Unsuperfluous

#!/bin/bash

Recently for the first time I was able to easily get Tomcat up and running on SSL without feeling the need to rip my hair out. I was able to copy a config from a co-worker. I'm not sure why hours of Googling wasn't able to give me an easy answer. Here's the easy answer!

Comment out the standard http connectors (usually 8080)

<!--     <Connector port="8080" protocol="HTTP/1.1"                connectionTimeout="20000"                redirectPort="8443" /> -->

Your SSL connector should look like this:

    <Connector       port="9443" minSpareThreads="5" maxSpareThreads="75"       enableLookups="true" disableUploadTimeout="true"       acceptCount="100"  maxThreads="200"       scheme="https" secure="true" SSLEnabled="true"       SSLCertificateFile="/etc/ssl/certs/ssl-cert-snakeoil.pem"       SSLCertificateKeyFile="/etc/ssl/private/ssl-cert-snakeoil.key"       clientAuth="false" sslProtocol="TLS" />

Of course you'll want to customize this but the beauty is, if you are used to dealing with standard Apache type certs, this is plug and play.

So noted!

Okay, This totally kicked my ass for at least the second time and it really pissed me off. I'm immortalizing it here so I can not waste hours due to issues with brain cells and remembering things the next time this crops up.

If I weren't so lazy and so Tomcat impaired, I probably would have just imported an SSL keypair using keytool. The problem? The SSL certificate is in apache2 openssl pem format. Last I recall I've never successfully gotten a proper keypair into tomcat because I specialize in dumping certs out of the Java keystore and into apache2 format not the other way around.

But that's okay! We have standardized on apache2 fulfilling our https needs! Oh. But wait... the app is in plain http and spewing out http references, thus messing up our proxy. Well, after another lost couple of hours, I have a pretty weak solution. Using an https proxy to provide the encryption and URL rewriting on the http server to force references back from http to https.

1) Set up the secure http server and set up the proxies:

<VirtualHost 1.2.3.4:443>    ServerName myapp.mydomain.net       ...       ProxyPass               /myapp       http://localhost:8196/myapp       ProxyPassReverse    /myapp       http://localhost:8196/myapp    ...

2) Set up the non-ssl http server to handle some of the mess

 <VirtualHost 1.2.3.4:80>     ServerName myapp.mydomain.net    ...

   RewriteEngine on    RewriteRule ^/(.*)$ https://%{SERVER_NAME}/$1 [R,L]    ...

It was pretty hard to debug but this did the trick.

The end result is "myapp" running on port 8196 without any trouble of SSL certificates but to the outside world, it's a secure address of https://mydomain.net/myapp

It all seemed like a good idea at the time. Certainly next year I will be a bit more guarded. There's only 2 trips left to go and if it weren't for having a high regard for doing what you said you would do, I'd blow off the last two things.

I don't even remember when it started nor do I have the energy to go through the pictures and video right now but at every step of the way, I just couldn't say no. It sounded like a great idea at the time! I pledge to follow up and and at least half assedly document each of these trips a bit better in the near future.

Coco View Resort, Roatán, Honduras A week of Caribbean - all you can dive - dive resort

Operation Dive Your Face Off V3 - Channel Islands, California 3 day dive liveaboard with 20 dive fanatics

Nanaimo / Victoria, British Columbia 2 days of wreck diving, 1 day of technical dives on some deep walls in the Saanich Inlet

Camping with friends at Millersylvania State Park, Washington

Lake Huron, Presque Is. / Alpena, Michigan 4 days of deep wreck diving on the Molly V with Shipwreck Explorers, Inc.

Upcoming: North Central Florida - Cave Diving - 8 days

Burning Man, Black Rock City, Nevada

If that weren't enough, I've taken and passed the following dive courses:

Technical DPV Pilot (Diver Propulsion Vehicle - Technical version AKA Tech Scooter)

Trimix I - Mixed gas diver, suitable to diving to the 170 - 230 ft range

Trimix II - Mixed gas diver, suitable to diving to 230 ft and deeper

Up next: Recreational Dive Instructor - NAUI

Stock photo as caption for my stock beer batter. So easy -- so good ;-)

http://www.foodnetwork.com/recipes/alton-brown/chips-and-fish-recipe/index.html

2 cups flour

1 tablespoon baking powder

1 teaspoon kosher salt

1/4 teaspoon cayenne pepper

Dash Old Bay Seasoning

Yep. After trying for 15 minutes to find an unused Tumblr address that wasn't taken, and over capacity issues... the FIRST POST IS HERE! BUST OUT THE CHAMPAGNE!