jaccs
By:
jaccs

What is the basic things to be follow for mapping a tomcat web application to domain?

June 9, 2016 1.7k views
LAMP Stack DigitalOcean Java Configuration Management DigitalOcean Articles

Hi,

I have a domain from godaddy with running tomcat7 application and that was configured in apache using proxy.
Now i would like to move entire thing to tomcat only. I don't need apache now.
How should i create a host in tomcat?
Where and where i need to update the newly added domain code in tomcat7?

Can anyone suggest me?

Thanks in advance.

4 comments
  • Here's my simplified guesses of your current stack:

    web browser X accesses ==> apache webserver at port 80  which uses ==> tomcat webservice API at port XXXX
     OR
    web browser X accesses ==> apache webserver at port 80 which redirects to ==> webserver secure port 443 which uses ==> tomcat webservices API at port XXXX
     OR
    web browser X accesses ==> apache webserver at secure port 443 which uses ==> tomcat webservices API at port XXXX
    
    

    Is one or more of that correct? Can you fill in some of the X's above, or provide a simplified diagram of your stack?

  • web browser X accesses ==> apache webserver at port 80 which redirects to ==> webserver secure port 443 which uses ==> tomcat webservices API at port 8443

  • @jaccs -- This is a bit tricky. The error messages you were receiving means you were hitting the Cross-origin resource sharing (CORS) rules of your installation. One method to get around this is to proxy your tomcat application at port 8443 to somewhere in the URL of your web pages, and then all your front end code would need to change to use that proxy.

    You'll have to do research to fit your particular situation, but the overall plan is something like this:

    Have fun.

  • Hi,
    I already made this... proxy done to my url like.. Internally every call from my application i made like https://www.domain.com:8443/app1/methods.. even though i was getting insecure to access 8443 of https://www.domain.com:8443/app2/methods this url and it is blocking by the browser.
    So, now i got the problem due to tomcat of 8443 port has no SSL at my backend application(app2) which is being served as response. Where as the app1 has configured SSL of domain www.domain.com to https://www.domain.com:8443/app1/methods.. and https://www.domain.com:8443/app2/ doesn't have https access.
    This is what the entire figure out.
    Is there any way to get rid of this tricky with only one SSL?
    For my sake i am still using config what you made..

    Thanks for being with me..

2 Answers

Tomcat as your primary web server is not recommended since you'll have a difficult time setting up security arrangements, like setting security certificates for https. Having said that, the quickest way is to disable or remove apache/nginx from listening to port 80, and then configure Tomcat to take over that port.

  • Hi,
    Thanks for that,
    My config ::

    <VirtualHost *:80>
    ServerName www.domain.com
    Redirect permanent / https://domain.com/
    </VirtualHost>
    <VirtualHost *:443>
    ServerName www.domain.com
    SSLEngine on
    SSLCertificateFile /home/developer/domain.crt
    SSLCertificateKeyFile /home/developer/domain.key
    SSLCertificateChainFile /home/developer/intermediate.crt

    SSLCACertificateFile /home/developer/ca-bundle.crt
    ProxyRequests On
    ProxyPass / http://localhost:8080/domain/
    ProxyPassReverse / http://localhost:8080/domain/
    

    </VirtualHost>

    Here the problem is when request comes tomcat have to serve on 8443.. but ssl is configured to domain.com which is served. whenever response is treated that was not serving as https it is saying that insecure and blocking the pages.

    I totally confused my application is running on tomcat only, as andrew said i made proxy over apache. But responses coming over from tomcat as http and those are not converting to https entirely my application is collapsed over usage of https.

    Finally i realized that removing ssl settings over apache virtualhost and trying to implement entirely over tomcat.

    is that best approach?
    I have 4 more applications running over apache if i do like as you said those are not served as before.
    suggest me the best approach as possible.

    Thanks again for your response on my post.
    and waiting for suggestion!

Your apache proxy settings looks a bit off. Save a copy of your existing apache configuration somewhere else (like your home directory), and try modifying your current apache configuration entries to something like this

<VirtualHost *:80>
 ServerName www.domain.com
 ProxyPreserveHost       On
 ProxyRequests   Off
 ProxyPass / http://localhost:8080/domain/
 ProxyPassReverse / http://localhost:8080/domain/
 RewriteEngine on
 RewriteCond %{SERVER_NAME} =www.domain.com
 RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,QSA,R=permanent]
</VirtualHost>

<VirtualHost *:443>
 ProxyPreserveHost On
 ProxyRequests Off
 ProxyPass / http://localhost:8080/domain/
 ProxyPassReverse / http://localhost:8080/domain/
 ServerName www.domain.com
 SSLEngine on
 SSLCertificateFile /home/developer/domain.crt
 SSLCertificateKeyFile /home/developer/domain.key
 SSLCertificateChainFile /home/developer/intermediate.crt
 SSLCACertificateFile /home/developer/ca-bundle.crt
 </VirtualHost>

A few more non-critical notes: the standard location for your SSL certificates should reside on a secure location, like somewhere in /etc. Also, you may want to explicitly add the error and access logging locations in the section shown above.

Hope that works for you.

  • Time god... that was impressed.
    But again i was kicking with the same error... at the console.. like
    functionality not happening. See the snap you will get to it.
    [https://www.dropbox.com/s/5wd0fnefv49l290/prob.png?dl=0](http://)

    If you can't see the attached link.. try to understand the figure out below

    Failed to load resource: net::ERRINSECURERESPONSE
    https://www.domain.com:8443/anotherapp/example.do/

    this was supported application of of domain what i have provided above and that also running on the tomcat only.
    When response comes from that webapp from tomcat it is behaving like Failed to load resource: net::ERRINSECURERESPONSE at the cosole. I have given port 8443 and domain.com at the code when request made for ssl sake.
    So it is saying that it was insecure. That was the problem what i'm facing.
    Regards.

    • can't you understand what i said?

    • Your certificate for https://www.domain.com is not the same as https://www.domain.com:8443, i.e., the port 8443 will be rejected because it's potentially not going to the same certified entity at port 443. Your best options would be to not include the port in your URI and let the standard behaviour of mapping https to port 443 happen. BTW, this is what the configuration above is suppose to do.
      Another more complex option is to set up a subdomain, let's say wwws.domain.com, and assign a new security certificate to that instead. You can then use DNS on the DO control panel to assign the subdomain wwws to port 8443. Use the search bar in the tutorials section to find out the details of how to set up subdomains with your droplet.
      Good luck.

      • Thanks for that great pleasure,
        Let me try to remove that allowing 8443..

        • Hi,
          I tried with, removed 8443. Again i'm getting console error.
          This request has been blocked; the content must be served over HTTPS.

          Here domain configured application is internally calling another web application that was deployed in tomcat. In the sense,
          I made one application(app1) is for html pages and another(app2) is for back-end support. SSL is configured for app1 with domain.com. That was internally calling app2, that calling i made as,

          https://localhost:8443/app2/response -- this was first configured one and it is giving insecure response error on chrome.
          Now tried http://localhost:8080/app2/response
          --this is giving This request has been blocked; the content must be served over HTTPS.

          How should i supposed to give that app2 url inside app1 to letting me in over https, with the rid of all console errors?

          am i need to buy another SSL for that app2 to get rid of all blocking?

Have another answer? Share your knowledge.