Let me explain my situation.
Currently, I have a lot of applications running on Tomcat 6, on the default port 8080.
I just created some applications that will need a log in. I'm going to buy an SSL certificate to install on this server.
I don't like the idea of using port 8443 because it makes the URL more complicated. If I run Tomcat on port 80, I'd have to change dozens of links and I'd have to run Tomcat as root ( rather than tomcat ).
Is there any problem running the insecure applications on port 8080 but having the secure run on port 443?
I'm imagining my setup will have URLs that look like this:
Is this possible?
Yes, it's perfectly OK. Just configure the connectors to use the respective ports. But for 443 I'd guess root would be required as well.
Setup HTTP connector on 8080 and HTTPS connector on 8443. In your <Connector> declaration add proxyPort attribute and set it to default HTTP and HTTPS port ( 80 and 443 respectively ). Setup firewall redirect rule from 80 to 8080 and from 443 to 8443. Then the server will accept regular http and https URLs without the need to specify port numbers.
Below is a sample declaration of these connectors.
<Connector
maxSpareThreads='75'
port='8080'
proxyPort='80'
enableLookups='false'
maxThreads='150'
connectionTimeout='20000'
disableUploadTimeout='true'
minSpareThreads='5'
maxHttpHeaderSize='8192'
redirectPort='443'
acceptCount='200'
/>
<Connector
SSLEnabled='true'
keystoreFile='/path/to/keystore.jks'
maxSpareThreads='75'
port='8443'
proxyPort='443'
algorithm='SunX509'
enableLookups='false'
secure='true'
maxThreads='150'
connectionTimeout='20000'
disableUploadTimeout='true'
scheme='https'
minSpareThreads='5'
maxHttpHeaderSize='8192'
sslProtocol='SSL'
acceptCount='200'
clientAuth='false'
/>
And here are some redirect IPTABLES commands:
# Redirect external packets
-A PREROUTING -j NAT-Port-Redirect
# redirect http traffic
-A NAT-Port-Redirect -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 8080
# redirect https traffic
-A NAT-Port-Redirect -p tcp -m tcp --dport 443 -j REDIRECT --to-ports 8443
来源:https://stackoverflow.com/questions/3561667/can-i-run-tomcat-securely-on-port-443-and-insecurely-on-8080