Page tree
Skip to end of metadata
Go to start of metadata

HTTPS in Tomcat

 

Admin App and storefront require https connection for obvious reasons, so you need to make sure that your tomcat instance is https enabled.

There is an in-depth article for configuring this on Tomcat 7 here but if you just want a quick and dirty self signed certificate what you need to do is:

1. Generate a self signed certificate using java key tool

Use command line to generate a certificate:

$JAVA_HOME/bin/keytool -genkey -alias tomcat -keyalg RSA -keystore /path/to/keystore/keyname

Follow the steps in key tool and put relevant information in.

You need to make sure that for all passwords input you MUST specify same password due to tomcats implementation limitation.
 Remember that on *nix the file that will be generated needs to have correct ownership for the tomcat to read it. So use chown if necessary

 

2. Tell tomcat connector to use generated certificate

Navigate to server.xml that is located in $CATALINA_HOME/conf/ and change the following connector settings:

    <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
              maxThreads="150" scheme="https" secure="true"
              keystoreFile="/path/to/keystore/keyname" keystorePass="yourpass"
              clientAuth="false" sslProtocol="TLS" />

  

if you are running tomcat behind Apache HTTP or use native tomcat libraries the above approach will not

work as you need to configure SSL on the AJP Connector. Please consult relevant Tomcat version documentation for this.

Upload file size

 

Sometimes import files that you will use in Admin App will cause tomcat to crash. In most cases this is due to the file size limit.

To increase the allowed upload file size you need to set it on all applicable connectors in server.xml.

The server.xml is located in $CATALINA_HOME/conf/.

You need to locate each Connector tag required and set the maxPostSize size to a value you require. By default this value is set to 2MB.

For example to increase size to 100MB the connector configuration must look something like this:

   <Connector port="8080" protocol="HTTP/1.1"
              connectionTimeout="20000" maxPostSize="104857600"
              redirectPort="8443" />

    <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
              maxThreads="150" scheme="https" secure="true"
              connectionTimeout="20000" maxPostSize="104857600"
              keystoreFile="conf/ssl/sslkey" keystorePass="ycselfsigned"
              clientAuth="false" sslProtocol="TLS" />

    <Connector port="8011" protocol="AJP/1.3" 
              maxPostSize="104857600"
              packetSize="65536"
              redirectPort="443" />


Logback

 

By default Logback starts working when web apps are loaded with context of those web apps. Therefore some logging messages might be missed out.

In order to address this Logback has tutorial on configurations for Tomcat

  • No labels