I am getting a lot of flack from some senior devs who insist that Tomcat must
be put behind a Proxy - HA Proxy or Nginx, which will handle the SSL offloading
etc.
While this seems sensible for multi-server environments, they want it for
single server too. But Tomcat can do all the things that a
Hi Merlin,
you can reload the certificates already (think it is in JMX but you can
also do it programmatically through a listener or valve - which is
convenient to handle the let's encrypt public part), you can have a look to
https://github.com/apache/openwebbeans-meecrowave/blob/master/meecrowave
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Merlin,
On 6/8/20 10:17, Merlin Beedell wrote:
> I am getting a lot of flack from some senior devs who insist that
> Tomcat must be put behind a Proxy – HA Proxy or Nginx, which will
> handle the SSL offloading etc.
>
> While this seems sensible for
ell
Subject: Re: Support for LetsEncrypt certs, and update process, in Tomcat
without restart.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Merlin,
On 6/8/20 10:17, Merlin Beedell wrote:
> I am getting a lot of flack from some senior devs who insist that
> Tomcat must be put behi
----
>
> From: Christopher Schultz
>
> Sent: 08 June 2020 9:14 PM
>
> To: Tomcat Developers List ; Merlin Beedell
>
>
> Subject: Re: Support for LetsEncrypt certs, and update process, in
> Tomcat without restart.
>
>
>
> Hash: SHA256
>
>
>
> M
has written a WAR file that implements this inside-out
> approach as a generic ACME servlet (context listener?), but I can't
> seem to find his code anywhere...
>
> - -chris
>
> > -Original Message-
> >
> > From: Christopher Schultz
> >
> >
le that implements this
> inside-out approach as a generic ACME servlet (context listener?),
> but I can't seem to find his code anywhere...
>
> -chris
>
>> -Original Message-
>
>> From: Christopher Schultz <mailto:ch...@christopherschultz.net>>
>
>> S
h certbot takes with their Apache
> > plugins, rather than an inside-out approach where the server
> > actually has a plug-in for let's encrypt (or similar).
> >
> > Romain @ TomEE has written a WAR file that implements this
> > inside-out approach as a generic ACME
--
>
>> From: Christopher Schultz
>> mailto:ch...@christopherschultz.net>
> <mailto:ch...@christopherschultz.net<mailto:ch...@christopherschultz.net>>>
>
>> Sent: 08 June 2020 9:14 PM
>
>> To: Tomcat Developers List
>> mailto:dev@tomcat.
On 13/07/2020 11:09, Merlin Beedell wrote:
> If the connector section in server.xml is edited to point to a new
> certificate path/filename, it is ignored. The current certificate
> config continues to be used.
As expected. server.xml is only read on Tomcat start. Changes made after
that point
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Merlin,
On 7/13/20 06:09, Merlin Beedell wrote:
> Hi all,
>
> Thank you for your valuable assistance and suggestions so far.
>
>
>
> I did eventually try this (again, using ‘groovy’ as a
> simple-to-use scriptable wrapper to Java), which looks like
dev@tomcat.apache.org
Subject: Re: Support for LetsEncrypt certs, and update process, in Tomcat
without restart.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Merlin,
On 7/13/20 06:09, Merlin Beedell wrote:
> Hi all,
>
> Thank you for your valuable assistance and suggestions so fa
>
> Merlin Beedell
> 0800 280 0525 / +44 (0)207 045 0520
> DDI: +44 (0)207 045 0528
> Mob: +44 (0)7876 226865
> Cryoserver: A focused, flexible email archive delivered by experts
>
> -Original Message-
> From: Christopher Schultz
> Sent: 13 July 2020 11
anager webapp to
> alter the allowed TLS levels?
This should work.
- -chris
> -Original Message- From: Christopher Schultz
> Sent: 13 July 2020 11:44 PM To:
> dev@tomcat.apache.org Subject: Re: Support for LetsEncrypt certs,
> and update process, in
Tomcat without restart.
14 matches
Mail list logo
