Discussion:
Any experience with Tuckey UrlRewrite servlet filter?
Lyallex
2016-04-28 17:12:06 UTC
Permalink
apache-tomcat-7.0.42
jdk1.8.0_77
CentOS Linux 7.2.1511
urlrewritefilter-4.0.3.jar

I'm using the rewrite filter from http://tuckey.org/urlrewrite/

I have a rule, it's supposed to 301 perm-redirect from http to https

<rule>
<name>seo redirect</name>
<condition name="host" operator="notequal">^www.example.com</condition>
<condition name="host" operator="notequal">^localhost</condition>
<from>^/(.*)</from>
<to type="permanent-redirect" last="true">https://www.example.com/$1</to>
</rule>

The problem is despite setting the to-type to permanent-redirect I'm
actually getting a 302 temporary-redirect.

I know this is probably off topic but if anyone has any experience of
this I'd be gratefull to hear how you solved it

Thanks

lyallex

---------------------------------------------------------------------
To unsubscribe, e-mail: users-***@tomcat.apache.org
For additional commands, e-mail: users-***@tomcat.apache.org
jieryn
2016-04-28 17:21:01 UTC
Permalink
You can get the same effect using standard web.xml fragment and
without a 3rd party dependency:


<security-constraint>
<web-resource-collection>
<web-resource-name></web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
Post by Lyallex
apache-tomcat-7.0.42
jdk1.8.0_77
CentOS Linux 7.2.1511
urlrewritefilter-4.0.3.jar
I'm using the rewrite filter from http://tuckey.org/urlrewrite/
I have a rule, it's supposed to 301 perm-redirect from http to https
<rule>
<name>seo redirect</name>
<condition name="host" operator="notequal">^www.example.com</condition>
<condition name="host" operator="notequal">^localhost</condition>
<from>^/(.*)</from>
<to type="permanent-redirect" last="true">https://www.example.com/$1</to>
</rule>
The problem is despite setting the to-type to permanent-redirect I'm
actually getting a 302 temporary-redirect.
I know this is probably off topic but if anyone has any experience of
this I'd be gratefull to hear how you solved it
Thanks
lyallex
---------------------------------------------------------------------
---------------------------------------------------------------------
To unsubscribe, e-mail: users-***@tomcat.apache.org
For additional commands, e-mail: users-***@tomcat.apache.org
Lyallex
2016-04-29 06:59:16 UTC
Permalink
Post by jieryn
You can get the same effect using standard web.xml fragment and
<security-constraint>
<web-resource-collection>
<web-resource-name></web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
Hi, and thanks for taking the time to reply.

Unfortunately, rather than solving the problem it *is* the problem (as
far as I can figure out anyway)
If I take the rewrite filter out of the picture the configuration I
have is as follows

web.xml

<security-constraint>
<web-resource-collection>
<web-resource-name></web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>

server.xml


<Connector port="80" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="443" />

<Connector port="443" maxThreads="150" scheme="https" secure="true"
SSLEnabled="true" keystoreFile="/opt/keys/tomcat.keystore"
keystorePass="*********" clientAuth="false"
keyAlias="tomcat" sslProtocol="TLS" />



stop tomcat
clear out all the logs
start tomcat
rebuild and redeploy the web app

***@sandbox:/tmp# curl -D /tmp/headers.txt -s http://localhost/sitemap.xml

***@sandbox:/tmp# cat headers.txt
HTTP/1.1 302 Found
Server: Apache-Coyote/1.1
Cache-Control: private
Expires: Thu, 01 Jan 1970 01:00:00 GMT
Location: https://localhost/sitemap.xml
Content-Length: 0
Date: Fri, 29 Apr 2016 06:55:39 GMT

Remember, the filter is out of the picture yet still I get a 302

If I can't solve this it will be a show stopper and I'll have to go
back to straight http which will push my link further down the Google
search results.

