• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

Forward http to https

 
Greenhorn
Posts: 1
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hello, New here, tried to do some due diligence of scouring the web for this answer but all suggestions found didn't function. (read: spent days trying to get this working and now I need an adult:)

I have a RHEL6 box running Tomcat 7 serving out an instance of Jenkins.
What I want is to have any requests for http://myserver.mydomain.com to be immediately redirected to https://myserver.mydoman.com
Currently I have SSL setup and functioning without issue.
I have iptables configured on the machine to forward 443 to 8443 and if I am to type https://blah.foo.com it will go to Jenkins no problem.
I was unable to get iptables to forward 80 and 8080 to 8443 without having problems, but I can forward 80 to 8080. 8080 is still listening and any external requests at http://blah.foo.com will get an unsecured page served no problem.


So maybe more of what I am looking for is to have port 8080 off or forwarding to 8443 internally.
Circumventing the iptalbes and running on localhost I can connect to http://localhost:8080 and https://localhost:8443. I have what I though was the proper setup in server.xml and web.xml but 8080 will never forward over to 8443

I am trying to avoid setting up apache in front of tomcat.

THANK YOU!
 
Rancher
Posts: 43081
77
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Welcome to the Ranch.

Post the relevant excerpt from your web.xml where you require HTTPS. Se https://coderanch.com/how-to/java/ServletsFaq#security for an example.
 
Saloon Keeper
Posts: 27752
196
Android Eclipse IDE Tomcat Server Redhat Java Linux
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
"Forward" is a term that isn't being used quite accurately here, I think.

When you make an http request to a URL that is protected by secure transport guarantees (as defined in web.xml), it doesn't "forward" the request, it rejects the request with a code telling the client to send it via SSL to the redirectPort. This is necessary because SSL/TLS is the over-the-Internet protocol for secure (encrypted) data transmissions and that's what's important, not what the port number it comes in on. The port number only signifies in that it binds a particular decoding/decrypting scheme to that port. Some servers, in fact, (including my LDAP server) have the option for both encrypted and plain-text traffic via the same port, but that's not the normal case for HTTP/HTTPS.

You might want to set the redirectPort on your connector to 443, but that could give you issues, thanks to your iptables port-forwarding.

Probably a cleaner solution is to install a proxy server like Apache, let it handle ports 80 and 443 directly (no iptables forwarding), have it deal with the http/https transports and then it will use port 8009 on the internal link to Tomcat.
 
I'm THIS CLOSE to ruling the world! Right after reading this tiny ad:
a bit of art, as a gift, that will fit in a stocking
https://gardener-gift.com
reply
    Bookmark Topic Watch Topic
  • New Topic