Redirect HTTP to HTTPS:PORT in Tomcat

apache tomcat web-applications https server.xml
iddqd picture iddqd · Oct 19, 2015 · Viewed 82.4k times · Source

I have a running tomcat application that already have the following redirection rule from HTTP to HTTPs:

<Connector executor="tomcatThreadPool"
               port="80" protocol="HTTP/1.1"
               connectionTimeout="20000"
               redirectPort="443" />

Is it possible to add an exception/rule, that a specific HTTPrequest (http://www.example.com), will be redirected to another specific address , with a port specified (say https://www.example.com:8443/test), without changing/removing the above Connector ?

Answer

malaguna picture malaguna · Oct 22, 2015

The connector configuration you shown does not redirect a specific URL in the way you suppose.

That configuration acts if you have configured a CONFIDENTIAL transport guarantee for a web application inside that servlet container.

I mean, if you have deployed any application on that connector, where its web.xml descriptor has a security-constraint as follows:

<security-constraint>

    <web-resource-collection>
        <web-resource-name>Secured</web-resource-name>
        <url-pattern>/*</url-pattern>
    </web-resource-collection>

    ...

    <user-data-constraint>
        <transport-guarantee>CONFIDENTIAL</transport-guarantee>
    </user-data-constraint>

</security-constraint>

Then, Tomcat will redirect any matching url-pattern to the configured port in order to use HTTPS as guarantor of confidentiality in transport.

So, if you want to redirect a specific URL, you have to complement connector's configuration with specific application configuration.

Edit

As you suggest in your comment, it could be another step to get this configuration working. Once you have configured http connector as shown, and then configured app as I told you, you only to ensure that your Tomcat server has an HTTPS connector configured, other way redirection won't work.

To configure this HTTPS connector, you can use a configuration as following:

<Connector connectionTimeout="20000"
    acceptCount="100" scheme="https" secure="true"
    port="443" clientAuth="false" sslProtocol="TLS"  
    keystoreFile="PATH_TO_KEY_STORE"  
    keystorePass="KEY_STORE_PASS"  
    keyAlias="KEY_STORE_ALIAS"/>

This is a sample configuration where I didn't put some attributes that can be important for you as threads attrs, executors, and so on.

The most important thing is the KeyStore configuration that you need to serve HTTPS connections. Here you have the official documentation to prepare a java KeyStore for Tomcat to serve HTTPS.

Related questions

Difference between the Apache HTTP Server and Apache Tomcat?

What is the difference in terms of functionality between the Apache HTTP Server and Apache Tomcat? I know that Tomcat is written in Java and the HTTP Server is in C, but other than that I do not really know …

Read More
How to Detect cause of 503 Service Temporarily Unavailable error and handle it?

i am getting the error 503 Service Temporarily Unavailable many times in my application and i want to detect why this error occurs, how ? if there's a log file or something like that, since i am not familiar with apache. second …

Read More
Error during SSL Handshake with remote server

I have Apache2 (listening on 443) and a web app running on Tomcat7 (listening on 8443) on Ubuntu. I set apache2 as reverse proxy so that I access the web app through port 443 instead of 8443. Besides, I need to have SSL communication …

Read More