Thanks
lyallex
Post by jieryn
Post by Lyallex
apache-tomcat-7.0.42
jdk1.8.0_77
CentOS Linux 7.2.1511
urlrewritefilter-4.0.3.jar
I'm using the rewrite filter from http://tuckey.org/urlrewrite/
I have a rule, it's supposed to 301 perm-redirect from http to https
<rule>
<name>seo redirect</name>
<condition name="host" operator="notequal">^www.example.com</condition>
<condition name="host" operator="notequal">^localhost</condition>
<from>^/(.*)</from>
<to type="permanent-redirect" last="true">https://www.example.com/$1</to>
</rule>
The problem is despite setting the to-type to permanent-redirect I'm
actually getting a 302 temporary-redirect.
I know this is probably off topic but if anyone has any experience of
this I'd be gratefull to hear how you solved it
Thanks
lyallex
---------------------------------------------------------------------
---------------------------------------------------------------------
---------------------------------------------------------------------
To unsubscribe, e-mail: users-***@tomcat.apache.org
For additional commands, e-mail: users-***@tomcat.apache.org
André Warnier (tomcat)
2016-04-29 07:44:35 UTC
Permalink
Post by Lyallex
The problem is despite setting the to-type to permanent-redirect I'm
Post by Lyallex
actually getting a 302 temporary-redirect.
I know this is probably off topic but if anyone has any experience of
this I'd be gratefull to hear how you solved it
If this was Apache httpd, a simple solution would be to create 2 VirtualHost's,
- one of which listens only to port 80, and always returns a 301 to HTTPS
- the other one listening only to port 443, and holding your application
There should be a way to do the same with Tomcat.

If not, then thinking a bit laterally :
- set up Tomcat with only a HTTPS Connector and your apps.
- set up Apache httpd with only a HTTP VirtualHost, to return the 301.
The overhead should be negligible, because the Apache httpd could be minimally configured,
if that is the only thing it ever has to do.
And since with a 301, browsers (and Google) should update their links/cache, it would only
catch the first attempts of each client.
And it saves quite a bit of overhead at the Tomcat level, which no longer has to deal at
all with catching HTTP and redirecting it.


---------------------------------------------------------------------
To unsubscribe, e-mail: users-***@tomcat.apache.org
For additional commands, e-mail: users-***@tomcat.apache.org
Lyallex
2016-04-29 10:52:58 UTC
Permalink
Post by André Warnier (tomcat)
Post by Lyallex
The problem is despite setting the to-type to permanent-redirect I'm
Post by Lyallex
actually getting a 302 temporary-redirect.
I know this is probably off topic but if anyone has any experience of
this I'd be gratefull to hear how you solved it
If this was Apache httpd, a simple solution would be to create 2 VirtualHost's,
- one of which listens only to port 80, and always returns a 301 to HTTPS
- the other one listening only to port 443, and holding your application
There should be a way to do the same with Tomcat.
- set up Tomcat with only a HTTPS Connector and your apps.
- set up Apache httpd with only a HTTP VirtualHost, to return the 301.
The overhead should be negligible, because the Apache httpd could be
minimally configured, if that is the only thing it ever has to do.
And since with a 301, browsers (and Google) should update their links/cache,
it would only catch the first attempts of each client.
And it saves quite a bit of overhead at the Tomcat level, which no longer
has to deal at all with catching HTTP and redirecting it.
Hi, thanks for the suggestion however I'm running tomcat as a
standalone web server
Is there any similar trickery I can do in server.xml (for example).

thanks
lyallex
Post by André Warnier (tomcat)
---------------------------------------------------------------------
---------------------------------------------------------------------
To unsubscribe, e-mail: users-***@tomcat.apache.org
For additional commands, e-mail: users-***@tomcat.apache.org
André Warnier (tomcat)
2016-04-29 13:57:43 UTC
Permalink
Post by Lyallex
Post by André Warnier (tomcat)
Post by Lyallex
The problem is despite setting the to-type to permanent-redirect I'm
Post by Lyallex
actually getting a 302 temporary-redirect.
I know this is probably off topic but if anyone has any experience of
this I'd be gratefull to hear how you solved it
If this was Apache httpd, a simple solution would be to create 2 VirtualHost's,
- one of which listens only to port 80, and always returns a 301 to HTTPS
- the other one listening only to port 443, and holding your application
There should be a way to do the same with Tomcat.
- set up Tomcat with only a HTTPS Connector and your apps.
- set up Apache httpd with only a HTTP VirtualHost, to return the 301.
The overhead should be negligible, because the Apache httpd could be
minimally configured, if that is the only thing it ever has to do.
And since with a 301, browsers (and Google) should update their links/cache,
it would only catch the first attempts of each client.
And it saves quite a bit of overhead at the Tomcat level, which no longer
has to deal at all with catching HTTP and redirecting it.
Hi, thanks for the suggestion however I'm running tomcat as a
standalone web server
Yes, and you would still continue to do so for anything regarding your applications.
You would just be setting up a small httpd *on the side*, to handle only the calls to
http://yourserver/*, and redirect-301 them to https://yourserver/*.
(Think of it as some small black-box appliance which would do just that).
(And it could be any lightweight webserver instead of Apache httpd, like Nginx for
example)(But this is after all an Apache list, so I thought I should stay in the family).

