Skip to content

TORO Integrate's HTTP and HTTPS Ports

TORO Integrate includes Tomcat (version 8.0.20), which is used to process HTTP and HTTPS requests. With the help of instance properties, you can configure the Tomcat Server inside your instance.

This section will discuss how to configure Tomcat's underlying HTTP and HTTPS connectors. Out-of-the-box, TORO Integrate uses an HTTP connector only. But if you find your APIs handling sensitive data and you don't want to configure a secure proxy server in front of your instance (which is recommended), you can opt to use the HTTPS connector (which is documented below).

Configuring the HTTP Port

By default, TORO Integrate creates and uses a plain, non-secure HTTP connector at port 8080.

You can easily change the port number by setting the value of the http.port instance property to any other number between 80 and 65535. To disable the HTTP connector, set this property's value to -1.

Configuring the HTTPS Port

Transport Layer Security (TLS) - and its predecessor, Secure Sockets Layer (SSL), are cryptographic protocols that provide communications security over a computer network. They are the technologies that allow web browsers and web servers to communicate over a secure connection. This process means that the web browser and the web server encrypt all traffic before sending it.

In Tomcat, there are two different implementations of SSL/TLS; they are the Java Secure Socket Extension (JSSE) implementation and the Apache Portable Runtime (APR) implementation. Both implementations are available on TORO Integrate.

It's important to note that enabling the HTTPS port is only necessary if you're going to run TORO Integrate as a stand-alone web server. If you have another web server in front of your TORO Integrate instance, it's better to let that web server do all the SSL processing.

JSSE Implementation

TORO Integrate uses the JSSE implementation by default. JSSE uses a Java KeyStore to store the private key and the certificate itself. You have to generate a Java KeyStore from your keys and certificate then tell TORO Integrate where keystore is located.

To enable HTTPS with JSSE, you must set the following properties:

  • https.port

    The HTTPS port number to be used. Must be any number between 80 and 65535.

  • https.keystoreFile

    The location of your Java KeyStore (JKS) file. If you've set this property's value to a relative path, it will try to find the JKS file within the tmp directory, located within TORO Integrate's home folder.

    1
    2
    3
    4
    5
    <home>
    ├── ...
    ├── solr
    ├── tmp
    ├── web
    
  • https.keystorePass

    The password of the JKS file.

With HTTPS enabled, your .properties file should contain something like this:

1
2
3
https.port=8443
https.keystoreFile=integrate.keystore
https.keystorePass=AN3HeVoLybR6S89Eg7

APR Implementation

If you have decided to use the APR protocol instead, you only need to configure the location of your SSL certificate and SSL key.

The following properties should be configured to enable HTTPS using the APR Protocol:

  • tomcat.connector.protocol

    Set the value of this property to org.apache.coyote.http11.Http11AprProtocol to tell TORO Integrate to use the APR Library.

  • https.port

    The HTTPS port number to be used. Must be any number between 80 and 65535.

  • https.SSLCertificateFile

    The value of this property should be the path of the SSL certificate.

  • https.SSLCertificateKeyFile

    Set the value of this property to the path of the SSL Key.

With HTTPS enabled, your .properties file should contain something like this:

1
2
3
4
tomcat.connector.protocol=org.apache.coyote.http11.Http11AprProtocol
https.port=8443
https.SSLCertificateFile=/usr/local/ssl/server.crt
https.SSLCertificateKeyFile=/usr/local/ssl/server.pem

Storing SSL Certificates

It is not recommended to store your SSL certificates in <toro-integrate-home>. Store your SSL certificates in another location so that they won't be accidentally deleted when upgrading TORO Integrate to the latest version.

Configuring HSTS

In addition to enabling HTTPS, TORO Integrate can also be configured to use HTTP Strict Transport Security (HSTS) to protect against downgrade attacks.

Enabling HSTS will inject a header field named Strict-Transport-Security to your server's responses. Once your user agent receives a response with that header, all succeeding requests will automatically be converted from HTTP to HTTPS. This feature will prevent man-in-the-middle attacks.

To enable this feature, simply configure the following instance properties:

  • hsts.filter

    Set to true to let TORO Integrate inject the Strict-Transport-Security header.

  • hsts.include.subdomain

    Set to true if all present and future sub-domains will be using HTTPS.

  • hsts.preload

    Set to true if the site owner would like their domain to be included in the HSTS preload list maintained by Chrome (and used by Firefox and Safari).

  • hsts.max.age

    The maximum time, in seconds, that a site is only to be accessed using HTTPS.

Here's an example configuration:

1
2
3
4
hsts.filter=true
hsts.include.subdomain=false
hsts.preload=false
hsts.max.age=31536000

Start-up Log Messages

Once your instance has launched, TORO Integrate will print log messages1 telling you which protocols and ports were configured. Below are some examples:

With only the HTTP connector enabled:

1
**** TORO Integrate awaiting requests, console available on port 8080 ****

With only the HTTPS connector enabled:

1
**** TORO Integrate awaiting requests, console available on https port 8443 ****

Both HTTP and HTTPS connectors enabled:

1
**** TORO Integrate awaiting requests, console available on port 80 and https port 443 ****

  1. Provided you have not turned off the logger io.toro.integrate.core.launch.Main