Re: Do I need a keystore?

Thu, 05 May 2016 14:30:01 -0700 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Matthew,

On 5/5/16 5:05 PM, Matthew Herzog wrote:
> when I run the startup script
> 
> /usr/bin/java -Djava.security.egd=file:/dev/./urandom 
> -Djava.awt.headless=true -Xmx512m -XX:MaxPermSize=256m 
> -XX:+UseConcMarkSweepGC -classpath 
> /usr/share/tomcat/bin/bootstrap.jar:/usr/share/tomcat/bin/tomcat-juli.
jar:/usr/share/java/commons-daemon.jar
>
> 
- -Dcatalina.base=/usr/share/tomcat -Dcatalina.home=/usr/share/tomcat
> -Djava.endorsed.dirs= -Djava.io.tmpdir=/var/cache/tomcat/temp 
> -Djava.util.logging.config.file=/usr/share/tomcat/conf/logging.propert
ies
>
> 
- -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager
> org.apache.catalina.startup.Bootstrap start
> 
> I see the following error.
> 
> SEVERE: Failed to initialize end point associated with
> ProtocolHandler ["http-bio-8443"]
> 
> java.io.FileNotFoundException: /root/.keystore (No such file or
> directory) So if I change my ajp config from
> 
> <Connector port="8009" protocol="AJP/1.3" redirectPort="8443" /> 
> to
> 
> <Connector port="8009" protocol="AJP/1.3" redirectPort="80" />
> 
> will I be able to avoid the keystore work? I'm doing a proof of
> concept so my cluster will never be exposed to the Internet.

You are confused about a few things:

1. It's never good to run as root. Stop doing that.

2. The "redirectPort" attribute doesn't have any effect on what ports
Tomcat binds to.

3. The http-bio-8443 endpoint is an HTTP connector, not an AJP13
connector.

4. If you want to enable TLS, then yes, you will need a keystore.

So, if you don't need HTTPS, then disable whatever connector you have
that looks kind of like this:

   <Connector port="443" secure="true" ... />

- -chris
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iEYEARECAAYFAlcruwwACgkQ9CaO5/Lv0PDwTgCgkTa+TGbqw9WX0ttjVPShmKlr
z24AnRnkDLeXVQcOxNVBU0EdHKxVB+Yw
=KyZE
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Reply via email to