As an advantage to your Tomcat, it would then be free to do only what it does best (serve
your applications, under https:// only) without having to worry about any HTTP,
re-direction, filtering or whatever.
Post by Lyallex
Is there any similar trickery I can do in server.xml (for example).
Well, I looked at the configurations of the Server, Engine, Connectors and Hosts, and it
did not seem evident to me how to do the same. But maybe someone smarter than me
Tomcat-wise will have some idea.

The HTTP redirect part mentioned above as under httpd, could of course also be done by a
second Tomcat instance doing just that (with just the one HTTP Connector). But it seems a
bit of an overkill to start 2 heavy-duty JVM's for such a purpose. Maybe there is a way
of starting 2 Tomcat <Server> entities under the same JVM though..
Post by Lyallex
thanks
lyallex
Post by André Warnier (tomcat)
---------------------------------------------------------------------
---------------------------------------------------------------------
---------------------------------------------------------------------
To unsubscribe, e-mail: users-***@tomcat.apache.org
For additional commands, e-mail: users-***@tomcat.apache.org
Christopher Schultz
2016-04-28 22:04:36 UTC
Permalink
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Lyallex,
apache-tomcat-7.0.42 jdk1.8.0_77 CentOS Linux 7.2.1511
urlrewritefilter-4.0.3.jar
I'm using the rewrite filter from http://tuckey.org/urlrewrite/
I have a rule, it's supposed to 301 perm-redirect from http to
https
<rule> <name>seo redirect</name> <condition name="host"
operator="notequal">^www.example.com</condition> <condition
name="host" operator="notequal">^localhost</condition>
<from>^/(.*)</from> <to type="permanent-redirect"
last="true">https://www.example.com/$1</to> </rule>
The problem is despite setting the to-type to permanent-redirect
I'm actually getting a 302 temporary-redirect.
I know this is probably off topic but if anyone has any experience
of this I'd be gratefull to hear how you solved it
- From the documentation for "condition":

"
notequal Not equal to. (i.e. request value != condition value).
Note, this operator *only work with numeric rule types*.
"
(emphasis mine)

Then again, there is immediately following it an example of where a
regular expression is almost certainly being used:

"
<condition name="user-agent" operator="notequal">Mozilla/[1-4]</conditio
n>
"

You might want to post a question to the Google Group for url-rewrite.
This might be a bug (at least in their documentation).

As for the incorrect redirect status, are you sure it's the rewrite
filter redirecting you? Jieryn points-out in a separate reply that if
you are using a user-data-constraint, you may already be redirected by
Tomcat before url-rewrite gets to look at the request.

