Docker Community Forums

Share and learn in the Docker community.

Cyclos Docker SSL Impelementation for tomcat

#1

I have configured tomcat inside docker container as follows

<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
               maxThreads="150" SSLEnabled="true">
        <SSLHostConfig>
            <Certificate certificateKeystoreFile="my.jks"
                         type="RSA" />
        </SSLHostConfig>
    </Connector>

    <Connector port="8443" protocol="org.apache.coyote.http11.Http11AprProtocol"
               maxThreads="150" SSLEnabled="true" >
        <UpgradeProtocol className="org.apache.coyote.http2.Http2Protocol" />
        <SSLHostConfig>
                <Certificate certificateKeyFile="/etc/letsencrypt/live/example.com/privkey.pem"
                        certificateFile="/etc/letsencrypt/live/example.com/cert.pem"
                        certificateChainFile="/etc/letsencrypt/live/example.com/chain.pem"
                         type="RSA" />

Restarted the docker container but its not accessible via https

where my.jks is stored inside tomcat/conf directory.

I configure docker container as follows:

docker run -d \
    --name=nameofcontainer \
    -p 80:8080 \
    -p 443:8443 \
    --net=cyclos-net \
    --cap-add=NET_ADMIN \
    -e DB_HOST=cyclos-db \
    -e DB_NAME=cyclos \
    -e DB_USER=cyclos \
    -e DB_PASSWORD=cyclos \
    image-id
(Nitishmowall) #2

hey
check inside the container on which network ip the port is attached. using netstat -ntlp. If it is not set 0.0.0.0 or bridge network ip, please do that. as port mapping happens to bridge interface ips only( host can access bridge interface port service only).

#3
root@4b0535d06a77:/usr/local/cyclos# netstat -ntlp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 127.0.0.11:44514        0.0.0.0:*               LISTEN      -
tcp        0      0 127.0.0.1:8005          0.0.0.0:*               LISTEN      1/java
tcp        0      0 0.0.0.0:8009            0.0.0.0:*               LISTEN      1/java
tcp        0      0 0.0.0.0:8080            0.0.0.0:*               LISTEN      1/java
tcp       24      0 0.0.0.0:8443            0.0.0.0:*               LISTEN      1/java
(Nitishmowall) #4

it looks good
did you try telnet to that port from host. to see if are you able to connect to that port.
If yes then check the tomcat server log what is going on

#5

Microsoft Telnet> o members.kentuckianatrade.com 8443
Connecting To members.kentuckianatrade.com…Could not open connection to the ho
st, on port 8443: Connect failed

which log file to see

root@9aeaabef6e66:/usr/local/tomcat/logs# ls
catalina.2019-05-14.log localhost.2019-05-16.log
catalina.2019-05-15.log localhost_access_log.2019-05-14.txt
catalina.2019-05-16.log localhost_access_log.2019-05-15.txt
host-manager.2019-05-14.log localhost_access_log.2019-05-16.txt
host-manager.2019-05-15.log manager.2019-05-14.log
host-manager.2019-05-16.log manager.2019-05-15.log
localhost.2019-05-14.log manager.2019-05-16.log
localhost.2019-05-15.log