Reputation: 20163
I enabled the connector for port 8443 on my Apache Tomcat 7 web server. When I try to access a deployed application (https://myserver:8443/myapplication/) or the tomcat manager on 8443, however, the page does not resolve. I'm wondering if I missed a step? Tomcat starts without any errors or warnings. Here are the changes that I made:
Allowed port 8443 on my firewall and uncommented the 8443 connector in server.xml:
<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS"
keystoreFile="/var/lib/tomcat7/localhost.jks"
keystorePass="mypassword" keyAlias="localhost" />
I added the following to catalina.sh:
JAVA_OPTS="$JAVA_OPTS -Djavax.net.ssl.trustStore=/var/lib/tomcat7/localhost.jks -Djavax.net.ssl.keyStore=/var/lib/tomcat7/localhost.jks -Djavax.net.ssl.keyStorePassword=mypassword -Djavax.net.ssl.trustStorePassword=mypassword"
Finally, I restarted Tomcat:
Nov 9, 2012 10:51:44 PM org.apache.coyote.AbstractProtocol init
INFO: Initializing ProtocolHandler ["http-bio-8080"]
Nov 9, 2012 10:51:44 PM org.apache.coyote.AbstractProtocol init
INFO: Initializing ProtocolHandler ["http-bio-8443"]
Nov 9, 2012 10:51:44 PM org.apache.catalina.startup.Catalina load
INFO: Initialization processed in 574 ms
Nov 9, 2012 10:51:44 PM org.apache.catalina.core.StandardService startInternal
INFO: Starting service Catalina
Nov 9, 2012 10:51:44 PM org.apache.catalina.core.StandardEngine startInternal
INFO: Starting Servlet Engine: Apache Tomcat/7.0.26
Nov 9, 2012 10:51:44 PM org.apache.catalina.startup.HostConfig deployWAR
INFO: Deploying web application archive /var/lib/tomcat7/webapps/myapplication.war
Nov 9, 2012 10:51:45 PM org.apache.catalina.core.ApplicationContext log
INFO: Initializing Spring root WebApplicationContext
Configuring Spring Security Core ...
... finished configuring Spring Security Core
Nov 9, 2012 10:51:57 PM org.apache.catalina.core.ApplicationContext log
INFO: Initializing Spring FrameworkServlet 'grails'
Nov 9, 2012 10:51:57 PM org.apache.catalina.startup.HostConfig deployDirectory
INFO: Deploying web application directory /var/lib/tomcat7/webapps/ROOT
Nov 9, 2012 10:51:57 PM org.apache.coyote.AbstractProtocol start
INFO: Starting ProtocolHandler ["http-bio-8080"]
Nov 9, 2012 10:51:57 PM org.apache.coyote.AbstractProtocol start
INFO: Starting ProtocolHandler ["http-bio-8443"]
Nov 9, 2012 10:51:57 PM org.apache.catalina.startup.Catalina start
INFO: Server startup in 13439 ms
As you can see, it started ProtocolHandler for 8443.
Do I need to change the alias name of my certificate to the real server name rather than localhost? That is the only thing that I can think of. Does anyone have any other ideas?
Here is the nmap for port 8443:
$nmap -p 8443 localhost
Starting Nmap 5.21 ( http://nmap.org ) at 2012-11-10 02:47 UTC
Nmap scan report for localhost (127.0.0.1)
Host is up (0.000091s latency).
rDNS record for 127.0.0.1: localhost.localdomain
PORT STATE SERVICE
8443/tcp open https-alt
Nmap done: 1 IP address (1 host up) scanned in 0.06 seconds
Thanks!
Catalina.out after adding Djavax.net.debug=all to catalina.sh:
...
Nov 11, 2012 4:24:36 PM org.apache.catalina.core.ApplicationContext log
INFO: Initializing Spring FrameworkServlet 'grails'
Nov 11, 2012 4:24:36 PM org.apache.catalina.startup.HostConfig deployDirectory
INFO: Deploying web application directory /var/lib/tomcat7/webapps/ROOT
Nov 11, 2012 4:24:37 PM org.apache.coyote.AbstractProtocol start
INFO: Starting ProtocolHandler ["http-bio-8080"]
Nov 11, 2012 4:24:37 PM org.apache.coyote.AbstractProtocol start
INFO: Starting ProtocolHandler ["http-bio-8443"]
Allow unsafe renegotiation: false
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false
http-bio-8443-Acceptor-0, called closeSocket()
Nov 11, 2012 4:24:37 PM org.apache.catalina.startup.Catalina start
INFO: Server startup in 13399 ms
Upvotes: 1
Views: 12268
Reputation: 803
open /etc/hosts file in sudo mode
Here you can do mapping of ip to domain name.
Upvotes: 0
Reputation: 20163
Well, I'm embarrassed. It turns out that if I navigate to the actual IP address, then it works (as opposed to the domain name). It seems that I will need to provide a mapping somewhere (does anyone know where?) so that it resolves with the domain name....
Upvotes: 1