Configuring SSL for Crowd 5.2 with Tomcat 9

isher March 21, 2024

Hey Community!

I'm having trouble configuring SSL for Crowd 5.2, which now uses Tomcat 9. Can anyone provide guidance or tips on how to properly configure the server.xml file in Tomcat 9 to support SSL for Crowd 5.2?

Till 5.2 version release my server.xml looks like this:


<?xml version="1.0" encoding="UTF-8"?>
<Server port="8020" shutdown="SHUTDOWN">
    <Service name="Catalina">
<Connector
                   port="443"
                   protocol="org.apache.coyote.http11.Http11Protocol"
                   maxThreads="150"
                   SSLEnabled="true"
                   scheme="https"
                   secure="true"
                   clientAuth="false"
                   sslProtocol="TLS"
                   keystoreFile="${user.home}/.keystore/keystore.jks"
                   keystorePass="myPass"
   />
<Connector
acceptCount="100"
                    connectionTimeout="20000"
                    disableUploadTimeout="true"
                    enableLookups="false"
                    protocol="HTTP/1.1"
                    maxHttpHeaderSize="8192"
                    maxThreads="150"
                    minSpareThreads="25"
                    port="80"
                    secure="false"
                    scheme="http"
                    redirectPort="443"
                    useBodyEncodingForURI="true"
                    URIEncoding="UTF-8"
                    compression="on"
                    sendReasonPhrase="true"
                    compressableMimeType="text/html,text/xml,application/xml,text/plain,text/css,application/json,application/javascript,application/x-javascript"
/>
        <Engine defaultHost="localhost" name="Catalina">
            <Host appBase="webapps" autoDeploy="true" name="localhost" unpackWARs="true"/>
            <Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs" prefix="localhost_access_log." suffix=".log" pattern="%t %{User-Agent}i %h %m %r %b %s %I %{X-AUSERNAME}o %{X-AAPPNAME}o" />
            <Valve className="org.apache.catalina.valves.RemoteIpValve" remoteIpHeader="x-forwarded-for" protocolHeader="x-forwarded-proto" />
        </Engine>
        <!-- To connect to an external web server (typically Apache) -->
        <!-- Define an AJP 1.3 Connector on port 8009 -->
        <!--
            <Connector port="8009" enableLookups="false" redirectPort="8443" protocol="AJP/1.3" />
        -->
    </Service>
    <!-- Security listener. Documentation at /docs/config/listeners.html
    <Listener className="org.apache.catalina.security.SecurityListener" />
    -->
    <!--APR library loader. Documentation at /docs/apr.html -->
    <Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" />
    <!-- Prevent memory leaks due to use of particular java/javax APIs-->
    <Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener" />
    <Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" />
    <Listener className="org.apache.catalina.core.ThreadLocalLeakPreventionListener" />
</Server>

Any help or insights would be greatly appreciated!

 

1 answer

1 accepted

1 vote
Answer accepted
isher March 21, 2024

Weird, spend so much time on solving this, but solution was simple. Maybe someone will find it usefull:


<Connector port="443" protocol="org.apache.coyote.http11.Http11NioProtocol" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
sslProtocol="TLS"
keystoreFile="${user.home}/.keystore/keystore.jks"
keystorePass="myPass"
/>

Suggest an answer

Log in or Sign up to answer
TAGS
AUG Leaders

Atlassian Community Events