-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Garret,
On 2/7/19 11:45, Garret Wilson wrote: > Hi, everyone. In the computer course I'm writing I'm using Tomcat > for the server. (Students learn how to set up CentOS and everything > from scratch. Currently the course has them using Tomcat running on > port 8080.) I'm going back to write the section on security. I want > students to learn to set up their web server to use SSL/TLS on port > 443, with HTTP port 80 redirecting to HTTPS port 443. This should > be a very basic, fundamental configuration, no? > > The last time I did this myself was about 10 or 15 years ago, when > I compiled Apache myself and put it in front of Tomcat using > whatever connectors (I'll have to go look at my configuration from > back then), purchasing outrageously priced SSL certificates and > installing them manually. How I'm sure things are greatly improved. > Recently I've set up Apache (I didn't have to compile it) hosting > static pages directly, and using Let's Encrypt (once I figured out > what I should be doing) for SSL was a breeze. It's working nicely. > So I assume I'd want to use Let's Encrypt in whatever solution I > prescribe to the students. > > So what is the best practice, straightforward, and simple setup > for Tomcat with SSL on port 443 (preferably using Let's Encrypt) > with HTTP port 80 forwarding to HTTPS port 443? Do I still need to > stick Apache (or Nginx?) in front of it? (The last I checked, > letting Tomcat use lower port numbers was a pain, and nobody seemed > to know an easy, straightforward way to do it.) > > Maybe this is a better question of Stack Overflow, but since the > experts are here and I'm already on the list, I thought I'd ask. > Thanks in advance! I'm really wanting to learn here. Have a look at this presentation: https://people.apache.org/~schultz/ApacheCon%20NA%202018/Let's%20Encrypt %20Apache%20Tomcat.pdf Definitely post back if you have any questions. - -chris -----BEGIN PGP SIGNATURE----- Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/ iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAlxcZzUACgkQHPApP6U8 pFh2Tg//YcC/8iPC4yDN9zp43XWwmDbCL/eyNv+oU4R3u/UcxrEoTP6QTRXBQrth sDSwSQ05mrrAM72MhPJuUlcjof0UquHaj/OBBOeQlnw0W9U8gsbX6mWgPMkKNJH7 tNokwTnbLe8xXqmf/xU5OUEW4v/OiSl3MmFt3ZpbB7woKYNkadFCueU+xIpIz+OJ QGPWM9kLg5dyOkfHHpi+gIzEqsFVvF4eceHQhqSqx+QiVw4nky5kh/fNstxEF/cD NFBmR2tQIiHwv8CywOC9ngHABnCflzShPD5kg6S1WwiC9cvwNmEleOokqnHryali MAmqGZNo17eYqvACP1S8ZDpfDduVsV3+wPQToNgYhRQHSl461dRr8Iq8HMa67q6D 4tgTUmN0V7gkKhTU9CI6YLHOzXan9QKan29sX6rj9O2oXBqkkGDgk4T9E6M3PUbE tbzq07UMv/LLqr5wiyTfnfX9KLbgAVvuZLbCAe1Px7A8LDFDQUntwF7/4dG2IaII 556RCR7Rws0Gq2y6iV/HoEKtvAnErQaMDPHQiNkx7rVaXVU6npe6/1mtCpJbVduQ TshL7JQtWXiYdsSooRIiTglNT5WNmGBniy+LgT7JupJJABYj8OKP42X3ucEfracE LoL0/A2kiMj6NJATTruEkVAtX+PR5S0/x512jaHetDxd4Dov0Oc= =SaZ9 -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
