You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by reym <re...@gmail.com> on 2007/06/11 05:41:39 UTC
.htaccess + Tomcat
Hi All,
I have installed SSL on the server, and would like to use a .htaccess file
so that when a user types in http://www.mywebsite.com he/ she will be
redirected to https://www.mywebsite.com automatically. How do I do this with
only Tomcat as the sole webserver, without the aid of another webserver in
front of it like Apache? Please advise. Thank you for your time, and thanks
in advance. I look forward to hearing from someone soon.
Kind regards,
reym
--
View this message in context: http://www.nabble.com/.htaccess-%2B-Tomcat-tf3899482.html#a11054689
Sent from the Tomcat - User mailing list archive at Nabble.com.
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
RE: .htaccess + Tomcat
Posted by "Caldarale, Charles R" <Ch...@unisys.com>.
> From: reym [mailto:reymalahay@gmail.com]
> Subject: Re: .htaccess + Tomcat
>
> So do i define the redirect attrbute in the SSL part or in
> the non-SSL part of the server.xml document? Please advise.
Read the doc for redirectPort at:
http://tomcat.apache.org/tomcat-5.5-doc/config/http.html
"If this Connector is supporting non-SSL requests, and a request is
received for which a matching <security-constraint> requires SSL
transport, Catalina will automatically redirect the request to the port
number specified here."
It would be a bit silly to have the port 443 <Connector> redirect to
port 443, don't you think? You need it on the port 80 <Connector> so it
has some idea of what to do with a request for CONFIDENTIAL traffic.
- Chuck
THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY
MATERIAL and is thus for use only by the intended recipient. If you
received this in error, please contact the sender and delete the e-mail
and its attachments from all computers.
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: .htaccess + Tomcat
Posted by reym <re...@gmail.com>.
Thanks for the response.
Yes, the redirectPort attribute needs to match the port for the SSL
Connector (in your case, 443). And it's a good thing, since IE has issues
on 4.1.x when you try and use a non-default port for the SSL Connector.
So do i define the redirect attrbute in the SSL part or in the non-SSL part
of the server.xml document? Please advise.
Thanks in advance,
reym
Bill Barker-2 wrote:
>
>
> "reym" <re...@gmail.com> wrote in message
> news:11072000.post@talk.nabble.com...
>>
>> Hi there,
>>
>> Thanks for the response. I have tried that, and it works if I directly
>> type
>> in https://www.mywebsite.comin the browser (I'm using IE7). This is how
>> my
>> server.xml file looks like for the non-SSL HTTP and SSL HTTP
>> respectively:
>>
>> <!-- Define a non-SSL HTTP/1.1 Connector on port 8080 -->
>> <Connector port="80" maxHttpHeaderSize="8192"
>> maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
>> enableLookups="false" redirectPort="8443" acceptCount="100"
>> connectionTimeout="20000" disableUploadTimeout="true"
>> />
>>
>> <!-- Define a SSL HTTP/1.1 Connector on port 8443 -->
>> <Connector port="443" maxHttpHeaderSize="8192"
>>
>> className="org.apache.catalina.connector.http.HttpConnector"
>
> This is sooooooo deprecated and buggy. You should use the default Coyote
> Connector instead.
>
>> maxThreads="150"
>> minSpareThreads="25"
>> maxSpareThreads="75"
>> enableLookups="false"
>> disableUploadTimeout="true"
>> acceptCount="100"
>> scheme="https"
>> secure="true"
>> clientAuth="false"
>> sslProtocol="TLS"
>> keystoreFile="/root/.keystore"
>> keystoreType="JKS"
>> keystorePass="b0nus2ooo??"
>> >
>> <Factory
>> className="org.apache.catalina.net.SSLServerSocketFactory"
>> clientAuth="false" protocol="TLS"/>
>> </Connector>
>>
>>
>> I'm not using a .htaccess file. What am i missing? I read something about
>> a
>> redirectPort attribute, am i suppose to be using that? Please advise.
>>
>
> Yes, the redirectPort attribute needs to match the port for the SSL
> Connector (in your case, 443). And it's a good thing, since IE has issues
> on 4.1.x when you try and use a non-default port for the SSL Connector.
>
>> Thank you for your time, and thanks in advance. I look forward to hearing
>> from you.
>>
>>
>> Kind regards,
>> Rey Malahay
>>
>>
>>
>> Caldarale, Charles R wrote:
>>>
>>>> From: reym [mailto:reymalahay@gmail.com]
>>>> Subject: .htaccess + Tomcat
>>>>
>>>> I have installed SSL on the server, and would like
>>>> to use a .htaccess file so that when a user types in
>>>> http://www.mywebsite.com he/ she will be redirected
>>>> to https://www.mywebsite.com automatically.
