tags:

views:

61

answers:

2
+1  Q: 

Can I run Tomcat securely on port 443 and insecurely on 8080

Let me explain my situation.

Currently, I have a lot of applications running on Tomcat 6, on the default port 8080.

I just created some applications that will need a log in. I'm going to buy an SSL certificate to install on this server.

I don't like the idea of using port 8443 because it makes the URL more complicated. If I run Tomcat on port 80, I'd have to change dozens of links and I'd have to run Tomcat as root ( rather than tomcat ).

Is there any problem running the insecure applications on port 8080 but having the secure run on port 443?

I'm imagining my setup will have URLs that look like this:

http://mydomain.com:8080/report/controller?id=weather

https://mydomain.com/secure/controller?id=profile

Is this possible?

+4  A: 

Yes, it's perfectly OK. Just configure the connectors to use the respective ports. But for 443 I'd guess root would be required as well.

Bozho  2010-08-24 23:03:28
One caveat though is if you're on *nix and run as non-root as only root can bind to ports < 1024 , but it should't be hard to find docs on how to work around that.
nos  2010-08-24 23:08:20
The usual thing is to bind to the port and then drop to a normal, minimal-privileged user. Don't know how Tomcat is set up to handle that (without the Apache httpd in front).
Tom Hawtin - tackline  2010-08-24 23:38:28
+3  A: 

Setup HTTP connector on 8080 and HTTPS connector on 8443. In your <Connector> declaration add proxyPort attribute and set it to default HTTP and HTTPS port ( 80 and 443 respectively ). Setup firewall redirect rule from 80 to 8080 and from 443 to 8443. Then the server will accept regular http and https URLs without the need to specify port numbers.

Below is a sample declaration of these connectors.

<Connector
  maxSpareThreads='75'
  port='8080'
  proxyPort='80'
  enableLookups='false'
  maxThreads='150'
  connectionTimeout='20000'
  disableUploadTimeout='true'
  minSpareThreads='5'
  maxHttpHeaderSize='8192'
  redirectPort='443'
  acceptCount='200'
/>

<Connector
  SSLEnabled='true'
  keystoreFile='/path/to/keystore.jks'
  maxSpareThreads='75'
  port='8443'
  proxyPort='443'
  algorithm='SunX509'
  enableLookups='false'
  secure='true'
  maxThreads='150'
  connectionTimeout='20000'
  disableUploadTimeout='true'
  scheme='https'
  minSpareThreads='5'
  maxHttpHeaderSize='8192'
  sslProtocol='SSL'
  acceptCount='200'
  clientAuth='false'
/>

And here are some redirect IPTABLES commands:

# Redirect external packets
-A PREROUTING -j NAT-Port-Redirect

# redirect http traffic
-A NAT-Port-Redirect -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 8080
# redirect https traffic
-A NAT-Port-Redirect -p tcp -m tcp --dport 443 -j REDIRECT --to-ports 8443
Alexander Pogrebnyak  2010-08-24 23:47:13

related questions

Java Time Zone is messed up
Eclipse on win64
Automate builds for Java RCP for deployment with JNLP
Why are professors or schools picking Java over C++ to teach to students?
Is there a real benefit of using J#?
Public/Popular Websites using JavaServer Faces
Why can't I use a try block around my super() call?
Accessing post variables using Java Servlets
Personal Linux web server
Is this really widening vs autoboxing?
How can I Java webstart multiple, dependent, native libraries?
Why can't I call toString() on a Java primitive?
How do I use Java to read from a file that is actively being written?
What code analysis tools do you use for your Java projects?
IllegalArgumentException or NullPointerException for a null parameter?
How do I configure and communicate with a serial port?
What is the best way to parse strings in Java
Getting started with a custom JXTA PeerGroup
Creating a custom button in Java
How to get started "writing" a code coverage tool?
Which Build-/Configuration Management Tool?
What is the difference between an int and an Integer in Java/C#?
What is the meaning of the type safety warning in certain Java generics casts?
How would you access Object properties from within an object method?
Converting CSV File to XML in Java