Hello everyone,
I am setting up a website to serve content through Apache tomcat. I managed to get the site configured so as to connect through http, but had problems correctly configuring tomcat for https, in part due to being unable to install Openssl.
After many unsuccessful attempts to correctly configure tomcat, I came across the suggestion to use nginx as a reverse proxy server that can handle SSL, and connect it to tomcat. That is what I am trying now. I don't really know what I am doing, as I have no experience with server/website configuration.
Could you take a look at my nginx configuration file and my tomcat server.xml file and suggest a course of action?
Here is what I have done:
iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 8080
iptables -t nat -A PREROUTING -p tcp --dport 443 -j REDIRECT --to-port 8443
Someone on Stackoverflow said I needed to do this to get around tomcat's port restrictions.
sudo certbot --nginx
. This created the certificates in .pem
format. They are in /etc/letsencrypt/live/coanzse.org
The nginx file /etc/nginx/conf.d/coanzse.org.conf
looks like this:
server {
server_name coanzse.org;
# HTTP configuration
listen 80;
listen [::]:80;
# HTTP to HTTPS
if ($scheme != "https") {
return 301 https://$host$request_uri;
} # managed by Certbot
# HTTPS configuration
listen [::]:443 ssl ipv6only=on; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/coanzse.org/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/coanzse.org/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
location / {
proxy_pass http://coanzse.org:8080;
proxy_redirect off;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_read_timeout 900;
}
}
For tomcat, my server.xml
file contains this block:
<Connector port="8080" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="8443"
maxParameterCount="1000"
scheme="https"
proxyPort="443"
/>
With each new configuration, I restart both tomcat and nginx with sudo systemctl restart tomcat.service
and sudo systemctl restart nginx
.
My domain is: coanzse.org
I ran this command: Many, many different commands.
It produced this output: Still can't get to https://coanzse.org
My web server is (include version): Apache Tomcat/9.0.78
The operating system my web server runs on is (include version): Centos Linux release 7.7.1908 (Core)
My hosting provider, if applicable, is:
I can login to a root shell on my machine (yes or no, or I don't know): yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel): yes, the default Apache tomcat control panel
The version of my client is: certbot 2.6.0
Sorry for needing help for what is obviously a very basic problem. Thanks for any help you can provide!