You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Bill Kelm <bk...@willamette.edu> on 2016/02/04 18:52:24 UTC
Tomcat 7 and SSL...
Not sure if anyone has seen this before, whenever we go to configure the
SSL connector and set the connector port to 8443, on tomcat startup they
are getting rewritten to another random port.
So we will have:
<Connector port="8080" protocol="HTTP/1.1"
connectionTimeout="20000"
URIEncoding="UTF-8"
redirectPort="8443" />
<Connector port="8443" protocol="org.apache.coyote.http11.Http11Protocol"
maxThreads="150" SSLEnabled="true" scheme="https"
secure="true"
keystoreFile="/etc/tomcat7/keystore" keystorePass="xxxxx"
clientAuth="false" sslProtocol="TLS" />
and I end up with this in the server.xml file on startup:
<Connector port="8080" protocol="HTTP/1.1"
connectionTimeout="20000"
URIEncoding="UTF-8"
redirectPort="13043" />
<Connector port="13043"
protocol="org.apache.coyote.http11.Http11Protocol"
maxThreads="150" SSLEnabled="true" scheme="https"
secure="true"
keystoreFile="/etc/tomcat7/keystore" keystorePass="xxxxx"
clientAuth="false" sslProtocol="TLS" />
Thanks for any thoughts.
Bill K.
--
Bill G. Kelm - Systems Librarian
Willamette University Library
900 State Street - Salem, OR 97301
Phone: 503-375-5332 Fax: 503-370-6141
Re: Tomcat 7 and SSL...
Posted by Bill Kelm <bk...@willamette.edu>.
George,
Thanks for the lead to the startup script. That was exactly it, in our
configuration our CATALINA_BASE is /usr/share/tomcat7 and that is what was
triggering the random port assignment:
if [ "$CATALINA_HOME" != "/usr/share/tomcat" -a "$RETVAL" -eq "0" ]; then
# Create a tomcat directory if it doesn't exist
makeHomeDir
# If CATALINA_HOME doesn't exist modify port number so that
# multiple instances don't interfere with each other
findFreePorts
sed -i -e "s/8005/${randomPort1}/g" -e "s/8080/${CONNECTOR_PORT}/g"
\
-e "s/8009/${randomPort2}/g" -e "s/8443/${randomPort3}/g"
Bill K.
On Thu, Feb 4, 2016 at 10:10 AM, George Sexton <ge...@mhsoftware.com>
wrote:
>
>
> On 2/4/2016 10:52 AM, Bill Kelm wrote:
>
>> Not sure if anyone has seen this before, whenever we go to configure
>> the
>> SSL connector and set the connector port to 8443, on tomcat startup they
>> are getting rewritten to another random port.
>>
>> So we will have:
>>
>> <Connector port="8080" protocol="HTTP/1.1"
>> connectionTimeout="20000"
>> URIEncoding="UTF-8"
>> redirectPort="8443" />
>>
>> <Connector port="8443"
>> protocol="org.apache.coyote.http11.Http11Protocol"
>> maxThreads="150" SSLEnabled="true" scheme="https"
>> secure="true"
>> keystoreFile="/etc/tomcat7/keystore" keystorePass="xxxxx"
>> clientAuth="false" sslProtocol="TLS" />
>>
>>
>> and I end up with this in the server.xml file on startup:
>>
>> <Connector port="8080" protocol="HTTP/1.1"
>> connectionTimeout="20000"
>> URIEncoding="UTF-8"
>> redirectPort="13043" />
>>
>> <Connector port="13043"
>> protocol="org.apache.coyote.http11.Http11Protocol"
>> maxThreads="150" SSLEnabled="true" scheme="https"
>> secure="true"
>> keystoreFile="/etc/tomcat7/keystore" keystorePass="xxxxx"
>> clientAuth="false" sslProtocol="TLS" />
>>
>>
>> Thanks for any thoughts.
