WSS will work if you enable and configure the HTTPS connector in server.xml.
This part of the configuration is not really wss specific and tomcat site contains a bunch of good docs on how to do this. > On Mar 29, 2017, at 4:40 PM, Sharat Jagannath <sharsm...@gmail.com> wrote: > > The code on the tomcat page does not have examples for wss. But I will look > into his ngnix is configured > > Thanks > > On Mar 29, 2017 1:15 PM, "Mark Eggers" <its_toas...@yahoo.com.invalid> > wrote: > >> Sharat, >> >>> On 3/29/2017 9:23 AM, Sharat Jagannath wrote: >>> I get a 404 error when I call my server endpoint with wss. >>> I'm using tomcat 9 which sits behind ngnix. Does that make a difference? >>> here's how my server.xml looks like- >>> >>> >>> <?xml version='1.0' encoding='utf-8'?> >>> <!-- >>> Licensed to the Apache Software Foundation (ASF) under one or more >>> contributor license agreements. See the NOTICE file distributed with >>> this work for additional information regarding copyright ownership. >>> The ASF licenses this file to You under the Apache License, Version 2.0 >>> (the "License"); you may not use this file except in compliance with >>> the License. You may obtain a copy of the License at >>> >>> http://www.apache.org/licenses/LICENSE-2.0 >>> >>> Unless required by applicable law or agreed to in writing, software >>> distributed under the License is distributed on an "AS IS" BASIS, >>> WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or >> implied. >>> See the License for the specific language governing permissions and >>> limitations under the License. >>> --> >>> <!-- Note: A "Server" is not itself a "Container", so you may not >>> define subcomponents such as "Valves" at this level. >>> Documentation at /docs/config/server.html >>> --> >>> <Server port="8005" shutdown="SHUTDOWN"> >>> <Listener className="org.apache.catalina.startup.VersionLoggerListener" >> /> >>> <!-- Security listener. Documentation at /docs/config/listeners.html >>> <Listener className="org.apache.catalina.security.SecurityListener" /> >>> --> >>> <!--APR library loader. Documentation at /docs/apr.html --> >>> <Listener className="org.apache.catalina.core.AprLifecycleListener" >>> SSLEngine="on" /> >>> <!-- Prevent memory leaks due to use of particular java/javax APIs--> >>> <Listener >>> className="org.apache.catalina.core.JreMemoryLeakPreventionListener" /> >>> <Listener >>> className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" >> /> >>> <Listener >>> className="org.apache.catalina.core.ThreadLocalLeakPreventionListener" >> /> >>> >>> >>> <!-- Global JNDI resources >>> Documentation at /docs/jndi-resources-howto.html >>> --> >>> <GlobalNamingResources> >>> <!-- Editable user database that can also be used by >>> UserDatabaseRealm to authenticate users >>> --> >>> <Resource name="UserDatabase" auth="Container" >>> type="org.apache.catalina.UserDatabase" >>> description="User database that can be updated and saved" >>> factory="org.apache.catalina.users. >> MemoryUserDatabaseFactory" >>> pathname="conf/tomcat-users.xml" /> >>> </GlobalNamingResources> >>> >>> <!-- A "Service" is a collection of one or more "Connectors" that share >>> a single "Container" Note: A "Service" is not itself a >> "Container", >>> so you may not define subcomponents such as "Valves" at this >> level. >>> Documentation at /docs/config/service.html >>> --> >>> <Service name="Catalina"> >>> >>> <!--The connectors can use a shared executor, you can define one or >>> more named thread pools--> >>> <!-- >>> <Executor name="tomcatThreadPool" namePrefix="catalina-exec-" >>> maxThreads="150" minSpareThreads="4"/> >>> --> >>> >>> >>> <!-- A "Connector" represents an endpoint by which requests are >> received >>> and responses are returned. Documentation at : >>> Java HTTP Connector: /docs/config/http.html >>> Java AJP Connector: /docs/config/ajp.html >>> APR (HTTP/AJP) Connector: /docs/apr.html >>> Define a non-SSL/TLS HTTP/1.1 Connector on port 80 >>> --> >>> >>> >>> <Connector port="80" protocol="HTTP/1.1" >>> connectionTimeout="20000" >>> redirectPort="8443" URIEncoding="UTF-8" >>> useBodyEncodingForURI="true" compression="on" compressionMinSize="2048" >>> noCompressionUserAgents="gozilla, traviata" >>> compressableMimeType="text/html,text/xml,text/plain,text/ >> css,text/javascript" >>> /> >>> >>> >>> <!-- A "Connector" using the shared thread pool--> >>> <!-- >>> <Connector executor="tomcatThreadPool" >>> port="8080" protocol="HTTP/1.1" >>> connectionTimeout="20000" >>> redirectPort="8443" /> >>> --> >>> <!-- Define a SSL/TLS HTTP/1.1 Connector on port 8443 >>> This connector uses the NIO implementation with the JSSE engine. >>> When >>> using the JSSE engine, the JSSE configuration attributes must be >>> used. >>> --> >>> <!