Firstly, thanks. You said, "the http-bio-8443 endpoint is an HTTP connector, not an AJP13 connector."
This is confusing to me because all the tutorials I have read don't say anything about commenting out the line in server.xml that reads: <Connector port="8009" protocol="AJP/1.3" redirectPort="8443" /> I had assumed port 8443 was analogous to port 443. Bad assumption on my part. On Thu, May 5, 2016 at 5:28 PM, Christopher Schultz < [email protected]> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Matthew, > > On 5/5/16 5:05 PM, Matthew Herzog wrote: > > when I run the startup script > > > > /usr/bin/java -Djava.security.egd=file:/dev/./urandom > > -Djava.awt.headless=true -Xmx512m -XX:MaxPermSize=256m > > -XX:+UseConcMarkSweepGC -classpath > > /usr/share/tomcat/bin/bootstrap.jar:/usr/share/tomcat/bin/tomcat-juli. > jar:/usr/share/java/commons-daemon.jar > > > > > - -Dcatalina.base=/usr/share/tomcat -Dcatalina.home=/usr/share/tomcat > > -Djava.endorsed.dirs= -Djava.io.tmpdir=/var/cache/tomcat/temp > > -Djava.util.logging.config.file=/usr/share/tomcat/conf/logging.propert > ies > > > > > - -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager > > org.apache.catalina.startup.Bootstrap start > > > > I see the following error. > > > > SEVERE: Failed to initialize end point associated with > > ProtocolHandler ["http-bio-8443"] > > > > java.io.FileNotFoundException: /root/.keystore (No such file or > > directory) So if I change my ajp config from > > > > <Connector port="8009" protocol="AJP/1.3" redirectPort="8443" /> > > to > > > > <Connector port="8009" protocol="AJP/1.3" redirectPort="80" /> > > > > will I be able to avoid the keystore work? I'm doing a proof of > > concept so my cluster will never be exposed to the Internet. > > You are confused about a few things: > > 1. It's never good to run as root. Stop doing that. > > 2. The "redirectPort" attribute doesn't have any effect on what ports > Tomcat binds to. > > 3. The http-bio-8443 endpoint is an HTTP connector, not an AJP13 > connector. > > 4. If you want to enable TLS, then yes, you will need a keystore. > > So, if you don't need HTTPS, then disable whatever connector you have > that looks kind of like this: > > <Connector port="443" secure="true" ... /> > > - -chris > -----BEGIN PGP SIGNATURE----- > Comment: GPGTools - http://gpgtools.org > Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ > > iEYEARECAAYFAlcruwwACgkQ9CaO5/Lv0PDwTgCgkTa+TGbqw9WX0ttjVPShmKlr > z24AnRnkDLeXVQcOxNVBU0EdHKxVB+Yw > =KyZE > -----END PGP SIGNATURE----- > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > > -- "I am no Einstein." -- Albert Einstein
