enable https in tomcat dspace public access
466 views
Skip to first unread message
Saidy Binta
Nov 3, 2016, 6:02:46 AM11/3/16
to DSpace Technical Support
Hi All,
Please see configuration on tomcat but I cannot still access tomcat on https. Please direct me on the way forward.
<Connector port="8443" protocol="org.apache.coyote.http11.Http11AprProtocol" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true" SSLEngine="on" clientAuth="false"
SSLCertificateFile="X:/certs/star_mrc_gm.p7b" SSLCertificateKeyFile="X:/certs/star_mrc_gm.pem"
sslProtocol="TLS" />
regards
Binta
DISCLAIMER: This message is private and confidential. If you have received this message in error please notify us and remove it from your system. Any views and opinions expressed in this message are those of the individual sender and do not necessarily represent the views and opinions of MRC Unit The Gambia.
___________________________________________________________
This communication is confidential and may contain privileged information intended solely for the named recipient(s). It may not be used or disclosed except for the purpose for which it has been sent. If you are not the intended recipient, you must not copy, distribute, take any action or reliance on it. If you have received this communication in error, do not open any attachments but please notify the Help Desk by e-mailing he...@mrc.gm quoting the sender details, and then delete this message along with any attached files. E-mail messages are not secure and attachments could contain software viruses which may damage your computer system. Whilst every reasonable precaution has been taken to minimise this risk, The MRC Unit The Gambia cannot accept any liability for any damage sustained as a result of these factors. You are advised to carry out your own virus checks before opening any attachments. Unless expressly stated, opinions in this message are those of the e-mail author and not of the Medical Research Council Unit The Gambia.
________________________________________________________________________
Tom Hutchinson
Nov 3, 2016, 11:03:32 AM11/3/16
to Saidy Binta, DSpace Technical Support
Hi Binta,
I think my setup is a bit different than yours. I'm using Apache in
front of Tomcat. My Apache is open to the world with SSL turned on.
Then it connects to Tomcat using AJP and mod_proxy. My Tomcat is not
directly accessible outside of the server.
Are you redirecting port 443 to 8443? Are you able to access the site
if you add :8443 to the address? (e.g.
https://not.myrealaddress.com:8443)
Another possibility is that you are running into firewall/port issues.
I had to open port 443 using iptables. I suggest trying to connect
from within the server. You can ssh in and use a text based web
browser such as links or lynx. Try accessing https://localhost:8443 If
that works, try accessing https://localhost (https defaults to port
443)
The good thing is that these tomcat setup issues aren't specific to
DSpace. I used the official DSpace documentation but also ran plenty
of searches about setting up tomcat/apache (unrelated to DSpace).
Regards,
Tom
> --
> You received this message because you are subscribed to the Google Groups
> "DSpace Technical Support" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to dspace-tech...@googlegroups.com.
> To post to this group, send email to dspac...@googlegroups.com.
> Visit this group at https://groups.google.com/group/dspace-tech.
> For more options, visit https://groups.google.com/d/optout.
I think my setup is a bit different than yours. I'm using Apache in
front of Tomcat. My Apache is open to the world with SSL turned on.
Then it connects to Tomcat using AJP and mod_proxy. My Tomcat is not
directly accessible outside of the server.
Are you redirecting port 443 to 8443? Are you able to access the site
if you add :8443 to the address? (e.g.
https://not.myrealaddress.com:8443)
Another possibility is that you are running into firewall/port issues.
I had to open port 443 using iptables. I suggest trying to connect
from within the server. You can ssh in and use a text based web
browser such as links or lynx. Try accessing https://localhost:8443 If
that works, try accessing https://localhost (https defaults to port
443)
The good thing is that these tomcat setup issues aren't specific to
DSpace. I used the official DSpace documentation but also ran plenty
of searches about setting up tomcat/apache (unrelated to DSpace).
Regards,
Tom
> You received this message because you are subscribed to the Google Groups
> "DSpace Technical Support" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to dspace-tech...@googlegroups.com.
> To post to this group, send email to dspac...@googlegroups.com.
> Visit this group at https://groups.google.com/group/dspace-tech.
> For more options, visit https://groups.google.com/d/optout.
helix84
Nov 3, 2016, 11:18:19 AM11/3/16
to Saidy Binta, DSpace Technical Support
Hi Binta,
apart from what Tom said, which is all good advice, I'd like to add
that terminating SSL at Tomcat like you're trying to do is a perfectly
fine option (as long as you don't plan on using Shibboleth SP,
mod_rewrite or other Apache-specific modules).
There's a catch with SSL connector configuration, though. There are
three implementations in Apache:
* Http11AprProtocol - the one you tried to use - will work iff you're using APR
* Http11NioProtocol - will work iff you're not using APR
* Http11Protocol - will work iff you're not using APR
This is all described in the Tomcat documentation (the whole page is
relevant; this is the part on context configuration). Use Tomcat
documentation for your Tomcat version. This one is for Tomcat 7:
https://tomcat.apache.org/tomcat-7.0-doc/ssl-howto.html#Edit_the_Tomcat_Configuration_File
Regards,
~~helix84
Compulsory reading: DSpace Mailing List Etiquette
https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette
apart from what Tom said, which is all good advice, I'd like to add
that terminating SSL at Tomcat like you're trying to do is a perfectly
fine option (as long as you don't plan on using Shibboleth SP,
mod_rewrite or other Apache-specific modules).
There's a catch with SSL connector configuration, though. There are
three implementations in Apache:
* Http11AprProtocol - the one you tried to use - will work iff you're using APR
* Http11NioProtocol - will work iff you're not using APR
* Http11Protocol - will work iff you're not using APR
This is all described in the Tomcat documentation (the whole page is
relevant; this is the part on context configuration). Use Tomcat
documentation for your Tomcat version. This one is for Tomcat 7:
https://tomcat.apache.org/tomcat-7.0-doc/ssl-howto.html#Edit_the_Tomcat_Configuration_File
Regards,
~~helix84
Compulsory reading: DSpace Mailing List Etiquette
https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette
Reply all
Reply to author
Forward
0 new messages