Configuring Tomcat Connectors

In Tomcat, connectors allow web requests to come in from the outside world. Conceptually, they are like the invokers you saw earlier in this chapter, only they accept HTTP requests against web applications and not general invocation requests against services in JBoss. HTTP connectors aren't so innocuous when there are web applications such as the HTTP invoker, which translates HTTP requests into service invocations. However, you don't need to be concerned about HTTP connectors. The actual web applications behind them are the concern. Your only concern with connectors is to have the correct ones enabled and to have them listening on the right ports.

How do I do that?

Two connectors are defined in jbossweb-tomcat55.sar/server.xml. The first is the AJP connector that listens for requests proxied from an Apache server running mod_jk:

     <!-- A AJP 1.3 Connector on port 8009 -->     <Connector port="8009"address="${jboss.bind.address}"                emptySessionPath="true" enableLookups="false"                 redirectPort="8443" protocol="AJP/1.3"/> 

This connector listens on port 8009, but since external clients do not see this port, it doesn't need to be changed. If you aren't using mod_jk, you can remove this connector to save resources.

The normal Tomcat service listens for HTTP requests on port 8080. The connector looks like this:

     <Connector port="8080"address="${jboss.bind.address}"                maxThreads="250" strategy="ms" maxHttpHeaderSize="8192"                emptySessionPath="true"                enableLookups="false" redirectPort="8443" acceptCount="100"                connectionTimeout="20000" disableUploadTimeout="true"/> 

If your web server is directly visible to the outside world, you'll want to use the standard port 80, unless you have a frontend load balancer that can redirect the standard port 80 to 8080 on your machine. To do that, change the port attribute to 80.

There is a third connector you might add, the SSL connector. Chapter 5 showed you how to enable SSL, but you used port 8443 at the time. The standard HTTPS port is 443, so you'll want to change the port number on that connector. That SSL connector looks like this:

     <Connector port="443" address="${jboss.bind.address}"                maxThreads="100" strategy="ms" maxHttpHeaderSize="8192"                emptySessionPath="true" scheme="https"                 secure="true" clientAuth="false"                keystoreFile="${jboss.server.home.dir}/conf/ssl.keystore"                keystorePass="mypassword" keyAlias="testkey1"                 sslProtocol="TLS" /> 

If you do use a different SSL port, you will need to make sure you change the redirect port of the HTTP connector port to be the SSL port (443). Both the HTTP and AJP connectors have a redirectPort attribute that should be set to the right value:

     <Connector port="80" address="${jboss.bind.address}"                maxThreads="250" strategy="ms" maxHttpHeaderSize="8192"                emptySessionPath="true"                enableLookups="false" redirectPort="443" acceptCount="100"                connectionTimeout="20000" disableUploadTimeout="true"/> 

Restart JBoss to make these changes take effect. You should be able to access the server at http://localhost/ with no port number listed in the URL.

What just happened?

You saw where the Tomcat connectors are configured, and you changed the ports Tomcat uses for HTTP requests. There weren't any direct security concerns around the connectors. All you needed to worry about was making the right connectors available on the right ports.

What about...

...not being able to access the server on port 80?

Check the console log for errors as you start up. You may have another web server running on port 80 on your machine, or you may not be running as a user with permissions to access a privileged port such as port 80. The log messages will help you determine what is stopping JBoss from using port 80.