Hi, everyone. In the computer course I'm writing I'm using Tomcat for
the server. (Students learn how to set up CentOS and everything from
scratch. Currently the course has them using Tomcat running on port
8080.) I'm going back to write the section on security. I want students
to learn to set up their web server to use SSL/TLS on port 443, with
HTTP port 80 redirecting to HTTPS port 443. This should be a very basic,
fundamental configuration, no?
The last time I did this myself was about 10 or 15 years ago, when I
compiled Apache myself and put it in front of Tomcat using whatever
connectors (I'll have to go look at my configuration from back then),
purchasing outrageously priced SSL certificates and installing them
manually. How I'm sure things are greatly improved. Recently I've set up
Apache (I didn't have to compile it) hosting static pages directly, and
using Let's Encrypt (once I figured out what I should be doing) for SSL
was a breeze. It's working nicely. So I assume I'd want to use Let's
Encrypt in whatever solution I prescribe to the students.
So what is the best practice, straightforward, and simple setup for
Tomcat with SSL on port 443 (preferably using Let's Encrypt) with HTTP
port 80 forwarding to HTTPS port 443? Do I still need to stick Apache
(or Nginx?) in front of it? (The last I checked, letting Tomcat use
lower port numbers was a pain, and nobody seemed to know an easy,
straightforward way to do it.)
Maybe this is a better question of Stack Overflow, but since the experts
are here and I'm already on the list, I thought I'd ask. Thanks in
advance! I'm really wanting to learn here.
Best,
Garret
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
