Skip to content

Added secure="true" to the Tomcat Connector#80

Open
ndp-opendap wants to merge 5 commits intomasterfrom
secure-connector
Open

Added secure="true" to the Tomcat Connector#80
ndp-opendap wants to merge 5 commits intomasterfrom
secure-connector

Conversation

@ndp-opendap
Copy link
Copy Markdown
Collaborator

@ndp-opendap ndp-opendap commented Sep 16, 2025
edited
Loading

I think that this is still relevant. @dh-opendap is that true? Do we still want this change?

I don't remember why we started this PR (no associated issue, of course)

Maybe @dh-opendap Can help sort it out?

@ndp-opendap ndp-opendap requested a review from hannahilea March 19, 2026 17:49
@ndp-opendap
Copy link
Copy Markdown
Collaborator Author

ndp-opendap commented Mar 19, 2026

Hey @dh-opendap - Can you chime in on this ??

@dh-opendap
Copy link
Copy Markdown
Contributor

dh-opendap commented Mar 19, 2026

It's been awhile since I did that, it was probably added for the DIT requirement. Can't recall the exact syntax we use in the regression tests to disable 'secure' interaction with Tomcat, otherwise without the NGAP_CREDS all the tests would fail

@ndp-opendap
Copy link
Copy Markdown
Collaborator Author

ndp-opendap commented Mar 19, 2026

It's been awhile since I did that, it was probably added for the DIT requirement. Can't recall the exact syntax we use in the regression tests to disable 'secure' interaction with Tomcat, otherwise without the NGAP_CREDS all the tests would fail

I'm confused. Do you mean that if we set:

    <Connector secure="true"

That will break the Bamboo Application Build tests?

Or do you mean that if we don't set secure="true" it will break the tests?

Cause I think, at the moment, we do not set this.

@dh-opendap
Copy link
Copy Markdown
Contributor

dh-opendap commented Mar 19, 2026

I started previously by stating the I don't recall exactly that change, and from the initial comment I interpreted that as stating it was previously used. It isn't currently used as you've noted, and our tomcat-9 servers are DIT-compliant.

Our build scripts do the following to execute the regression tests:

container_id=$(docker run -d -h hyrax -p 8443:8443 --env BES_SITE_CONF="${bes_site_conf}"
--env USER_ACCESS_XML="$user_access_xml" --env HOST="$edl_hostname" --env USERNAME="$edl_username" --env PASSWORD="$edl_password" --env NGAP_CERTIFICATE="$ngap_certificate"
--env NGAP_CERTIFICATE_CHAIN="$ngap_certificate_chain" --env NGAP_CERTIFICATE_KEY="$ngap_certificate_key" --name=hyrax-test "$dockerPullImage")

echo "Docker image running with ID: ${container_id}"
echo "Testing the following image: ${dockerPullImage}"
sleep 20

docker exec hyrax-test /bin/bash -c "cd hyrax_regression_tests;
./testsuite --enableinsecure=yes --hyraxurl=https://localhost:8443 --netrc=/etc/bes/ngap_netrc"

Note that when we run the 'testsuite' we pass '--enableinsecure=yes'.

That is what I was trying to communicate about the Bamboo builds, not very successfully.

As you mentioned we don't currently use 'secure="true"' in the tomcat-9 server.xml. I can't recall what we did for tomcat-11. Sorry I can't be more helpful.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@dh-opendap dh-opendap Awaiting requested review from dh-opendap

@hannahilea hannahilea Awaiting requested review from hannahilea

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@ndp-opendap @dh-opendap