Configure Tomcat 7 to use HTTPS

Tags

Java, Linux Java, tomcat

The following steps were used to configure a Tomcat 7 server listening on port 8081 to use https and forward regular http connections on port 80 to the standard https port 443.

Port forwarding:

sudo iptables -t nat -I PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 8081
sudo iptables -t nat -I PREROUTING -p tcp --dport 443 -j REDIRECT --to-port 8443
sudo service iptables save
sudo service iptables restart

Standard port 80 connections will be forwarded to Tomcat at port 8081 and it will decide what to do (Tomcat is told to forward that to port 443 later). Standard port 443 connections are forwarded to port 8443, which is a new connector we will configure in Tomcat’s server.xml file.

Create a keystore and CSR to get an SSL certificate:

Note: ran this in the home directory of the tomcat user

keytool -genkey -alias server -keyalg RSA -keysize 2048 -keystore server_name.jks -dname "CN=fqdn-of-server.domain.com,OU=department-value, O=company-name, L=city, ST=state, C=US" && keytool -certreq -alias server -file server_name.csr -keystore server_name.jks && echo Your certificate signing request is in server_name.csr. Your keystore file is server_name.jks. Thanks for using the DigiCert keytool CSR helper.
sudo chown tomcat: server_name.jk

Be sure to update the ownership of the file so that the tomcat user has access.

Once you have your cert…

Import the certificate:

sudo keytool -import -trustcacerts -alias server -file cert-from-CA.p7b -keystore server_name.jks

Update the Tomcat server.xml file:

Updated the existing connector from:
<Connector port=”8081″ protocol=”HTTP/1.1″
connectionTimeout=”20000″
redirectPort=”8444″ />

to:

<Connector port=”8081″ protocol=”HTTP/1.1″
connectionTimeout=”20000″
redirectPort=”443″ />

Created a new connector for the ssl connection:

<Connector port=”8443″ protocol=”HTTP/1.1″ SSLEnabled=”true”
maxThreads=”150″ scheme=”https” secure=”true”
clientAuth=”false” sslProtocol=”TLS”
keystoreFile=”/usr/share/tomcat/servername.jks”
keystorePass=”password-value” />

Update the Tomcat web.xml file:

Add the following before the closing </web-app> tag:

<security-constraint>
<web-resource-collection>
<web-resource-name>Protected Context</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<!– auth-constraint goes here if you requre authentication –>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>

Restart Tomcat and hope for the best 🙂

Last, but not least, here’s the site I used to help generate the CSR: https://www.digicert.com/csr-creation.htm

Advertisement

More installing Java on CentOS

Tags

Java, linux, Linux Java

from .bash_history…

sudo yum install java-1.6.0-openjdk-devel

well…where did that install to? Check out the crazy stuff @ /usr/lib/jvm/

sudo JAVA_HOME=/usr/lib/jvm/java-openjdk
export JAVA_HOME
PATH=$JAVA_HOME/bin:$PATH
export PATH

Continue reading →

Eclipse tips and tricks (because it’s not Visual Studio)

Tags

eclipse, Java

A quick list of things I keep trying to learn in my transition form Visual Studio to Eclipse…more to come (and I might make this a page if I gather together enough of them)

The Display view = immediate window
(see http://blog.singhanuvrat.com/tech/eclipse-display-view-for-interactive-debugging )

and hover over a variable or method and get a little pop-up menu to open the declaration or implementation or other such code location. Like right-click Go To Definition, etc in Visual Studio

The Outline view is great for navigating code. Kinda like the drop-down of declarations and methods in Visual Studio’s tool bar…

 

Notes using Spring Roo

Tags

Java, spring

If you ever use Spring Roo and already have an existing database, be sure to comment out the hibernate.hbm2ddl.auto property in persistence.xml

How to, hints links follow…

Continue reading →

java.lang.UnsatisfiedLinkError: no lwjgl in java.library.path

Tags

Java, maven

On a team doing a java project (not the one for work. I hate that one and wish I could find a new job, it sucked that much joy out of life) got the java.lang.UnsatisfiedLinkError: no lwjgl in java.library.path error when I tried to run a reference project I was reviewing.

The two answers that I liked the most (because I could have just imported the lwjgl jar, but then the project would have that reference to the path on my Mac, and the source I downloaded had the authors Windows path, so it’s all stupid at this point) were to use a plugin to extend the M2E Maven plugin for Eclipse — see http://maven.40175.n5.nabble.com/How-to-manage-librairy-with-native-dll-in-maven-td5652069.html … basically add the http://mavennatives.googlecode.com/svn/eclipse-update/ location when adding software to eclipse and then add the plugin…

then add the following to your pom.xml:

<plugin>
  <groupId>com.googlecode.mavennatives</groupId>
  <artifactId>maven-nativedependencies-plugin</artifactId>
  <version>0.0.6</version>
  <executions>
    <execution>
      <id>unpacknatives</id>
      <phase>generate-resources</phase>
      <goals>
        <goal>copy</goal>
      </goals>
    </execution>
  </executions>
</plugin>

 

— and then add

-Djava.library.path=target/natives

to the VM arguments in your run configuration — https://groups.google.com/forum/?fromgroups=#!topic/playn/E2t7gNh4ab0 is where I got that one.

And it was all good.  The reference project in questions sucked, but at least I was able to get Maven to do what I think it should do…