I have a Tomcat7
installation on CentOS 6.7
that should only allow connections on port 443. The /etc/tomcat/server.xml
file is configured as such:
<Connector port="443" protocol="org.apache.coyote.http11.Http11Protocol"
maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS"
SSLCertificateFile="./GoDaddy/Tomcat/combined.crt"
SSLCertificateKeyFile="./GoDaddy/Tomcat/privateKey.key"
SSLVerifyClient="optional" SSLProtocol="TLS"
/>
Furthermore, the /usr/share/tomcat/conf/server.xml
is configured as such:
<Connector port="443" protocol="org.apache.coyote.http11.Http11Protocol"
maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS"
SSLCertificateFile="./GoDaddy/Tomcat/combined.crt"
SSLCertificateKeyFile="./GoDaddy/Tomcat/privateKey.key"
SSLVerifyClient="optional" SSLProtocol="TLS"
/>
IPtables is configured so:
-A INPUT -p tcp -m tcp --dport 443 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 80 -j DROP
Tomcat is running:
sudo service tomcat status
tomcat (pid 2687) is running... [ OK ]
But when I try to browse to my web application, I get the following:
This webpage is not available
ERR_CONNECTION_REFUSED
I believe that I have followed Apache's instructions on the matter, but it's obvious something is wrong.
What do I need to do to resolve this?
Прежде всего вам следует проверить файл журнала - / var /log/tomcat/catalina.out.
Вы не можете использовать параметр SSLCertificateKeyFile с соединителями JSEE (BIO / NIO) только с APR. Если вы хотите использовать APR, вы должны скомпилировать и установить Tomcat Native . Когда вы запустите Tomcat, вы должны увидеть следующие строки в журнале
Java HotSpot(TM) 64-Bit Server VM warning: ignoring option MaxPermSize=384m; support was removed in 8.0
Jul 03, 2015 6:43:47 AM org.apache.catalina.core.AprLifecycleListener lifecycleEvent
INFO: Loaded APR based Apache Tomcat Native library 1.1.34 using APR version 1.3.9.