirect > requests to port 80 to 8443. > I need to run Tomcat as the tomcat user so I can't listen on port 80 or 443. > > I'm making iptables redirect inbound 80 --> 8443 but I think I need an > outbound rule to allow the replies out. > > Inbound: > iptables -A PREROUTING -i eth0 -p tcp -m tcp --dport 80 -j REDIRECT > --to-ports 8443 > > Or perhaps I need to set up httpd in front of Tomcat. > > > > > > Mark > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > > For additional commands, e-mail: users-h...@tomcat.apache.org > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org