Page History
...
Tomcat should accept requests on port 8080, but only from localhost, and redirect to the SSL port 6443:
<Connector port="8080" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="6443" />
Configure port 6443:
<Connector port="6443" protocol="org.apache.coyote.http11.Http11NioProtocol"
maxThreads="150" SSLEnabled="true" scheme="https" secure="true">
<SSLHostConfig clientAuth="none" sslProtocol="TLS" sslEnabledProtocols="TLSv1.3,TLSv1.2"
honorCipherOrder="true" ciphers="TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256,
TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256">
<Certificate certificateKeystoreFile="/opt/shrine/shrine.keystore"
certificateKeystorePassword="changeit"
certificateKeyAlias="*.catalyst.harvard.edu" />
</SSLHostConfig>
</Connector>
Some help might come from
...