You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Robert Denison <ro...@blim.org> on 2009/11/17 10:40:46 UTC
https and port numbers
Hi,
I've set up my tomcat server to serve http requests on port 8080 and https on port 8443. My firewall forwards requests for 80 to 8080 and 8443 to 8443.
It works fine but as it stands https requests have the form https://mydomain.com:8443. I would like to set it up so like most secure internet sites there is no port number in the URL even when using https. Can anyone point me in the right direction or at some documentation that will help?
Cheers for any help,
R.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: https and port numbers
Posted by Tobias Crefeld <tc...@cataneo.eu>.
Am Tue, 17 Nov 2009 09:40:46 +0000
schrieb Robert Denison <ro...@blim.org>:
> I've set up my tomcat server to serve http requests on port 8080 and
> https on port 8443. My firewall forwards requests for 80 to 8080 and
> 8443 to 8443.
Tomcat cannot help you in this case.
You will have to make your firewall forward port 443 to 8443 because
443 is the port number that an average webbrowser assumes if the URL
starts with https://
RU,
Tobias.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
RE: https and port numbers
Posted by Neil Aggarwal <ne...@JAMMConsulting.com>.
> It works fine but as it stands https requests have the form
> https://mydomain.com:8443. I would like to set it up so like
> most secure internet sites there is no port number in the URL
> even when using https. Can anyone point me in the right
> direction or at some documentation that will help?
For that, you need to have your firewall forward port
443 to port 8443 on Tomcat.
Neil
--
Neil Aggarwal, (281)846-8957, http://UnmeteredVPS.net
Host your tomcat app on a CentOS VPS for only $25/month!
Unmetered bandwidth, 7 day no risk trial, Google Checkout
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: https and port numbers
Posted by Christopher Schultz <ch...@christopherschultz.net>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
David,
On 11/17/2009 11:59 AM, David Smith wrote:
> Christopher Schultz wrote:
>> David,
>>
>> On 11/17/2009 7:39 AM, David Smith wrote:
>>> Your tomcat has to listen on 443 to remove the port number from the
>>> URL. This is not a tomcat issue, but rather the browser's expectation.
>>
>> That's not entirely true. If Robert configures his firewall to redirect
>> port 443 -> 8443 similar to how he does 80 -> 8080, then he can "remove"
>> the port number from the URL by changing the redirectPort attribute in
>> his <Connector> to "443".
>>
> You're talking about proxying the connection with a reverse proxy.
No, I'm talking about port forwarding, which is apparently what he's
already doing with 80 -> 8080.
> That
> works, but I believe the connector will have to have proxyPort set so
> generated URLs within the app don't include a port number.
That may be necessary given that the <Connector> thinks that the port
number is 8080 (or 8443) instead of 80 (or 8080). Thanks for pointing
that out.
- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAksDBC4ACgkQ9CaO5/Lv0PDlyACgkmy2WPIzm0coQg7RR8GtBz+v
Ix4An390CgFpNuBGrP0OoK6hY8Vv6/f/
=GWMJ
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: https and port numbers
Posted by David Smith <dn...@cornell.edu>.
Christopher Schultz wrote:
> David,
>
> On 11/17/2009 7:39 AM, David Smith wrote:
> > Your tomcat has to listen on 443 to remove the port number from the
> > URL. This is not a tomcat issue, but rather the browser's expectation.
>
> That's not entirely true. If Robert configures his firewall to redirect
> port 443 -> 8443 similar to how he does 80 -> 8080, then he can "remove"
> the port number from the URL by changing the redirectPort attribute in
> his <Connector> to "443".
>
> -chris
You're talking about proxying the connection with a reverse proxy. That
works, but I believe the connector will have to have proxyPort set so
generated URLs within the app don't include a port number.
--David
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: https and port numbers
Posted by Christopher Schultz <ch...@christopherschultz.net>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
David,
On 11/17/2009 7:39 AM, David Smith wrote:
> Your tomcat has to listen on 443 to remove the port number from the
> URL. This is not a tomcat issue, but rather the browser's expectation.
That's not entirely true. If Robert configures his firewall to redirect
port 443 -> 8443 similar to how he does 80 -> 8080, then he can "remove"
the port number from the URL by changing the redirectPort attribute in
his <Connector> to "443".
- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAksCwRQACgkQ9CaO5/Lv0PAEMwCfUG5PRI63Mu1Hqtz/SM1yc44M
g5UAniTtU0Bmr0TkC7CdPdYtZfntKrme
=utz4
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: https and port numbers
Posted by Robert Denison <ro...@blim.org>.
That's exactly what I was hoping for, thanks David (and others who have posted), you're a gent.
I thought it might be something like that but I couldn't find any conclusive evidence about handling secure ports...
R.
On 17 Nov 2009, at 12:39, David Smith wrote:
> Your tomcat has to listen on 443 to remove the port number from the URL. This is not a tomcat issue, but rather the browser's expectation.
>
> -- David
>
>
> On Nov 17, 2009, at 4:40 AM, Robert Denison <ro...@blim.org> wrote:
>
>> Hi,
>>
>> I've set up my tomcat server to serve http requests on port 8080 and https on port 8443. My firewall forwards requests for 80 to 8080 and 8443 to 8443.
>>
>> It works fine but as it stands https requests have the form https://mydomain.com:8443. I would like to set it up so like most secure internet sites there is no port number in the URL even when using https. Can anyone point me in the right direction or at some documentation that will help?
>>
>> Cheers for any help,
>>
>> R.
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>> For additional commands, e-mail: users-help@tomcat.apache.org
>>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: https and port numbers
Posted by David Smith <dn...@cornell.edu>.
Your tomcat has to listen on 443 to remove the port number from the
URL. This is not a tomcat issue, but rather the browser's expectation.
-- David
On Nov 17, 2009, at 4:40 AM, Robert Denison <ro...@blim.org> wrote:
> Hi,
>
> I've set up my tomcat server to serve http requests on port 8080 and
> https on port 8443. My firewall forwards requests for 80 to 8080 and
> 8443 to 8443.
>
> It works fine but as it stands https requests have the form https://mydomain.com:8443
> . I would like to set it up so like most secure internet sites there
> is no port number in the URL even when using https. Can anyone point
> me in the right direction or at some documentation that will help?
>
> Cheers for any help,
>
> R.
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org