Discussion:
8443 to 443 problem
Me Self
2010-04-15 16:24:49 UTC
Permalink
I am trying to use port 443 for https - without success so far.
I changed from 8443 to 443 in two places in server.xml:

<Connector protocol="HTTP/1.1" port="80" ... redirectPort="443" />
...
<Connector protocol="HTTP/1.1" SSLEnabled="true"
port="443" ...
scheme="https" secure="true" clientAuth="false"
keystoreFile=...
keystorePass=... sslProtocol = "TLS" />

But apparently this is not enough because when I navigate to a
confidential part of the web app tomcat
sends a http 302 redirect to port 8443 still instead of 443..

What am i missing?
Konstantin Kolinko
2010-04-15 17:06:30 UTC
Permalink
Post by Me Self
I am trying to use port 443 for https - without success so far.
 <Connector protocol="HTTP/1.1" port="80" ... redirectPort="443" />
...
 <Connector protocol="HTTP/1.1" SSLEnabled="true"
          port="443" ...
          scheme="https" secure="true" clientAuth="false"
          keystoreFile=...
          keystorePass=... sslProtocol = "TLS"  />
But apparently this is not enough because when I navigate to a
confidential part of the web app tomcat
sends a http 302 redirect to port 8443 still instead of 443..
What am i missing?
1. Tomcat version?
2. Is Tomcat running standalone, or behind another web server, e.g. Apache?
3. There are only these two connectors in your server.xml?
Me Self
2010-04-15 18:15:45 UTC
Permalink
Post by Konstantin Kolinko
1. Tomcat version?
2. Is Tomcat running standalone, or behind another web server, e.g. Apache?
3. There are only these two connectors in your server.xml?
Its tomcat 5.5 (i believe) embedded in jboss5.1.0GA running standalone
"default" server.
Those are the only 2 connectors in the context.xml file. I removed the
AJP connector
completely.
Post by Konstantin Kolinko
From the server log when its starting up, notice the change from 8080
to 80 went through but 8443 to 443
had no effect:
18:48:09,605 INFO [Http11Protocol] Starting Coyote HTTP/1.1 on
http-192.168.1.5-80
18:48:09,648 INFO [Http11Protocol] Starting Coyote HTTP/1.1 on
http-192.168.1.5-8443
Jeffrey Janner
2010-04-15 16:59:59 UTC
Permalink
Did you restart your Tomcat instance?

-----Original Message-----
From: Me Self [mailto:***@gmail.com]
Sent: Thursday, April 15, 2010 11:25 AM
To: ***@tomcat.apache.org
Subject: 8443 to 443 problem

I am trying to use port 443 for https - without success so far.
I changed from 8443 to 443 in two places in server.xml:

<Connector protocol="HTTP/1.1" port="80" ... redirectPort="443" />
...
<Connector protocol="HTTP/1.1" SSLEnabled="true"
port="443" ...
scheme="https" secure="true" clientAuth="false"
keystoreFile=...
keystorePass=... sslProtocol = "TLS" />

But apparently this is not enough because when I navigate to a
confidential part of the web app tomcat
sends a http 302 redirect to port 8443 still instead of 443..

What am i missing?

---------------------------------------------------------------------
To unsubscribe, e-mail: users-***@tomcat.apache.org
For additional commands, e-mail: users-***@tomcat.apache.org



******************************* NOTICE *********************************
This message is intended for the use of the individual or entity to which
it is addressed and may contain information that is privileged,
confidential, and exempt from disclosure under applicable law. If the
reader of this message is not the intended recipient or the employee or
agent responsible for delivering this message to the intended recipient,
you are hereby notified that any dissemination, distribution, or copying
of this communication is strictly prohibited. If you have received this
communication in error, please notify us immediately by reply or by
telephone (call us collect at 512-343-9100) and immediately delete this
message and all its attachments.
Me Self
2010-04-15 18:16:54 UTC
Permalink
Many times, also tried reinstalling the server complete.

On Thu, Apr 15, 2010 at 6:59 PM, Jeffrey Janner
Post by Jeffrey Janner
Did you restart your Tomcat instance?
Me Self
2010-04-16 11:05:08 UTC
Permalink
I can change the redirectPort at runtime through managed bean
"org.apache.catalina.mbeans.ConnectorMBean" to 443. When I do that it
works immediately but after server restart the port is back to 8443.
Post by Me Self
I am trying to use port 443 for https - without success so far.
 <Connector protocol="HTTP/1.1" port="80" ... redirectPort="443" />
...
 <Connector protocol="HTTP/1.1" SSLEnabled="true"
          port="443" ...
          scheme="https" secure="true" clientAuth="false"
          keystoreFile=...
          keystorePass=... sslProtocol = "TLS"  />
But apparently this is not enough because when I navigate to a
confidential part of the web app tomcat
sends a http 302 redirect to port 8443 still instead of 443..
What am i missing?
--
Mvh Søren Poulsen
Konstantin Kolinko
2010-04-16 11:40:57 UTC
Permalink
Post by Me Self
I can change the redirectPort at runtime through managed bean
"org.apache.catalina.mbeans.ConnectorMBean" to 443. When I do that it
works immediately but after server restart the port is back to 8443.
I see two options:
a) either there is a misprint somewhere - unknown attributes are
ignored when parsing server.xml, especially in 5.5.
The 6.0 would print a message if it can detect that there is no
property with the given name in the class that this XML element
configures.

b) the file that you are changing is not the one that is actually used.
I do not use JBoss, so there might be differences with what I know.
E.g., you are saying about context.xml, but in Tomcat that is
configured in server.xml.

By the way, AFAIK, SSLEnabled="true" is not needed/not available in
Tomcat 5.5, (no harm here, because unknown attribute will just be
ignored, as I wrote above). Thus it looks like a Tomcat 6.0
configuration.

Best regards,
Konstantin Kolinko
Me Self
2010-04-16 13:18:42 UTC
Permalink
Post by Konstantin Kolinko
b) the file that you are changing is not the one that is actually used.
I do not use JBoss, so there might be differences with what I know.
E.g., you are saying about context.xml, but in Tomcat that is
configured in server.xml.
I found out jboss uses a hybrid of Tomcats server.xml file and its own
central way of setting ports for all its services.
The file for central port settings in jboss 5.1.0.ga is
/server/default/conf/bindingservice.beans/META-INF/bindings-jboss-beans.xml,
but its faily obscure. Inside the bindings-jboss-beans.xml theres a
piece of XSLT that transforms and overwrites the Connector tag
from the server.xml file. The XSLT works from a base port and theres
no direct mention of 8443 which is why I could find the
config with "find . -exec grep 8443 ...". Some of the XSLT
transformation wont match the connector tags in server.xml if the
ports
have been changed in server.xml and I found lots of posts from people
trying that approach - all in all it looks like an extremely flaky
way of controlling ports centrally but maybe its just because im doing it wrong.

This is what worked for me:

Change this line in bindings-jboss-beans.xml :
<xsl:attribute name="redirectPort"><xsl:value-of select="$portHttps"
/></xsl:attribute>
To:
<xsl:attribute name="redirectPort"><xsl:value-of select="443" /></xsl:attribute>

(I believe this breaks the general jboss port settings based on having
a single base port from which other ports are calculated)

Loading...