how to reload SSL certificates without restarting Tomcat

2024-03-10 Thread Jerry Lin 
Hello,

For those of us with a publicly accessible instance of Tomcat (e.g. not
behind Apache), is there a good way of having a renewed SSL/HTTPS
certificate take effect without restarting Tomcat?

Thank you,
Jerry

Re: how to reload SSL certificates without restarting Tomcat

2024-03-10 Thread Jerry Lin 
Hi Chuck,

Presumably, you mean “not behind https", since “Apache” refers to the
> organization that develops and maintains a plethora of software products.
>

Yes, “not behind https" (I meant not behind an Apache HTTP server)


> you can configure the TLS config listener:
>
>
> https://tomcat.apache.org/tomcat-10.1-doc/config/listeners.html#TLS_configuration_reload_listener_-_org.apache.catalina.security.TLSCertificateReloadListener


Great, thanks! This is what I was looking for.

Regards,
Jerry

Re: how to reload SSL certificates without restarting Tomcat

2024-03-11 Thread Jerry Lin 
Hi Chris,

There is also this:
> https://tomcat.apache.org/presentations.html#latest-lets-encrypt
>
> It's very LE-focused, but it shows you how to programmatically trigger a
> reload.
>

Thanks for your presentation and script. We are using Let's Encrypt, so
your material is quite relevant.

Jerry

how to configure per-host logging with rsyslogd

2020-11-18 Thread Jerry Lin 
Hello,

I'm running tomcat9 on Debian 10 (systemd). The logging appears to go
through rsyslog.d and there is a /etc/rsyslog.d/tomcat9.conf that
seems to govern the location of the logs:

:programname, startswith, "tomcat9" {
  /var/log/tomcat9/catalina.out;TomcatFormat
  stop
}

My setup is that I have multiple virtual hosts running (i.e. different
sites), and I would like the messages for the different WAR
files/hosts to end up in different log files (e.g. example.com.out ,
site.com.out). How do I do this?


Things that I've tried:
1. Modifying /etc/rsyslog.d/tomcat9.conf and introducing templates
with %HOSTNAME% template, which just ends up with the name of the
machine, rather than the website.
2. Modifying /etc/tomcat9/logging.properties; this seems to be
overridden by /etc/rsyslog.d/tomcat9.conf.

Thanks for your help,
Jerry

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org