- -chris
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iEYEARECAAYFAlciiPQACgkQ9CaO5/Lv0PDusQCcDrmV6fZlQWUsjvyVowD6bgvu
BG4An1R9lKLudJlTa0yM7yMKUrrmEjvi
=3AxZ
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: users-***@tomcat.apache.org
For additional commands, e-mail: users-***@tomcat.apache.org
Lyallex
2016-04-29 04:50:35 UTC
Permalink
On 28 April 2016 at 23:04, Christopher Schultz
Post by Christopher Schultz
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Lyallex,
apache-tomcat-7.0.42 jdk1.8.0_77 CentOS Linux 7.2.1511
urlrewritefilter-4.0.3.jar
I'm using the rewrite filter from http://tuckey.org/urlrewrite/
I have a rule, it's supposed to 301 perm-redirect from http to https
<rule> <name>seo redirect</name> <condition name="host"
operator="notequal">^www.example.com</condition> <condition
name="host" operator="notequal">^localhost</condition>
<from>^/(.*)</from> <to type="permanent-redirect"
last="true">https://www.example.com/$1</to> </rule>
The problem is despite setting the to-type to permanent-redirect
I'm actually getting a 302 temporary-redirect.
I know this is probably off topic but if anyone has any experience
of this I'd be gratefull to hear how you solved it
"
notequal Not equal to. (i.e. request value != condition value).
Note, this operator *only work with numeric rule types*.
"
(emphasis mine)
Then again, there is immediately following it an example of where a
"
<condition name="user-agent" operator="notequal">Mozilla/[1-4]</conditio
n>
"
You might want to post a question to the Google Group for url-rewrite.
This might be a bug (at least in their documentation).
I have turned on debug logging for the filter and everything looks OK,
the rule loads with no errors however I think you are right about
the filter not doing the redirect, or rather the filter redirects but
then something redirects again. This could be a problem as
GoogleGod demands a 301 redirect not a 302. Please see below
Post by Christopher Schultz
As for the incorrect redirect status, are you sure it's the rewrite
filter redirecting you? Jieryn points-out in a separate reply that if
you are using a user-data-constraint, you may already be redirected by
Tomcat before url-rewrite gets to look at the request.
First I commented out both the filter and the entire
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
security constraint, rebuilt and redeployed the war.

***@sandbox:/tmp# curl -D /tmp/headers.txt -s http://localhost/sitemap.xml

***@sandbox:/tmp# cat headers.txt
HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Vary: User-Agent
Content-Type: text/xml;charset=UTF-8
Transfer-Encoding: chunked
Date: Fri, 29 Apr 2016 04:28:30 GMT

Then I enabled the security constraint but left the filter commented out
rebuilt and redeployed then I ran exactly the same command

***@sandbox:/tmp# curl -D /tmp/headers.txt -s http://localhost/sitemap.xml

***@sandbox:/tmp# cat headers.txt
HTTP/1.1 302 Found
Server: Apache-Coyote/1.1
Cache-Control: private
Expires: Thu, 01 Jan 1970 01:00:00 GMT
Location: https://localhost/sitemap.xml
Content-Length: 0
Date: Fri, 29 Apr 2016 04:32:20 GMT

So, the filter isn't in the picture and I'm getting a 302

The only thing I can find that's might be doing the redirect is the following

***@sandbox:/tmp# cat /opt/apache-tomcat-7.0.42/conf/server.xml

<Connector port="80" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="443" /> <<<=======================
302 redirect ?

<Connector port="443" maxThreads="150" scheme="https" secure="true"
SSLEnabled="true" keystoreFile="/opt/keys/tomcat.keystore"
keystorePass="**********" clientAuth="false"
keyAlias="tomcat" sslProtocol="TLS" />

If this happens after the filter (which is not enabled at the moment)
then I could be in trouble.

I can't believe no one has had this problem before.

