Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Can I run Tomcat securely on port 443 and insecurely on 8080

Tags:

java

ssl

ssl-certificate

tomcat

tomcat6

Let me explain my situation.

Currently, I have a lot of applications running on Tomcat 6, on the default port 8080.

I just created some applications that will need a log in. I'm going to buy an SSL certificate to install on this server.

I don't like the idea of using port 8443 because it makes the URL more complicated. If I run Tomcat on port 80, I'd have to change dozens of links and I'd have to run Tomcat as root ( rather than tomcat ).

Is there any problem running the insecure applications on port 8080 but having the secure run on port 443?

I'm imagining my setup will have URLs that look like this:

http://mydomain.com:8080/report/controller?id=weather

https://mydomain.com/secure/controller?id=profile

Is this possible?

like image 500
jeph perro Avatar asked Aug 24 '10 22:08

jeph perro

2 Answers

Setup HTTP connector on 8080 and HTTPS connector on 8443. In your <Connector> declaration add proxyPort attribute and set it to default HTTP and HTTPS port ( 80 and 443 respectively ). Setup firewall redirect rule from 80 to 8080 and from 443 to 8443. Then the server will accept regular http and https URLs without the need to specify port numbers.

Below is a sample declaration of these connectors.

<Connector
  maxSpareThreads='75'
  port='8080'
  proxyPort='80'
  enableLookups='false'
  maxThreads='150'
  connectionTimeout='20000'
  disableUploadTimeout='true'
  minSpareThreads='5'
  maxHttpHeaderSize='8192'
  redirectPort='443'
  acceptCount='200'
/>

<Connector
  SSLEnabled='true'
  keystoreFile='/path/to/keystore.jks'
  maxSpareThreads='75'
  port='8443'
  proxyPort='443'
  algorithm='SunX509'
  enableLookups='false'
  secure='true'
  maxThreads='150'
  connectionTimeout='20000'
  disableUploadTimeout='true'
  scheme='https'
  minSpareThreads='5'
  maxHttpHeaderSize='8192'
  sslProtocol='SSL'
  acceptCount='200'
  clientAuth='false'
/>

And here are some redirect IPTABLES commands:

# Redirect external packets
-A PREROUTING -j NAT-Port-Redirect

# redirect http traffic
-A NAT-Port-Redirect -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 8080
# redirect https traffic
-A NAT-Port-Redirect -p tcp -m tcp --dport 443 -j REDIRECT --to-ports 8443
like image 108
Alexander Pogrebnyak Avatar answered Oct 05 '22 06:10

Alexander Pogrebnyak

Yes, it's perfectly OK. Just configure the connectors to use the respective ports. But for 443 I'd guess root would be required as well.

like image 23
Bozho Avatar answered Oct 05 '22 07:10

Bozho
Sign in to Comment

Related questions

How to set String's font size, style in Java using the Font class?
do I need to surround fileInputStream.close with a try/catch/finally block? How is it done?
Jersey java.lang.ClassNotFoundException: com.sun.jersey.spi.container.servlet.ServletContainer
Most elegant way to detect if a String is a number?
Using command-line argument for passing files to a program
Comparing java memory heap dumps: Memory profiling for Java desktop application [closed]
Right Shift to Perform Divide by 2 On -1
java: how can i verify an email address to be valid without sending a confirmation e-mail?
How to move the selected item to move to the top of the list
How to add multiple ActionListeners for multiple buttons in Java Swing
Is long always 64 bit in both 32 and 64 bit machine
IntelliJ IDEA Can't create GUI Form
Why isn't Eclipse updating the classes?
List View adapter not working, getView not called.
Is guava's ImmutableXXX really immutable?
Drawing filled polygon with libGDX
How to use java variable to insert values to mysql table?
why is static inner class singleton thread safe [duplicate]
How to use recursion in creating a binary search algorithm
Java: += equivalence

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!