Tomcat by default listens on http port 8000. Follow these instructions to change Tomcat to listen on an https port.
| Table of Contents |
|---|
Stop the Tomcat server.
| Code Block |
|---|
<FlexDeploy Home>/StopFlexDeploy.sh |
There are a few different ways that customers can get certificates.
Create a Java Key Store to hold your SSL Certificate. You will need to update location to JDK, alias, and give appropriate path for the keystore location. Make sure it is NOT in the apache-tomcat-flexdeploy folder. The apache-tomcat-flexdeploy folder will be cleaned up with each upgrade, so it is important not to place all supporting files in the flexdeploy home folder or another subfolder instead. This example uses /home/oracle for the location.
...
| Code Block |
|---|
<Connector port="8443" protocol="HTTP/1.1" sslVerifyClient="optional" sslEnabledProtocols="TLSv1.2" connectionTimeout="20000" maxThreads="200" SSLEnabled="true" secure="true" maxHttpHeaderSize="16384" schema="https" keystoreFile="/home/oracle/flexdeploy.keystore" keystorePass="changeit" keyAlias="myalias" clientAuth="false" sslProtocol="TLS"/> |
On Unix, privileged ports (less than 1024) cannot be opened by a non-root user. The solution is to forward traffic from 443 to the port used above (8443). As root, update iptable rule to redirect the traffic from 443 to 8443.
| Code Block |
|---|
iptables -t nat -I PREROUTING -p tcp --destination-port 443 -j REDIRECT --to-ports 8443 |
Also saving iptables will ensure the setting stays after a unix server restart.
| Code Block |
|---|
iptables save |
To view the rule after:
| Code Block |
|---|
iptables -L -t nat |
You should see:
| Code Block |
|---|
REDIRECT tcp -- anywhere anywhere tcp dpt:https redir ports 8443 |
in the output of the command
Start the Tomcat server.
| Code Block |
|---|
<FlexDeploy Home>/StartFlexDeploy.sh |
...