Thanks
lyallex
Post by Christopher Schultz
- -chris
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iEYEARECAAYFAlciiPQACgkQ9CaO5/Lv0PDusQCcDrmV6fZlQWUsjvyVowD6bgvu
BG4An1R9lKLudJlTa0yM7yMKUrrmEjvi
=3AxZ
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
---------------------------------------------------------------------
To unsubscribe, e-mail: users-***@tomcat.apache.org
For additional commands, e-mail: users-***@tomcat.apache.org
Christopher Schultz
2016-04-29 18:49:56 UTC
Permalink
Lyallex,
Post by Lyallex
On 28 April 2016 at 23:04, Christopher Schultz
Lyallex,
Post by Lyallex
apache-tomcat-7.0.42 jdk1.8.0_77 CentOS Linux 7.2.1511
urlrewritefilter-4.0.3.jar
I'm using the rewrite filter from http://tuckey.org/urlrewrite/
I have a rule, it's supposed to 301 perm-redirect from http to https
<rule> <name>seo redirect</name> <condition name="host"
operator="notequal">^www.example.com</condition> <condition
name="host" operator="notequal">^localhost</condition>
<from>^/(.*)</from> <to type="permanent-redirect"
last="true">https://www.example.com/$1</to> </rule>
The problem is despite setting the to-type to permanent-redirect
I'm actually getting a 302 temporary-redirect.
I know this is probably off topic but if anyone has any experience
of this I'd be gratefull to hear how you solved it
"
notequal Not equal to. (i.e. request value != condition value).
Note, this operator *only work with numeric rule types*.
"
(emphasis mine)
Then again, there is immediately following it an example of where a
"
<condition name="user-agent" operator="notequal">Mozilla/[1-4]</conditio
n>
"
You might want to post a question to the Google Group for url-rewrite.
This might be a bug (at least in their documentation).
Post by Lyallex
I have turned on debug logging for the filter and everything looks OK,
the rule loads with no errors however I think you are right about
the filter not doing the redirect, or rather the filter redirects but
then something redirects again. This could be a problem as
GoogleGod demands a 301 redirect not a 302. Please see below
As for the incorrect redirect status, are you sure it's the rewrite
filter redirecting you? Jieryn points-out in a separate reply that if
you are using a user-data-constraint, you may already be redirected by
Tomcat before url-rewrite gets to look at the request.
Post by Lyallex
First I commented out both the filter and the entire
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
security constraint, rebuilt and redeployed the war.
HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Vary: User-Agent
Content-Type: text/xml;charset=UTF-8
Transfer-Encoding: chunked
Date: Fri, 29 Apr 2016 04:28:30 GMT
Then I enabled the security constraint but left the filter commented out
rebuilt and redeployed then I ran exactly the same command
HTTP/1.1 302 Found
Server: Apache-Coyote/1.1
Cache-Control: private
Expires: Thu, 01 Jan 1970 01:00:00 GMT
Location: https://localhost/sitemap.xml
Content-Length: 0
Date: Fri, 29 Apr 2016 04:32:20 GMT
So it's your user-data-constraint that is causing the redirect. This is
happening before the filter can do its work.
Post by Lyallex
Post by Lyallex
So, the filter isn't in the picture and I'm getting a 302
The only thing I can find that's might be doing the redirect is the following
<Connector port="80" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="443" /> <<<=======================
302 redirect ?
CONFIDENTIAL + redirectPort = 302

In fact, you'll probably get no satisfaction removing the redirectPort,
since I think it defaults to 443.
Post by Lyallex
Post by Lyallex
<Connector port="443" maxThreads="150" scheme="https" secure="true"
SSLEnabled="true" keystoreFile="/opt/keys/tomcat.keystore"
keystorePass="**********" clientAuth="false"
keyAlias="tomcat" sslProtocol="TLS" />
If this happens after the filter (which is not enabled at the moment)
then I could be in trouble.
I can't believe no one has had this problem before.
Well, you have conflicting requirements, here:

1. You want to redirect requests to hostnames not on your whitelist to
HTTPS (url-rewrite)
2. You want to redirect everybody to HTTPS (CONFIDENTIAL)

Which of those is most important?

If you need the CONFIDENTIAL setting (which is generally a good idea),
then forget about url-rewrite and just use CONFIDENTIAL instead.

Unfortunately, it looks like Tomcat doesn't support setting the response
code for the redirect. That sounds like it would be a nice thing to be
able to configure. Care to file a bug? You could even submit a patch for
it -- it shouldn't be too terribly difficult to code that up.

-chris

---------------------------------------------------------------------
To unsubscribe, e-mail: users-***@tomcat.apache.org
For additional commands, e-mail: users-***@tomcat.apache.org
Lyallex
2016-04-30 11:56:06 UTC
Permalink
On 29 April 2016 at 19:49, Christopher Schultz
Post by Christopher Schultz
Lyallex,
Post by Lyallex
On 28 April 2016 at 23:04, Christopher Schultz
snip
Post by Christopher Schultz
1. You want to redirect requests to hostnames not on your whitelist to
HTTPS (url-rewrite)
2. You want to redirect everybody to HTTPS (CONFIDENTIAL)
Which of those is most important?
If you need the CONFIDENTIAL setting (which is generally a good idea),
then forget about url-rewrite and just use CONFIDENTIAL instead.
Yep, you're correct. UrlRewrite is not the answer, it's out of the picture.
it's just CONFIDENTIAL and the standard port 80/443 connectors that I
have to deal with
Post by Christopher Schultz
Unfortunately, it looks like Tomcat doesn't support setting the response
code for the redirect. That sounds like it would be a nice thing to be
able to configure. Care to file a bug?
Well I wouldn't call it a bug really, more of a missing feature that
would be nice to have
I've never submitted a bug before I don't really know where to start ...

