Strange error in catalina.out: "SEVERE: Error initializing endpoint java.net.BindException: Address already in use <null>:8443"

Peter Schober peter.schober at univie.ac.at
Tue Sep 16 11:39:59 EDT 2014


* Christian Munive <christian.munive at gmail.com> [2014-09-16 16:19]:
> I see... thanks Peter. Yeah, I was trying to follow these instructions:
> 
> https://www.switch.ch/aai/docs/shibboleth/SWITCH/latest/idp/deployment/
> 
> But also including the instructions from the main site:
> 
> https://wiki.shibboleth.net/confluence/display/SHIB2/IdPApacheTomcatPrepare

Yeah, you can't combine those. The SWITCH guide uses httpd (and is
complete/sufficient by itself), the Shib wiki only has the
instructions to add SOAP support to Tomcat when using Tomcat solo
(there's your conflict with httpd and the SWITCH docs).
The Shib wiki also does not detail setting up TLS/SSL for port 443
(since this is not Shib specific).

If you want to try or compare yet another set of third party
documentation (for Tomcat solo, incl TLS setup) have a look at my own:
https://wiki.univie.ac.at/display/federation/Shibboleth+IDP+2.4
Concact me off-list for any questions about that, of course.

> I just tried what you recommended (using the port 443 only) and the
> problem went away.

I did not say anything that amounts to "using the port 443 only":
For Tomcat+httpd you'd use Tomcat on port 8009 only, and let httpd
proxy and serve 443 and 8443.
For Tomcat solo you'd serve 443 and 8443 from Tomcat itself.

> I'll give it a thought and see which port / configuration might be
> the better one.

Somewhat academic, but things to consider:

* 2 servers (Tomcat+httpd) needed for 1 purpose vs. 1 server (Tomcat solo):

* ease of running the JVM as non-root (also depends on
  OS/distribution; it's trivial on Debian/Ubuntu; I have a locally
  rolled SRPM for authbind if you wanted to have the same on RHEL-like
  systems):

* ease of configuring TLS/SSL (though with PKCS#12 support in Tomcat
  the pain of managing JKS goes away, see my documention above):

* versions of Tomcat available through package management (for
  security updates) in the OS/distribution you're using, and the
  availability of the DelegateToApplication extension for Tomcat:

* easy of adding container-based authentication for ECP

These are the main points, I feel.
-peter


More information about the users mailing list