Java Mailing List Archive

http://www.junlu.com/

Home » Home (12/2007) » Apache Tomcat »

Re: Removing the port identifier

Matthew Kerle

2007-08-15

Replies:


the only way to get rid of the port number is to have something
listening on :443 (that's the way browsers are, sorry), and then hand
requests over to tomcat, so to get what you want something will have to
bind to :443 at some point, requiring root privs. What you want is
something that will bind to the port as a privileged user and
subsequently drop priv's to a limited user. the Apache web server is
excellent for this kind of thing.

The easiest way to do this would be with apache sitting in front of
tomcat with either mod_jk2 or forwarding requests with mod_rewrite. It
doesn't really matter where the port forwarder sits, but usually you
want to align with existing IT infrastructure and use an existing
internal/internet web server to redirect requests to your app. If your
company already has apache then this is a cinch, otherwise you'll have
to figure out how to reverse-proxy with the web server du jour...

Is this close to what you're after?

--

* Matthew Kerle
** IT Consultant* **
* Canberra, Australia*

Mobile: +61404 096 863
Email:   <mailto:mattkerle@(protected)
<mailto:mattkerle@(protected)>
Web:    Matthew Kerle <http://threebrightlights.blogspot.com/>


Stephen Caine wrote:
> Is there a way to remove the port number from a https request where
> the original url looks something like this:
>
> https://host_name:8443/
>
> The approach to change the server.xml file (where the connector port
> is changed from 8443 to 443) is not practical for us. When this is
> done, Tomcat requires the root user to run. We consider this a
> security risk.
>
> We have considered a port forwarder, but we are unclear whether to
> install this on the Tomcat server or router. In any event, we are not
> at all sure this is the best approach. Any advice will be
> appreciated. Our operating system is Mac OS X.
>
> Thanks,
>
> Stephen
>
> ---------------------------------------------------------------------
> To start a new topic, e-mail: users@(protected)
> To unsubscribe, e-mail: users-unsubscribe@(protected)
> For additional commands, e-mail: users-help@(protected)
>


---------------------------------------------------------------------
To start a new topic, e-mail: users@(protected)
To unsubscribe, e-mail: users-unsubscribe@(protected)
For additional commands, e-mail: users-help@(protected)

©2008 junlu.com - Jax Systems, LLC, U.S.A.