>>>
>>> You need to become familiar with the servlet spec:
>>> http://jcp.org/aboutJava/communityprocess/mrel/jsr154/index.html
>>>
>>> In particular, look at section 12.7 for a <transport-guarantee> of
>>> CONFIDENTIAL.
>>>
>>> If you want all of your webapps to use HTTPS, you can put the
>>> <transport-guarantee> in conf/web.xml rather than in the WEB-INF/web.xml
>>> of each of the individual webapps.
>>>
>>> - Chuck
>>>
>>>
>>> THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY
>>> MATERIAL and is thus for use only by the intended recipient. If you
>>> received this in error, please contact the sender and delete the e-mail
>>> and its attachments from all computers.
>>>
>>> ---------------------------------------------------------------------
>>> To start a new topic, e-mail: users@tomcat.apache.org
>>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>>> For additional commands, e-mail: users-help@tomcat.apache.org
>>>
>>>
>>>
>>
>> --
>> View this message in context:
>> http://www.nabble.com/.htaccess-%2B-Tomcat-tf3899482.html#a11072000
>> Sent from the Tomcat - User mailing list archive at Nabble.com.
>>
>>
>> ---------------------------------------------------------------------
>> To start a new topic, e-mail: users@tomcat.apache.org
>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>> For additional commands, e-mail: users-help@tomcat.apache.org
>>
>>
>
>
>
>
> ---------------------------------------------------------------------
> To start a new topic, e-mail: users@tomcat.apache.org
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>
>
--
View this message in context: http://www.nabble.com/.htaccess-%2B-Tomcat-tf3899482.html#a11077082
Sent from the Tomcat - User mailing list archive at Nabble.com.
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: .htaccess + Tomcat
Posted by Bill Barker <wb...@wilshire.com>.
"reym" <re...@gmail.com> wrote in message
news:11072000.post@talk.nabble.com...
>
> Hi there,
>
> Thanks for the response. I have tried that, and it works if I directly
> type
> in https://www.mywebsite.comin the browser (I'm using IE7). This is how my
> server.xml file looks like for the non-SSL HTTP and SSL HTTP respectively:
>
> <!-- Define a non-SSL HTTP/1.1 Connector on port 8080 -->
> <Connector port="80" maxHttpHeaderSize="8192"
> maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
> enableLookups="false" redirectPort="8443" acceptCount="100"
> connectionTimeout="20000" disableUploadTimeout="true"
> />
>
> <!-- Define a SSL HTTP/1.1 Connector on port 8443 -->
> <Connector port="443" maxHttpHeaderSize="8192"
>
> className="org.apache.catalina.connector.http.HttpConnector"
This is sooooooo deprecated and buggy. You should use the default Coyote
Connector instead.
> maxThreads="150"
> minSpareThreads="25"
> maxSpareThreads="75"
> enableLookups="false"
> disableUploadTimeout="true"
> acceptCount="100"
> scheme="https"
> secure="true"
> clientAuth="false"
> sslProtocol="TLS"
> keystoreFile="/root/.keystore"
> keystoreType="JKS"
> keystorePass="b0nus2ooo??"
> >
> <Factory className="org.apache.catalina.net.SSLServerSocketFactory"
> clientAuth="false" protocol="TLS"/>
> </Connector>
>
>
> I'm not using a .htaccess file. What am i missing? I read something about
> a
> redirectPort attribute, am i suppose to be using that? Please advise.
>
Yes, the redirectPort attribute needs to match the port for the SSL
Connector (in your case, 443). And it's a good thing, since IE has issues
on 4.1.x when you try and use a non-default port for the SSL Connector.
> Thank you for your time, and thanks in advance. I look forward to hearing
> from you.
>
>
> Kind regards,
> Rey Malahay
>
>
>
> Caldarale, Charles R wrote:
>>
>>> From: reym [mailto:reymalahay@gmail.com]
>>> Subject: .htaccess + Tomcat
>>>
>>> I have installed SSL on the server, and would like
>>> to use a .htaccess file so that when a user types in
>>> http://www.mywebsite.com he/ she will be redirected
>>> to https://www.mywebsite.com automatically.
>>
>> You need to become familiar with the servlet spec:
>> http://jcp.org/aboutJava/communityprocess/mrel/jsr154/index.html
>>
>> In particular, look at section 12.7 for a <transport-guarantee> of
>> CONFIDENTIAL.
>>
>> If you want all of your webapps to use HTTPS, you can put the
>> <transport-guarantee> in conf/web.xml rather than in the WEB-INF/web.xml
>> of each of the individual webapps.
>>
>> - Chuck
>>
>>
>> THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY
>> MATERIAL and is thus for use only by the intended recipient. If you
>> received this in error, please contact the sender and delete the e-mail
>> and its attachments from all computers.
>>
>> ---------------------------------------------------------------------
>> To start a new topic, e-mail: users@tomcat.apache.org
>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>> For additional commands, e-mail: users-help@tomcat.apache.org
>>
>>
>>
>
> --
> View this message in context:
> http://www.nabble.com/.htaccess-%2B-Tomcat-tf3899482.html#a11072000
> Sent from the Tomcat - User mailing list archive at Nabble.com.
>
>
> ---------------------------------------------------------------------
> To start a new topic, e-mail: users@tomcat.apache.org
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
RE: .htaccess + Tomcat
Posted by reym <re...@gmail.com>.
Hi there,
Thanks for the response. I have tried that, and it works if I directly type
in https://www.mywebsite.comin the browser (I'm using IE7). This is how my
server.xml file looks like for the non-SSL HTTP and SSL HTTP respectively:
<!-- Define a non-SSL HTTP/1.1 Connector on port 8080 -->
<Connector port="80" maxHttpHeaderSize="8192"
maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
enableLookups="false" redirectPort="8443" acceptCount="100"
connectionTimeout="20000" disableUploadTimeout="true"
/>
<!-- Define a SSL HTTP/1.1 Connector on port 8443 -->
<Connector port="443" maxHttpHeaderSize="8192"
className="org.apache.catalina.connector.http.HttpConnector"
maxThreads="150"
minSpareThreads="25"
maxSpareThreads="75"
enableLookups="false"
disableUploadTimeout="true"
acceptCount="100"
scheme="https"
secure="true"
clientAuth="false"
sslProtocol="TLS"
keystoreFile="/root/.keystore"
keystoreType="JKS"
keystorePass="b0nus2ooo??"
>
<Factory className="org.apache.catalina.net.SSLServerSocketFactory"
clientAuth="false" protocol="TLS"/>
</Connector>
I'm not using a .htaccess file. What am i missing? I read something about a
redirectPort attribute, am i suppose to be using that? Please advise.
Thank you for your time, and thanks in advance. I look forward to hearing
from you.
Kind regards,
Rey Malahay
Caldarale, Charles R wrote:
>
>> From: reym [mailto:reymalahay@gmail.com]
>> Subject: .htaccess + Tomcat
>>
>> I have installed SSL on the server, and would like
>> to use a .htaccess file so that when a user types in
>> http://www.mywebsite.com he/ she will be redirected
>> to https://www.mywebsite.com automatically.
>
> You need to become familiar with the servlet spec:
> http://jcp.org/aboutJava/communityprocess/mrel/jsr154/index.html
>
> In particular, look at section 12.7 for a <transport-guarantee> of
> CONFIDENTIAL.
>
> If you want all of your webapps to use HTTPS, you can put the
> <transport-guarantee> in conf/web.xml rather than in the WEB-INF/web.xml
> of each of the individual webapps.
>
> - Chuck
>
>
> THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY
> MATERIAL and is thus for use only by the intended recipient. If you
> received this in error, please contact the sender and delete the e-mail
> and its attachments from all computers.
>
> ---------------------------------------------------------------------
> To start a new topic, e-mail: users@tomcat.apache.org
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>
>
--
View this message in context: http://www.nabble.com/.htaccess-%2B-Tomcat-tf3899482.html#a11072000
Sent from the Tomcat - User mailing list archive at Nabble.com.
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
RE: .htaccess + Tomcat
Posted by "Caldarale, Charles R" <Ch...@unisys.com>.
> From: reym [mailto:reymalahay@gmail.com]
> Subject: .htaccess + Tomcat
>
> I have installed SSL on the server, and would like
> to use a .htaccess file so that when a user types in
> http://www.mywebsite.com he/ she will be redirected
> to https://www.mywebsite.com automatically.
You need to become familiar with the servlet spec:
http://jcp.org/aboutJava/communityprocess/mrel/jsr154/index.html
In particular, look at section 12.7 for a <transport-guarantee> of
CONFIDENTIAL.
If you want all of your webapps to use HTTPS, you can put the
<transport-guarantee> in conf/web.xml rather than in the WEB-INF/web.xml
of each of the individual webapps.
- Chuck
THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY
MATERIAL and is thus for use only by the intended recipient. If you
received this in error, please contact the sender and delete the e-mail
and its attachments from all computers.
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org