Hello,
My Stack: Ubuntu 16.04, Apache2, Tomcat8 (running Geoserver as my ‘app’)
I installed letsencrypt on my Apache2 server using certbot and selected to have only SSL connections. I have setup the Sites-Available/
I have been able to redirect traffic to my Tomcat8 AppServer (https to http) and send back the url as https in the browser url.
I am trying to configure Tomcat_8:883 to accept the letsencrypt cert so I can have
Apache2(https) to Tomcat8(https) on to my ‘App’ using my Certs. ( unless that is the wrong way to go )
How do I configure the Connector?
Include /etc/letsencrypt/options-ssl-apache.conf
Include /etc/letsencrypt/options-ssl-apache.conf
Include /etc/letsencrypt/options-ssl-apache.conf
ServerAlias www.myserver.com
Include /etc/letsencrypt/options-ssl-apache.conf
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/myserver.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/myserver/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
Are you sure you want to? If you are proxying back on the loopback interface (127.0.0.1), there doesn't seem to be any real benefit and it will come with the overhead of double TLS handshakes.
Anyway, Tomcat requires certificates and private keys to be packed up in either a Java keystore or a pfx archive. You can read how to do that, and how to configure the Tomcat connector here: Apache Tomcat 8 (8.0.53) - SSL/TLS Configuration HOW-TO
Thanks for the response. “Are you sure you want to ?”… I cannot answer that as I am pretty ignorant, just starting out. I have a site that I had up but it wasnt https.
I will go through the two suggestions you sent and will let you know my results. Thanks again for the response.
The reasoning behind not configuring HTTPS for Tomcat is that it doesn’t have any substantial security benefit in a localhost reverse proxy setup such as yours. You have an opportunity to simplify things.
You can have HTTPS all the way up to Apache, and then use ordinary HTTP between Apache and Tomcat, and this would be sufficiently secure (and indistinguishable from having HTTPS all the way).
Hello, are you sure this can work? I have been trying to do something similar, I have my apache2 as a reverse proxy but when I set the files created with certbot, the page doesn’t open, it shows an error of invalid certificate
Currently I’m not using the https, I comented the instruction to continue the development, I also have to say that I’m using CloudFlare as my DNS and I have a permanent redirection to the folder that represents my Tomcat deployment. Let me add again the configuration I made and I will post the error
Wow, Thanks for the assistance. I have to admit that the issue was not ‘LetsEncrypt’ or the config files. My instance of Geoserver did not have a base url setup correctly to work with the reverse proxy. However, thanks this is a pretty cool group.