Hi Peter I would use tomcat to provide https if it could be configured to do this - is this fairly easy to do?
The IT Department have given me a Certificate and private key for the server (OXNETMDMS04) but do I need to use "keytool" to create a key store for the Certificate? (I am referring to the link https://tomcat.apache.org/tomcat-9.0-doc/ssl-howto.html). Kind regards Mark Mark Sandels |Senior Systems Analyst/Programmer|IM & T Services – Integration Services Team |Manor House Annexe Room G22, Oxford University Hospitals NHS Trust , Headley Way, Headington, Oxford OX3 9RR |Phone: 01865 (5) 72103 | Email: mark.sand...@ouh.nhs.uk NHS colleagues can visit the OUH IM&T Services intranet site at http://ouhimt.oxnet.nhs.uk -----Original Message----- From: logo [mailto:l...@kreuser.name] Sent: 05 July 2018 10:27 To: users@tomcat.apache.org Subject: Re: Apache http / tomcat connectors - source code of web-page is displayed rather than web-page Mark, Am 05.07.2018 10:31, schrieb André Warnier: > Hi. > > I have not looked through all of your configuration lines, but I > believe that the problem is first of all this line : > > On 05.07.2018 09:18, Sandels Mark (RTH) OUH wrote: >> DocumentRoot "C:\Program Files (x86)\apache-tomcat-9.0.6\webapps" > +1 That's most certainly the reason. You can browse down to WEB-INF and see web.xml or any file with credentials... Even worse if you enable indexes! Make yourself familiar how to configure Apache httpd and be aware that any config in the main httpd-file is for the whole server! Put all config into your own virtualhost not the default. You can severly mess up the security of your tomcat webapp if you don't understand httpd. httpd hardening adds just one more complexity. Do you really need httpd fronting tomcat? Tomcat provides pretty much everything you need... Best regards Peter --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
