Certbot with Tomcat9
i've set up the https on apache http server (port 80) along with webmin (port 10000) using let's encrypt. i've installed tomcat9 on the same server and it's listening to port 8080 (http). tomcat9 server also works fine. i am trying to set up the https for tomcat9. i've copied cert1.pem, chain1.pem, and privkey.pem from /etc/letsencrypt/archive/{domain.com} folder into /etc/tomcat9 folder. Also updated server.xml by uncommenting "connector port="8443" section and put the locations of the pem files on the certificate section. i've restarted the tomcat9 service. When i go to http://mydomain.com:8080, it shows the tomcat webpage. if i do https://mydomain.com:8080 or https://mydomain.com:8443, i get ERR_COMMECTION_REFUSED. iptable -L -n -v shows the port 8443 to accept. Can you help?
2 Replies
jyoo
Linode Staff
You may need to adjust your server.xml file to enable Tomcat for SSL use. There are some recommendations in this guide. Essentially, you'd need to add a line in server.xml that states the locations of your SSL information, and set your connector ports to 443. The error that you're seeing (Connection Refused) is most likely related specifically to the connector ports set up in server.xml; you might find this StackOverflow post to help as well.
jecochard
Linode Staff
Going a step further you may want to also redirect any HTTP requests over HTTPS. This can be done by updating two of your .xml files, server.xml & web.xml, and restarting Tomcat. I should preface the below code blocks by saying I haven't tried this myself, but after reviewing a couple guides (linked below) these changes should do it.
server.xml
<Connector port=”80" protocol=”HTTP/1.1"
connectionTimeout=”20000"
redirectPort=”443" />
web.xml
<security-constraint>
<web-resource-collection>
<web-resource-name>Entire Application</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
Resources: