You can use apache with mod_jk and then just setup the ssl through apache and tomcat will use the 443 port through apache.
If you want to use letencrypt you need to add JkUnMount for /.well-known/* directory so that when you run lets encrypt it can create and get to this directory through apache. John On Thu, Feb 7, 2019 at 9:45 AM Garret Wilson <gar...@globalmentor.com> wrote: > Hi, everyone. In the computer course I'm writing I'm using Tomcat for > the server. (Students learn how to set up CentOS and everything from > scratch. Currently the course has them using Tomcat running on port > 8080.) I'm going back to write the section on security. I want students > to learn to set up their web server to use SSL/TLS on port 443, with > HTTP port 80 redirecting to HTTPS port 443. This should be a very basic, > fundamental configuration, no? > > The last time I did this myself was about 10 or 15 years ago, when I > compiled Apache myself and put it in front of Tomcat using whatever > connectors (I'll have to go look at my configuration from back then), > purchasing outrageously priced SSL certificates and installing them > manually. How I'm sure things are greatly improved. Recently I've set up > Apache (I didn't have to compile it) hosting static pages directly, and > using Let's Encrypt (once I figured out what I should be doing) for SSL > was a breeze. It's working nicely. So I assume I'd want to use Let's > Encrypt in whatever solution I prescribe to the students. > > So what is the best practice, straightforward, and simple setup for > Tomcat with SSL on port 443 (preferably using Let's Encrypt) with HTTP > port 80 forwarding to HTTPS port 443? Do I still need to stick Apache > (or Nginx?) in front of it? (The last I checked, letting Tomcat use > lower port numbers was a pain, and nobody seemed to know an easy, > straightforward way to do it.) > > Maybe this is a better question of Stack Overflow, but since the experts > are here and I'm already on the list, I thought I'd ask. Thanks in > advance! I'm really wanting to learn here. > > Best, > > Garret > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > >
