You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Yuval Schwartz <yu...@gmail.com> on 2017/05/01 13:23:49 UTC
http to https redirect 301
Tomcat version: 8.0.22
jdk: 1.8.0_05
I have a webapp that uses a tomcat server behind a load balancer.
I recently added a the option to connect to my webapp via https.
I would like to redirect all http requests to https.
I achieved this by implementing the instruction outlined here:
https://elastx.zendesk.com/hc/en-us/articles/214238826-Force-https-with-Tomcat
However, I notice that this performs a redirect with repsonse code 302
(moved temporarily). I would like the response code to be 301.
I found this bug report on the matter:
https://bz.apache.org/bugzilla/show_bug.cgi?id=59399
Does this mean that in order to achieve a 301 redirect, I need to update my
tomcat version? Is there anyway to achieve a 301 redirect without updating
the tomcat version?
Thank you.
Re: http to https redirect 301
Posted by Yuval Schwartz <yu...@gmail.com>.
Thanks Andre and Mark,
I updated versions and set the appropriate parameter and the redirect works
as intended.
I also changed my installation to utilize the CATALINA_HOME and
CATALINA_BASE variables.
Thank you.
On Wed, May 3, 2017 at 11:10 AM, André Warnier (tomcat) <aw...@ice-sa.com>
wrote:
> On 03.05.2017 09:23, Yuval Schwartz wrote:
>
>> Thanks, comments below.
>>
>> On Tue, May 2, 2017 at 10:43 AM, Mark Thomas <ma...@apache.org> wrote:
>>
>> On 02/05/2017 07:51, Yuval Schwartz wrote:
>>>
>>>> Thanks, remarks below.
>>>>
>>>> On Tue, May 2, 2017 at 12:12 AM, Mark Thomas <ma...@apache.org> wrote:
>>>>
>>>> On 01/05/17 14:23, Yuval Schwartz wrote:
>>>>>
>>>>>> Tomcat version: 8.0.22
>>>>>> jdk: 1.8.0_05
>>>>>>
>>>>>> I have a webapp that uses a tomcat server behind a load balancer.
>>>>>>
>>>>>> I recently added a the option to connect to my webapp via https.
>>>>>>
>>>>>> I would like to redirect all http requests to https.
>>>>>> I achieved this by implementing the instruction outlined here:
>>>>>> https://elastx.zendesk.com/hc/en-us/articles/214238826-
>>>>>>
>>>>> Force-https-with-Tomcat
>>>>>
>>>>>>
>>>>>> However, I notice that this performs a redirect with repsonse code 302
>>>>>> (moved temporarily). I would like the response code to be 301.
>>>>>>
>>>>>> I found this bug report on the matter:
>>>>>> https://bz.apache.org/bugzilla/show_bug.cgi?id=59399
>>>>>>
>>>>>> Does this mean that in order to achieve a 301 redirect, I need to
>>>>>>
>>>>> update
>>>
>>>> my
>>>>>
>>>>>> tomcat version?
>>>>>>
>>>>>
>>>>> Yes.
>>>>>
>>>>>
>>>> Will this automatically make the redirect use a 301 response code, or is
>>>> there a setting that I need to set?
>>>>
>>>
>>> https://tomcat.apache.org/tomcat-8.0-doc/config/realm.
>>> html#Common_Attributes
>>> transportGuaranteeRedirectStatus
>>>
>>> Is there anyway to achieve a 301 redirect without updating
>>>>>> the tomcat version?
>>>>>>
>>>>>
>>>>> Without patching Tomcat, no. And that isn't recommended.
>>>>>
>>>>
>>>
>> Just to be clear, what "isn't recommended"? Not upgrading regularly?
>>
>
> Double negative interrogative forms are hard to answer.
> What is not recommended is patching tomcat, for the reason detailed in
> Mark's next paragraph below : new minor releases would overwrite your patch.
> What is recommended is to keep your tomcat installation such, that
> installing a new minor release does not cause grief.
> There is information about that in the "/RUNNING.txt" file which comes
> with every tomcat release.
>
>
>
>
>>
>>>>>
>>>>> I actually didn't know that I should be updating minor versions
>>>>
>>> regularly.
>>>
>>>> Is there any recommendation as to the frequency that I should be doing
>>>>
>>> this?
>>>
>>> There is no fixed recommendation. However, the Tomcat team does not
>>> produce patch releases, only new minor versions. It comes down to
>>> whenever there is a bug or security vulnerability fixed that you care
>>> about.
>>>
>>> Mark
>>>
>>>
>> Thank you.
>>
>>
>>
>>>
>>>
>>>>
>>>> Mark
>>>>>
>>>>>
>>>> Thank you.
>>>>
>>>>
>>>>
>>>>>
>>>>> ---------------------------------------------------------------------
>>>>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>>>>> For additional commands, e-mail: users-help@tomcat.apache.org
>>>>>
>>>>>
>>>>>
>>>>
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>>> For additional commands, e-mail: users-help@tomcat.apache.org
>>>
>>>
>>>
>>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>
Re: http to https redirect 301
Posted by "André Warnier (tomcat)" <aw...@ice-sa.com>.
On 03.05.2017 09:23, Yuval Schwartz wrote:
> Thanks, comments below.
>
> On Tue, May 2, 2017 at 10:43 AM, Mark Thomas <ma...@apache.org> wrote:
>
>> On 02/05/2017 07:51, Yuval Schwartz wrote:
>>> Thanks, remarks below.
>>>
>>> On Tue, May 2, 2017 at 12:12 AM, Mark Thomas <ma...@apache.org> wrote:
>>>
>>>> On 01/05/17 14:23, Yuval Schwartz wrote:
>>>>> Tomcat version: 8.0.22
>>>>> jdk: 1.8.0_05
>>>>>
>>>>> I have a webapp that uses a tomcat server behind a load balancer.
>>>>>
>>>>> I recently added a the option to connect to my webapp via https.
>>>>>
>>>>> I would like to redirect all http requests to https.
>>>>> I achieved this by implementing the instruction outlined here:
>>>>> https://elastx.zendesk.com/hc/en-us/articles/214238826-
>>>> Force-https-with-Tomcat
>>>>>
>>>>> However, I notice that this performs a redirect with repsonse code 302
>>>>> (moved temporarily). I would like the response code to be 301.
>>>>>
>>>>> I found this bug report on the matter:
>>>>> https://bz.apache.org/bugzilla/show_bug.cgi?id=59399
>>>>>
>>>>> Does this mean that in order to achieve a 301 redirect, I need to
>> update
>>>> my
>>>>> tomcat version?
>>>>
>>>> Yes.
>>>>
>>>
>>> Will this automatically make the redirect use a 301 response code, or is
>>> there a setting that I need to set?
>>
>> https://tomcat.apache.org/tomcat-8.0-doc/config/realm.
>> html#Common_Attributes
>> transportGuaranteeRedirectStatus
>>
>>>>> Is there anyway to achieve a 301 redirect without updating
>>>>> the tomcat version?
>>>>
>>>> Without patching Tomcat, no. And that isn't recommended.
>>
>
> Just to be clear, what "isn't recommended"? Not upgrading regularly?
Double negative interrogative forms are hard to answer.
What is not recommended is patching tomcat, for the reason detailed in Mark's next
paragraph below : new minor releases would overwrite your patch.
What is recommended is to keep your tomcat installation such, that installing a new minor
release does not cause grief.
There is information about that in the "/RUNNING.txt" file which comes with every tomcat
release.
>
>>>>
>>>>
>>> I actually didn't know that I should be updating minor versions
>> regularly.
>>> Is there any recommendation as to the frequency that I should be doing
>> this?
>>
>> There is no fixed recommendation. However, the Tomcat team does not
>> produce patch releases, only new minor versions. It comes down to
>> whenever there is a bug or security vulnerability fixed that you care
>> about.
>>
>> Mark
>>
>
> Thank you.
>
>
>>
>>
>>>
>>>
>>>> Mark
>>>>
>>>
>>> Thank you.
>>>
>>>
>>>>
>>>>
>>>> ---------------------------------------------------------------------
>>>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>>>> For additional commands, e-mail: users-help@tomcat.apache.org
>>>>
>>>>
>>>
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>> For additional commands, e-mail: users-help@tomcat.apache.org
>>
>>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: http to https redirect 301
Posted by Yuval Schwartz <yu...@gmail.com>.
Thanks, comments below.
On Tue, May 2, 2017 at 10:43 AM, Mark Thomas <ma...@apache.org> wrote:
> On 02/05/2017 07:51, Yuval Schwartz wrote:
> > Thanks, remarks below.
> >
> > On Tue, May 2, 2017 at 12:12 AM, Mark Thomas <ma...@apache.org> wrote:
> >
> >> On 01/05/17 14:23, Yuval Schwartz wrote:
> >>> Tomcat version: 8.0.22
> >>> jdk: 1.8.0_05
> >>>
> >>> I have a webapp that uses a tomcat server behind a load balancer.
> >>>
> >>> I recently added a the option to connect to my webapp via https.
> >>>
> >>> I would like to redirect all http requests to https.
> >>> I achieved this by implementing the instruction outlined here:
> >>> https://elastx.zendesk.com/hc/en-us/articles/214238826-
> >> Force-https-with-Tomcat
> >>>
> >>> However, I notice that this performs a redirect with repsonse code 302
> >>> (moved temporarily). I would like the response code to be 301.
> >>>
> >>> I found this bug report on the matter:
> >>> https://bz.apache.org/bugzilla/show_bug.cgi?id=59399
> >>>
> >>> Does this mean that in order to achieve a 301 redirect, I need to
> update
> >> my
> >>> tomcat version?
> >>
> >> Yes.
> >>
> >
> > Will this automatically make the redirect use a 301 response code, or is
> > there a setting that I need to set?
>
> https://tomcat.apache.org/tomcat-8.0-doc/config/realm.
> html#Common_Attributes
> transportGuaranteeRedirectStatus
>
> >>> Is there anyway to achieve a 301 redirect without updating
> >>> the tomcat version?
> >>
> >> Without patching Tomcat, no. And that isn't recommended.
>
Just to be clear, what "isn't recommended"? Not upgrading regularly?
> >>
> >>
> > I actually didn't know that I should be updating minor versions
> regularly.
> > Is there any recommendation as to the frequency that I should be doing
> this?
>
> There is no fixed recommendation. However, the Tomcat team does not
> produce patch releases, only new minor versions. It comes down to
> whenever there is a bug or security vulnerability fixed that you care
> about.
>
> Mark
>
Thank you.
>
>
> >
> >
> >> Mark
> >>
> >
> > Thank you.
> >
> >
> >>
> >>
> >> ---------------------------------------------------------------------
> >> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> >> For additional commands, e-mail: users-help@tomcat.apache.org
> >>
> >>
> >
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>
Re: http to https redirect 301
Posted by Mark Thomas <ma...@apache.org>.
On 02/05/2017 07:51, Yuval Schwartz wrote:
> Thanks, remarks below.
>
> On Tue, May 2, 2017 at 12:12 AM, Mark Thomas <ma...@apache.org> wrote:
>
>> On 01/05/17 14:23, Yuval Schwartz wrote:
>>> Tomcat version: 8.0.22
>>> jdk: 1.8.0_05
>>>
>>> I have a webapp that uses a tomcat server behind a load balancer.
>>>
>>> I recently added a the option to connect to my webapp via https.
>>>
>>> I would like to redirect all http requests to https.
>>> I achieved this by implementing the instruction outlined here:
>>> https://elastx.zendesk.com/hc/en-us/articles/214238826-
>> Force-https-with-Tomcat
>>>
>>> However, I notice that this performs a redirect with repsonse code 302
>>> (moved temporarily). I would like the response code to be 301.
>>>
>>> I found this bug report on the matter:
>>> https://bz.apache.org/bugzilla/show_bug.cgi?id=59399
>>>
>>> Does this mean that in order to achieve a 301 redirect, I need to update
>> my
>>> tomcat version?
>>
>> Yes.
>>
>
> Will this automatically make the redirect use a 301 response code, or is
> there a setting that I need to set?
https://tomcat.apache.org/tomcat-8.0-doc/config/realm.html#Common_Attributes
transportGuaranteeRedirectStatus
>>> Is there anyway to achieve a 301 redirect without updating
>>> the tomcat version?
>>
>> Without patching Tomcat, no. And that isn't recommended.
>>
>>
> I actually didn't know that I should be updating minor versions regularly.
> Is there any recommendation as to the frequency that I should be doing this?
There is no fixed recommendation. However, the Tomcat team does not
produce patch releases, only new minor versions. It comes down to
whenever there is a bug or security vulnerability fixed that you care about.
Mark
>
>
>> Mark
>>
>
> Thank you.
>
>
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>> For additional commands, e-mail: users-help@tomcat.apache.org
>>
>>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: http to https redirect 301
Posted by Yuval Schwartz <yu...@gmail.com>.
Thanks, remarks below.
On Tue, May 2, 2017 at 12:12 AM, Mark Thomas <ma...@apache.org> wrote:
> On 01/05/17 14:23, Yuval Schwartz wrote:
> > Tomcat version: 8.0.22
> > jdk: 1.8.0_05
> >
> > I have a webapp that uses a tomcat server behind a load balancer.
> >
> > I recently added a the option to connect to my webapp via https.
> >
> > I would like to redirect all http requests to https.
> > I achieved this by implementing the instruction outlined here:
> > https://elastx.zendesk.com/hc/en-us/articles/214238826-
> Force-https-with-Tomcat
> >
> > However, I notice that this performs a redirect with repsonse code 302
> > (moved temporarily). I would like the response code to be 301.
> >
> > I found this bug report on the matter:
> > https://bz.apache.org/bugzilla/show_bug.cgi?id=59399
> >
> > Does this mean that in order to achieve a 301 redirect, I need to update
> my
> > tomcat version?
>
> Yes.
>
Will this automatically make the redirect use a 301 response code, or is
there a setting that I need to set?
>
> > Is there anyway to achieve a 301 redirect without updating
> > the tomcat version?
>
> Without patching Tomcat, no. And that isn't recommended.
>
>
I actually didn't know that I should be updating minor versions regularly.
Is there any recommendation as to the frequency that I should be doing this?
> Mark
>
Thank you.
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>
Re: http to https redirect 301
Posted by Mark Thomas <ma...@apache.org>.
On 01/05/17 14:23, Yuval Schwartz wrote:
> Tomcat version: 8.0.22
> jdk: 1.8.0_05
>
> I have a webapp that uses a tomcat server behind a load balancer.
>
> I recently added a the option to connect to my webapp via https.
>
> I would like to redirect all http requests to https.
> I achieved this by implementing the instruction outlined here:
> https://elastx.zendesk.com/hc/en-us/articles/214238826-Force-https-with-Tomcat
>
> However, I notice that this performs a redirect with repsonse code 302
> (moved temporarily). I would like the response code to be 301.
>
> I found this bug report on the matter:
> https://bz.apache.org/bugzilla/show_bug.cgi?id=59399
>
> Does this mean that in order to achieve a 301 redirect, I need to update my
> tomcat version?
Yes.
> Is there anyway to achieve a 301 redirect without updating
> the tomcat version?
Without patching Tomcat, no. And that isn't recommended.
Mark
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org