• About
  • Everyday Linux Commands

<roughCode/>

~ …so I can find it

Tag Archives: Linux Java

Configure Tomcat 7 to use HTTPS

29 Monday Sep 2014

Posted by Scott in Apache Tomcat, Application Servers, Java, Linux / UNIX

≈ Comments Off on Configure Tomcat 7 to use HTTPS

Tags

Java, Linux Java, tomcat

The following steps were used to configure a Tomcat 7 server listening on port 8081 to use https and forward regular http connections on port 80 to the standard https port 443.

Port forwarding:

sudo iptables -t nat -I PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 8081
sudo iptables -t nat -I PREROUTING -p tcp --dport 443 -j REDIRECT --to-port 8443
sudo service iptables save
sudo service iptables restart

Standard port 80 connections will be forwarded to Tomcat at port 8081 and it will decide what to do (Tomcat is told to forward that to port 443 later). Standard port 443 connections are forwarded to port 8443, which is a new connector we will configure in Tomcat’s server.xml file.

Create a keystore and CSR to get an SSL certificate:

Note: ran this in the home directory of the tomcat user

keytool -genkey -alias server -keyalg RSA -keysize 2048 -keystore server_name.jks -dname "CN=fqdn-of-server.domain.com,OU=department-value, O=company-name, L=city, ST=state, C=US" && keytool -certreq -alias server -file server_name.csr -keystore server_name.jks && echo Your certificate signing request is in server_name.csr. Your keystore file is server_name.jks. Thanks for using the DigiCert keytool CSR helper.
sudo chown tomcat: server_name.jk

Be sure to update the ownership of the file so that the tomcat user has access.

Once you have your cert…

Import the certificate:

sudo keytool -import -trustcacerts -alias server -file cert-from-CA.p7b -keystore server_name.jks

Update the Tomcat server.xml file:

Updated the existing connector from:
<Connector port=”8081″ protocol=”HTTP/1.1″
connectionTimeout=”20000″
redirectPort=”8444″ />

to:

<Connector port=”8081″ protocol=”HTTP/1.1″
connectionTimeout=”20000″
redirectPort=”443″ />

Created a new connector for the ssl connection:

<Connector port=”8443″ protocol=”HTTP/1.1″ SSLEnabled=”true”
maxThreads=”150″ scheme=”https” secure=”true”
clientAuth=”false” sslProtocol=”TLS”
keystoreFile=”/usr/share/tomcat/servername.jks”
keystorePass=”password-value” />

Update the Tomcat web.xml file:

Add the following before the closing </web-app> tag:

<security-constraint>
<web-resource-collection>
<web-resource-name>Protected Context</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<!– auth-constraint goes here if you requre authentication –>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>

Restart Tomcat and hope for the best 🙂

Last, but not least, here’s the site I used to help generate the CSR: https://www.digicert.com/csr-creation.htm

Advertisement

Rotating Apache HTTPD log files

18 Monday Aug 2014

Posted by Scott in Apache Web Server, Linux / UNIX

≈ Comments Off on Rotating Apache HTTPD log files

Tags

apache, Linux Java

On CentOS and RHEL, take advantage of an automatic, daily cron job that runs logrotate.  This example rotates the default logs and my custom logs using a wildcard in the directory for random vhosts.

In /etc/logrotate.d/httpd:

/var/log/httpd/*log /var/www/html/public/*/*log {
missingok
notifempty
sharedscripts
daily
rotate 7
delaycompress
postrotate
/sbin/service httpd reload > /dev/null 2>/dev/null || true
endscript
}

 

More installing Java on CentOS

14 Monday Jul 2014

Posted by Scott in Java, Linux / UNIX

≈ Comments Off on More installing Java on CentOS

Tags

Java, linux, Linux Java

from .bash_history…

sudo yum install java-1.6.0-openjdk-devel

well…where did that install to? Check out the crazy stuff @ /usr/lib/jvm/

sudo JAVA_HOME=/usr/lib/jvm/java-openjdk
export JAVA_HOME
PATH=$JAVA_HOME/bin:$PATH
export PATH

Continue reading →

Today’s links and stuff to sort

03 Friday Aug 2012

Posted by Scott in Apache Tomcat, Application Servers, Networking

≈ Comments Off on Today’s links and stuff to sort

Tags

Linux Java

Tomcat memory error starting an application: http://www.mkyong.com/tomcat/tomcat-javalangoutofmemoryerror-permgen-space/

Jenkins/Maven generate WAR file missing files (and additional directories) from inside /WEB-INF/classes/ event though MyEclipse was building it correctly.
added the following to the pom.xml file…

      <resource>
      	<directory>${basedir}/src/main/resources</directory>
      	<filtering>false</filtering></resource>
    </resources>

 

 

Recent Posts

  • Bulk commands to install PHP and MySQL on CentOS 7
  • Four year gap? No, had just been self-hosting for a while
  • winhttpcertcfg.exe Example
  • Configure Tomcat 7 to use HTTPS
  • SCP on Mac (and a tool for Windows)

Archives

  • November 2018
  • October 2018
  • October 2014
  • September 2014
  • August 2014
  • July 2014
  • January 2013
  • December 2012
  • November 2012
  • October 2012
  • September 2012
  • August 2012
  • July 2012

Categories

  • Apache Tomcat
  • Apache Web Server
  • Application Servers
  • C#
  • CMS
  • Code Samples
  • Databases
  • Development Tools
  • Drupal
  • IIS
  • Java
  • Linux / UNIX
  • MS SQL Server
  • Networking
  • Operating Systems
  • Oracle
  • Uncategorized
  • Video Games
  • Windows
  • WordPress

Meta

  • Register
  • Log in
  • Entries feed
  • Comments feed
  • WordPress.com

Blog at WordPress.com.

Privacy & Cookies: This site uses cookies. By continuing to use this website, you agree to their use.
To find out more, including how to control cookies, see here: Cookie Policy
  • Follow Following
    • <roughCode/>
    • Already have a WordPress.com account? Log in now.
    • <roughCode/>
    • Customize
    • Follow Following
    • Sign up
    • Log in
    • Report this content
    • View site in Reader
    • Manage subscriptions
    • Collapse this bar