• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Ron McLeod
  • Paul Clapham
  • Jeanne Boyarsky
  • Liutauras Vilda
Sheriffs:
  • Rob Spoor
  • Bear Bibeault
  • Tim Cooke
Saloon Keepers:
  • Tim Moores
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Piet Souris
Bartenders:
  • Frits Walraven
  • Himai Minh

SSL 8443 port removing from url

 
Greenhorn
Posts: 5
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hello guys , i have a question about tomcat ssl.I added ssl to tomcat.And it worked , just my url which is that : https://mywebsite.com:8443 which is working correctly.But https://mywebsite.com which is not working correctly.Actually i am confusing about ports.I will share my connectors , what should i do ? Which port should i change ? I am using apache tomcat 8.5.x.




 
Ranch Foreman
Posts: 124
5
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
The reason is, that modern Webbrowser default to TCP/443 for HTTPS, same goes with TCP/80 for regular HTTP. So, if your server run on any different port than default you always have to give it in the url: https://fqdn.example:8443/ - unfortunately there's no way around it - although DNS would be able to server a record contain a port this was never implemented but the whole web evolved around what's called "well known ports", like TCP/80 for HTTP, TCP/443 for HTTPS, and so on for many other protocols. If your server runs on any other port than its designated default you always have to explictly tell the client about it.
If the internet would had evolved just a bit different in a way where a DNS record not just resolvs a hostname to an IP address but also to a port and maybe a protocol this nowaday issue could had been prevent in the first place - but it's one of a kind of "we know this today - but it's too late to change" - pretty much as Chernobyl and Fukushima.
 
Kerem Sarmış
Greenhorn
Posts: 5
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Okey , what should i do for this reason ? I tried this :
<Connector port="8080" protocol="HTTP/1.1"
             connectionTimeout="20000"
             redirectPort="8443" />
             <Connector port="80" protocol="HTTP/1.1"
             connectionTimeout="20000"
              proxyName="www.mywebsite.com" proxyPort="80" redirectPort="443" />
               
 <Connector port="443" protocol="org.apache.coyote.http11.Http11NioProtocol"
  maxThreads="150" SSLEnabled="true" compression="on" scheme="https" secure="true"
  keystoreFile="conf/mywebsite.jks"  keystorePass="pass" SSLVerifyClient="none" SSLEnabledProtocols="TLSV1.2,TLSv1.1,SSLv2Hello" />


it did not work.But if i do that , it will work : <Connector port="8080" protocol="HTTP/1.1"
             connectionTimeout="20000"
             redirectPort="8443" />
             <Connector port="80" protocol="HTTP/1.1"
             connectionTimeout="20000"
              proxyName="www.mywebsite.com" proxyPort="80" redirectPort="8443" />
               
 <Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
  maxThreads="150" SSLEnabled="true" compression="on" scheme="https" secure="true"
  keystoreFile="conf/mywebsite.jks"  keystorePass="pass" SSLVerifyClient="none" SSLEnabledProtocols="TLSV1.2,TLSv1.1,SSLv2Hello" />
 
Saloon Keeper
Posts: 6995
164
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Tomcat can't normally use ports below 1024 for security reasons, and you should leave it that way. Just use port 8443, and mention the port number explicitly in the URL.
 
Sheriff
Posts: 22211
117
Eclipse IDE Spring VI Editor Chrome Java Windows
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
What you can possibly do is put a proxy in front of Tomcat. This is done quite often, with Nginx, Apache HTTPD or IIS acting as the proxy.
 
Saloon Keeper
Posts: 23774
161
Android Eclipse IDE Tomcat Server Redhat Java Linux
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
As others have mentioned, DNS only resolves to IP addresses, not port numbers. So a URL of https://coderanch.com/forums resolves to the server at 204.144.184.130 but, lacking an explicit port number override, your web browser can only deduce (because you said "https" and not "http") that the port to address would be 443 (http has a default port number of 80).

The restriction on non-privileged users against listening on low-numbered network port numbers is not Tomcat's fault, but rather that of the operating system. All OS's that I know of which implement TCP/IP networking have the same restriction. And you don't want to run Tomcat as a privileged user - that opens up a large security exposure.

In business environments, the safest solution is to do like Rob said and front Tomcat with a reverse proxy server. On some OS's, such as Linux, you can alternatively setup firewall rules for port translation so that incoming requests to port 443 are re-routed by the firewall to port 8443. This can also be done by some Internet router devices.

Re-routing tricks are fine for small potatoes, but the reverse proxy is better for an Enterprise, since it allows multiple virtual hosts to all be processed thruogh the same contact point and to mix and match both JEE (Tomcat) and non-JEE apps (like PHP) at that point.
 
You showed up just in time for the waffles! And this tiny ad:
Building a Better World in your Backyard by Paul Wheaton and Shawn Klassen-Koop
https://coderanch.com/wiki/718759/books/Building-World-Backyard-Paul-Wheaton
reply
    Bookmark Topic Watch Topic
  • New Topic