>>
>
> Are you running a distribution provided version of Tomcat? It looks to me
> like there's a startup script that's reading something like /etc/sysconfig
> and re-writing server.xml on the fly. You need to dig into the startup
> script.
>
>
>
>> Bill K.
>>
>>
>>
> --
> George Sexton
> *MH Software, Inc.*
> Voice: 303 438 9585
> http://www.mhsoftware.com
>
--
Bill G. Kelm - Systems Librarian
Willamette University Library
900 State Street - Salem, OR 97301
Phone: 503-375-5332 Fax: 503-370-6141
Re: Tomcat 7 and SSL...
Posted by George Sexton <ge...@mhsoftware.com>.
On 2/4/2016 10:52 AM, Bill Kelm wrote:
> Not sure if anyone has seen this before, whenever we go to configure the
> SSL connector and set the connector port to 8443, on tomcat startup they
> are getting rewritten to another random port.
>
> So we will have:
>
> <Connector port="8080" protocol="HTTP/1.1"
> connectionTimeout="20000"
> URIEncoding="UTF-8"
> redirectPort="8443" />
>
> <Connector port="8443" protocol="org.apache.coyote.http11.Http11Protocol"
> maxThreads="150" SSLEnabled="true" scheme="https"
> secure="true"
> keystoreFile="/etc/tomcat7/keystore" keystorePass="xxxxx"
> clientAuth="false" sslProtocol="TLS" />
>
>
> and I end up with this in the server.xml file on startup:
>
> <Connector port="8080" protocol="HTTP/1.1"
> connectionTimeout="20000"
> URIEncoding="UTF-8"
> redirectPort="13043" />
>
> <Connector port="13043"
> protocol="org.apache.coyote.http11.Http11Protocol"
> maxThreads="150" SSLEnabled="true" scheme="https"
> secure="true"
> keystoreFile="/etc/tomcat7/keystore" keystorePass="xxxxx"
> clientAuth="false" sslProtocol="TLS" />
>
>
> Thanks for any thoughts.
Are you running a distribution provided version of Tomcat? It looks to
me like there's a startup script that's reading something like
/etc/sysconfig and re-writing server.xml on the fly. You need to dig
into the startup script.
>
> Bill K.
>
>
--
George Sexton
*MH Software, Inc.*
Voice: 303 438 9585
http://www.mhsoftware.com
Re: Tomcat 7 and SSL...
Posted by Christopher Schultz <ch...@christopherschultz.net>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Bill,
On 2/4/16 12:52 PM, Bill Kelm wrote:
> Not sure if anyone has seen this before, whenever we go to
> configure the SSL connector and set the connector port to 8443, on
> tomcat startup they are getting rewritten to another random port.
>
> So we will have:
>
> <Connector port="8080" protocol="HTTP/1.1"
> connectionTimeout="20000" URIEncoding="UTF-8" redirectPort="8443"
> />
>
> <Connector port="8443"
> protocol="org.apache.coyote.http11.Http11Protocol"
> maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
> keystoreFile="/etc/tomcat7/keystore" keystorePass="xxxxx"
> clientAuth="false" sslProtocol="TLS" />
>
>
> and I end up with this in the server.xml file on startup:
>
> <Connector port="8080" protocol="HTTP/1.1"
> connectionTimeout="20000" URIEncoding="UTF-8" redirectPort="13043"
> />
>
> <Connector port="13043"
> protocol="org.apache.coyote.http11.Http11Protocol"
> maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
> keystoreFile="/etc/tomcat7/keystore" keystorePass="xxxxx"
> clientAuth="false" sslProtocol="TLS" />
>
>
> Thanks for any thoughts.
Tomcat doesn't ever write to server.xml. Something else must be doing
this.
Try setting permissions of server.xml to 0444 after you "fix" it and
see what process complains.
- -chris
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iEYEARECAAYFAlazz/0ACgkQ9CaO5/Lv0PCKZQCfYX3DAe+XsmASg3VWbZoRgITr
fpcAoKx39O0FMBLk9U71xv89sWWcBIEu
=j0u5
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org