Marco Ehrentreich wrote:
@Tim McGuire: What exactly do you mean? Tomat 6 doesn't even provide this script, if I know it correctly. Do you want to enable SSL or setup SSL? Enable - maybe. To setup there are definitely more things to do like generating a key store / X.509 certificate.
If you simply want to SSL-protect all webapp access, set the transport mechanism in web.xml. I normally have "public" URLs and private ones, since I like to have my app's home page visible to all, but then again, I'm soliciting public access. You can set the URL pattern to "*" and require all URLs for that app to be secure.
Server.xml defines what and where, but as I understand it, the webapp definition (web.xml) determines what protocols are bound to what URLs and not the container.
chances are, any requests coming from a DHCP-assigned source are going through NAT, so the source IP address(es) for that particular network are likely to be limited.
Tomcat's web.xml is the default webapp's web.xml, so it doesn't apply to user-supplied apps.
It definitely sounds like you should be fronting external access with Apache HTTPS ( or maybe squid) and firewalling port 8080. That way you don't have to change anything in Tomcat or the webapps. It's about the simplest way to get things done.
If you want to be really paranoid, yet allow yourself dialin from anywhere in the world, try a port-knocking setup. It will allow to to send a "secret message" that will open up the firewall for whatever source IP you're coming from.
I haven't run Apache on Windows in a while, so I don't know how easy it is these days.