I have a fairly open ended question. My goal is to ensure that my server is secure and hardened and only using HTTPS/SSL. Certificates installed already etc.
We are only using tomcat for the server. It is serving everything fine. However in doing a security review for the server I noticed that the default "welcome" page for apache was still serving on www.ourdomain.com/index.html
I disabled this through simply renaming the welcome.conf file in httpd/conf.d/ However, I realized that the best way here is really just to disable apache all-together (if that is possible), or redirect all requests from apache to the ports that tomcat is listening on...perhaps?
Thats basically where my question is: * How would I completely disable Apache, since we arent using it at all? * If I do ^^ above would it impact tomcat in any way? (I'm assuming not) * How would I alternatively keep apache httpd running and just redirect all requests to tomcat? What files should I put these redirect rules in? httpd/conf.d/redirect.conf - or something???
I've spent an hour trying to search the internet for anything related to "disable apache while running tomcat" and literally cannot find a single page. Everything talks about integrating apache and tomcat, or redirect rules, etc.
So I am thinking maybe that its not possible or is an obvious thing I am missing here - but I cant see any reason why apache needs to be running at all if tomcat is also a webserver (and we're only using it to serve a java webapp anyway).
Thanks.