-- >>> <Connector port="8443" >>> protocol="org.apache.coyote.http11.Http11NioProtocol" >>> maxThreads="150" SSLEnabled="true"> >>> <SSLHostConfig> >>> <Certificate certificateKeystoreFile="conf/keystore-rsa.pem" >>> type="RSA" /> >>> </SSLHostConfig> >>> </Connector> >>> --> >>> <!-- Define a SSL/TLS HTTP/1.1 Connector on port 8443 with HTTP/2 >>> This connector uses the APR/native implementation. When using >> the >>> APR/native implementation or the OpenSSL engine with NIO or NIO2 >>> then >>> the OpenSSL configuration attributes must be used. >>> --> >>> <!-- >>> <Connector port="8443" >>> protocol="org.apache.coyote.http11.Http11AprProtocol" >>> maxThreads="150" SSLEnabled="true" > >>> <UpgradeProtocol className="org.apache.coyote. >> http2.Http2Protocol" >>> /> >>> <SSLHostConfig honorCipherOrder="false" > >>> <Certificate certificateKeyFile="conf/localhost-rsa-key.pem" >>> certificateFile="conf/localhost-rsa-cert.pem" >>> certificateChainFile="conf/ >> localhost-rsa-chain.pem" >>> type="RSA" /> >>> </SSLHostConfig> >>> </Connector> >>> --> >>> >>> <!-- Define an AJP 1.3 Connector on port 8009 --> >>> <Connector port="8009" protocol="AJP/1.3" redirectPort="8443" /> >>> >>> >>> <!-- An Engine represents the entry point (within Catalina) that >>> processes >>> every request. The Engine implementation for Tomcat stand alone >>> analyzes the HTTP headers included with the request, and passes >>> them >>> on to the appropriate Host (virtual host). >>> Documentation at /docs/config/engine.html --> >>> >>> <!-- You should set jvmRoute to support load-balancing via AJP ie : >>> <Engine name="Catalina" defaultHost="localhost" jvmRoute="jvm1"> >>> --> >>> <Engine name="Catalina" defaultHost="localhost" jvmRoute="dev02"> >>> >>> >>> <!--For clustering, please take a look at documentation at: >>> /docs/cluster-howto.html (simple how to) >>> /docs/config/cluster.html (reference documentation) --> >>> <!-- >>> <Cluster className="org.apache.catalina.ha.tcp.SimpleTcpCluster"/> >>> --> >>> >>> <!-- Use the LockOutRealm to prevent attempts to guess user >> passwords >>> via a brute-force attack --> >>> <Realm className="org.apache.catalina.realm.LockOutRealm"> >>> <!-- This Realm uses the UserDatabase configured in the global >> JNDI >>> resources under the key "UserDatabase". Any edits >>> that are performed against this UserDatabase are immediately >>> available for use by the Realm. --> >>> <Realm className="org.apache.catalina.realm.UserDatabaseRealm" >>> resourceName="UserDatabase"/> >>> </Realm> >>> >>> <Host name="localhost" appBase="webapps" >>> unpackWARs="true" autoDeploy="true"> >>> >>> <!-- SingleSignOn valve, share authentication between web >>> applications >>> Documentation at: /docs/config/valve.html --> >>> <!-- >>> <Valve className="org.apache.catalina.authenticator.SingleSignOn" >> /> >>> --> >>> >>> <!-- Access log processes all example. >>> Documentation at: /docs/config/valve.html >>> Note: The pattern used is equivalent to using >> pattern="common" >>> --> >>> <Valve className="org.apache.catalina.valves.AccessLogValve" >>> directory="logs" >>> prefix="localHost_access_log" suffix=".txt" >>> pattern="%h %l %u %t "%r" %s %b" /> >>> >>> </Host> >>> </Engine> >>> </Service> >>> </Server> >>> >>> >>> >>>> On Mar 29, 2017 6:24 AM, "calder" <calder....@gmail.com> wrote: >>>> >>>> On Tuesday, March 28, 2017, Sharat Jagannath <sharsm...@gmail.com> >> wrote: >>>> >>>>> how do i setup websocket on server side for using wss with tomcat >> config? >>>>> is there any config i need to do with tomcat? any certification to >> setup? >>>> >>>> >>>>> >>>> >>>> Read up using the How-to: >>>> >>>> https://tomcat.apache.org/tomcat-8.0-doc/web-socket-howto.html >>>> >>>> >>>> http://tomcat-configure.blogspot.com/2014/05/tomcat-websock >>>> et-example.html >>>> >>> >> >> Two things to try: >> >> 1. Have you tried to connect without using NGINX as a front end proxy? >> >> 2. Have you configured your NGINX server appropriately? >> >> See the following for configuring NGINX to act as a websocket proxy: >> >> http://nginx.org/en/docs/http/websocket.html >> https://www.nginx.com/blog/websocket-nginx/ >> >> Also, see the following: >> >> http://tomcat.apache.org/tomcat-9.0-doc/web-socket-howto.html >> >> and follow the links to look at both the server and client side code. >> >> Please note that I've not done any of this, since I have Tomcat sitting >> behind Apache HTTPD 2.2. I have not ported the proxy_wstunnel module >> from Apache HTTPD 2.4 to 2.2. >> >> . . . just my two cents >> /mde/ >> >> Please note that I've not done any of this. >> >> >> --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
