Changes between Version 6 and Version 7 of ins_tomcat7_produccion

Timestamp:

Oct 28, 2019, 11:12:24 AM (5 years ago)

Author:

lcolina

Comment:

--

ins_tomcat7_produccion

@@ -309 +309 @@
 '''Referencia:''' https://unpocodejava.com/2016/04/29/como-crear-un-certificado-autofirmado-para-tomcat-y-nginx/
 
+
+'''Nota:''' En caso de tener un servidor proxy y el proporcionará el servicio https con los certificados SSL, se debe obviar todos los pasos anteriores y solo agregar las siguientes lineas en server.xml:
+
+{{{
+root@debian9:/var/lib/tomcat8/conf# vim server.xml 
+}}}
+
+{{{
+        <!-- Mark HTTP as HTTPS forward from SSL termination at nginx proxy -->
+        <Valve className="org.apache.catalina.valves.RemoteIpValve"
+               remoteIpHeader="x-forwarded-for"
+               remoteIpProxiesHeader="x-forwarded-by"
+               protocolHeader="x-forwarded-proto"
+               internalProxies="X\.X\.X\.X"/>
+
+Donde X.X.X.X es la dirección IP de escucha del servicio Proxy.
+}}}
+
+Posteriormente agregar las siguientes lineas en web.xml (@@ -391,18 +391,6 @@)
+
+{{{
+root@debian9:/var/lib/tomcat8/conf# vim web.xml 
+}}}
+{{{
+     <!-- agregado para redirigir trafico HTTP a HTTPS -->
+     <security-constraint>
+         <web-resource-collection>
+                 <web-resource-name>Protected Context</web-resource-name>
+                 <url-pattern>/*</url-pattern>
+         </web-resource-collection>
+        <!-- auth-constraint goes here if you requre authentication -->
+         <user-data-constraint>
+                 <transport-guarantee>CONFIDENTIAL</transport-guarantee>
+         </user-data-constraint>
+     </security-constraint>
+}}}
+
 [[BR]]