I manage dozens of contexts/domains using loosely coupled code. Chris - of course it's amazing. I would also call it super and profound. :)
I am in the middle of some TI at our office today .. can't really stop to do this. I have the code used to identify and validate the certbot requests and a few scripts that use the certbot to do the work. Come to think of it, my certs will need renewal soon. I'll take a pass over what I have and send it out after I renew .. thank you for your patience. John On 4/17/19, Christopher Schultz <[email protected]> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA256 > > To whom it may concern, > > On 4/17/19 10:22, TurboChargedDad . wrote: >> I would have the opposite feeling. I would not want a java process >> parked out in the internet. Not saying you're wrong just my >> personal feeling. > It would be interesting to compare the number of remotely-exploitable > vulnerabilities there have been in e.g. httpd versus e.g. Tomcat in a > given period of time. My guess is that the Java-based servers have had > a better track record. The difference is that typically if you own a > web server, you just own the web server. But if you own an application > server, you typically get access to lots of great stuff like the > application's database. > >> Maybe things have shifted in a different direction over the year. > Any particular year? > >> I do agree that something like that would be helpful to other >> tomcat admins. Would you consider putting it into github ? > certbot does almost everything you need. There is also this: > https://people.apache.org/~schultz/ApacheCon%20NA%202018/Let's%20Encrypt > %20Apache%20Tomcat.pdf > > So unless John has done something truly amazing, maybe adding more > tools to what MUST be a secure toolchain isn't a great move. > > - -chris > >> On Wed, Apr 17, 2019 at 9:18 AM John Dale <[email protected]> >> wrote: >> >>> I have a really nice process that works great with certbot. >>> Single command to renew all of my certs and I'm finished. >>> >>> I get some piece of mind having a Java process guarding the >>> front door. Seems to be more impervious to overflows. What am I >>> missing? >>> >>> I think what I have might be easily developed into something to >>> help other Tomcat users. >>> >>> On 4/17/19, TurboChargedDad . <[email protected]> wrote: >>>> We terminated SSL above the tomcat layer using NGINX or Apache >>>> to avoid the complexities that come with managing a JKS. I >>>> want to hear all I can on this subject. >>>> >>> >>> --------------------------------------------------------------------- >>> >>> > To unsubscribe, e-mail: [email protected] >>> For additional commands, e-mail: [email protected] >>> >>> >> > -----BEGIN PGP SIGNATURE----- > Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/ > > iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAly3WFMACgkQHPApP6U8 > pFjFUA//Q5HiqvarK/NO/o2tjtVUVs75RJaTEao7T1eUCwMIf/F9nkpZpNG8TxK7 > slT0zu3GMaB5+Z5PK753M3+vZ9nytbat4ODbUNpUMrqeT1/U0eaF1LdbY0jeUmKH > hmzQFTtLEtJ9mMYn+KJ3sA8D3sIECWwFuKD+BdYmOkzAZn37HlzyI+1CMr4mEA6C > LnhlD/hEeG4HiO5FtE4BxRKZ0vcLhBp10/m27E6j6KDiiwT7+tlNfwD53S5P94vv > f/FbwSP8GJfkFu13ot+ce1IVerMNpMpc6nay1efJmYtT4oHyNP0YUVMZyN8YyCTO > 5yiLYOj8yXLxLatdKBWJ+1fsqd5DXuOEv0KmaIaqi3pLHg5oJQp5CtsLKTSFVTmV > FBoWew1JFhh5DBI27uJntGzlwIGjKAq7Cq0qitL2gVCiDr6HFaI/gkvVriDjoZL/ > L3E5JDSpYL/iSzBeBd5qKbGVz7+/bdsHoxdHGRFrvcNYyPZIT871bVoNjvyaSFsM > KZGYcgZgruzN6hT3+jmJpHHoINb+XQeViM140HvYJP1zrcyCZ9ejqpw1BSB+WbT0 > OutjYugoJwORD2SWFTXAc5g6flP5I6JYogexzlj0UPx6v0969I6OBPkLRyMzyKnr > RTSLV2mYJifNFjLvJ98blhhRmZG3BgAJR4ussur1NTZzs6I03Bc= > =4l6s > -----END PGP SIGNATURE----- > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