Ah ... http://tomcat.apache.org/bugreport.html

<takes a step backwards>

I wouldn't call it a bug, more of an 'enhancement'.
I'll give it a go, after all I can only get shouted at :-)
Post by Christopher Schultz
You could even submit a patch for
it -- it shouldn't be too terribly difficult to code that up.
As it happens I'm currently setting up a mirror of my new live CentOS
systemd server as my new dev box (currently on Ubuntu)
The first thing I was going to do was get the source of Tomcat 7 and
try to build it

Jeez, contribute to Tomcat eh, that would be something wouldn't it?

Anyway thanks to all for all the help and for your patience,
I'll figure out how the bug report thing works and submit an enhancement

lyallex
Post by Christopher Schultz
-chris
---------------------------------------------------------------------
---------------------------------------------------------------------
To unsubscribe, e-mail: users-***@tomcat.apache.org
For additional commands, e-mail: users-***@tomcat.apache.org
Lyallex
2016-04-30 15:41:02 UTC
Permalink
snip
Post by Christopher Schultz
Unfortunately, it looks like Tomcat doesn't support setting the response
code for the redirect. That sounds like it would be a nice thing to be
able to configure. Care to file a bug?
Done

Bug 59399 - Tomcat doesn't support setting the response code for http
-> https redirect
Post by Christopher Schultz
You could even submit a patch for
it -- it shouldn't be too terribly difficult to code that up.
That might take a little longer, working on it

lyallex

---------------------------------------------------------------------
To unsubscribe, e-mail: users-***@tomcat.apache.org
For additional commands, e-mail: users-***@tomcat.apache.org

Lyallex
2016-04-29 15:32:37 UTC
Permalink
Post by André Warnier (tomcat)
Post by Lyallex
The problem is despite setting the to-type to permanent-redirect I'm
Post by Lyallex
actually getting a 302 temporary-redirect.
I know this is probably off topic but if anyone has any experience of
this I'd be gratefull to hear how you solved it
If this was Apache httpd, a simple solution would be to create 2
VirtualHost's,
- one of which listens only to port 80, and always returns a 301 to HTTPS
- the other one listening only to port 443, and holding your application
There should be a way to do the same with Tomcat.
I am but a humble code monkey and certainly no Tomcat guru
but I think I understand where you are coming from

I commented out the relevant constraint in web.xml
commented out the standard port 80/443 setup in server.xml
commented out the redirect rule in urlrewrite.xml

I added the following to server.xml and started tomcat

<Connector port="443" protocol="HTTP/1.1" connectionTimeout="20000"
maxThreads="150" scheme="https" secure="true"
SSLEnabled="true" keystoreFile="/opt/keys/tomcat.keystore"
keystorePass="l00byl00" clientAuth="false"
keyAlias="tomcat" sslProtocol="TLS" />

I checked out the logs and couldn't see any problems, tomcat was
apparently listening on 2 ports

Apr 29, 2016 4:10:37 PM org.apache.coyote.AbstractProtocol start
INFO: Starting ProtocolHandler ["http-bio-443"]
Apr 29, 2016 4:10:37 PM org.apache.coyote.AbstractProtocol start
INFO: Starting ProtocolHandler ["ajp-bio-8009"]
Apr 29, 2016 4:10:37 PM org.apache.catalina.startup.Catalina start
INFO: Server startup in 2167 ms

I fired up frefox, cleared the caches and entered https;//localhost
and the site was visible ... I haven't tested it extensively but it
seems to work fine

Of course the problems start when I try http://localhost given that
there's nothing listening on port 80

I think this is where your second instance comes in ... I'll go and do
some gardening and let my tired old brain process what you said and
see if I can make it work.

Do any of the gurus want to jump in here
what do you think of this solution

Is it madness, what haven't I seen

Thanks for your time

snip

---------------------------------------------------------------------
To unsubscribe, e-mail: users-***@tomcat.apache.org
For additional commands, e-mail: users-***@tomcat.apache.org
Loading...