You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by lavanya tech <la...@gmail.com> on 2024/04/18 11:05:36 UTC
Re: Regarding Tomcat url redirection
Hi Team,
I am using "Tomcat 10.1" in our environment and I wanted to redirect url
from https://example.com to https://www.servercom:7777 and for this i
modified the server.xml as below in tomcat config, and the below
configuration doesnot seems to work. Does anyone has ideas. Please suggest.
The url alone https://www.servercom:7777/ already works. But just
redirection from the old to one doesnot.
<Host name="example.com" appBase="app" unpackWARs="true" autoDeploy="true">
<Context path="" docBase="example" />
<Alias>example.com</Alias>
<!-- Add RewriteValve and RewriteRule here -->
<Valve className="org.apache.catalina.valves.rewrite.RewriteValve"/>
<Engine name="Catalina" defaultHost="localhost">
<Host name="example.com" appBase="app" unpackWARs="true"
autoDeploy="true">
<Context path="" docBase="example" />
<Alias>example.com</Alias>
<Valve className="org.apache.catalina.valves.rewrite.RewriteValve"/>
<Engine name="Catalina" defaultHost="localhost">
<Host name="example.com" appBase="app"
unpackWARs="true" autoDeploy="true">
<Context path="" docBase="example" />
<Alias>example.com</Alias>
<!-- Rewrite rule to redirect to
www.servercom:8080/example -->
<RewriteCond %{HTTP_HOST} example\.com [NC]
<RewriteRule ^/(.*)$
https://www.servercom:7777/example/$1 [R=301,L]
</Host>
</Engine>
</Host>
</Engine>
</Host>
Thanks,
Ammu
Re: Regarding Tomcat url redirection
Posted by lavanya tech <la...@gmail.com>.
Hi Chris,
I have already a Root folder /git/app/apache-tomcat-10.1.11/webapps, I see
the files index.jsp and index.jsp has below configuration.
So should I add server.xml under ROOT folder aswell with localhost and
example.com such that both the urls are accessible. ? Please suggest
<% response.sendRedirect("/towl"); %>
Thanks,
amm
On Mon, Apr 22, 2024 at 11:21 AM lavanya tech <la...@gmail.com>
wrote:
> Hi Chris,
>
> Could you please explain, what you exactly mean ? So here redirect is not
> a solution right ?
>
> "You'd have to use a glob/regex if
> you wanted to check for [anything and maybe nothing.]example.com."
>
> Thanks,
> ammu
>
>
>
>
> On Fri, Apr 19, 2024 at 3:03 PM Christopher Schultz <
> chris@christopherschultz.net> wrote:
>
>> Ammu,
>>
>> On 4/19/24 08:32, lavanya tech wrote:
>> > Thank you very much. I removed <Host> for example.com as well as
>> adding an
>> > <Alias> in server.xml
>> > I copied context.xml file
>> > /git/app/apache-tomcat-10.1.11/webapps/towl/META-INF/context.xml
>> > Removed < in rewrite.config files.
>> >
>> > But still I dont redirect the URL.
>>
>> If you have <Context> in server.xml and also your application in the
>> webapps/ directory, then you will be double-deploying your application.
>>
>> Re-name /git/app/apache-tomcat-10.1.11/webapps/towl/ to be
>> /git/app/apache-tomcat-10.1.11/webapps/ROOT (the capitals are important)
>> and remove the <Context> element from your server.xml.
>>
>> Then start your server and read the logs.
>>
>> > *nslookup alias.example.com <http://alias.example.com>
>> > gives-->Non-authoritative answer:Name: www.example.com
>> > <http://www.example.com>Address: 192.168.200.10Aliases:
>> alias.example.com
>> > <http://alias.example.com>*
>> >
>> >
>> > Just to give some information here, *www.example.com
>> > <http://www.example.com>* has alias* "alias.example.com
>> > <http://alias.example.com>"*
>> > But https://www.example.com:7777/example --> works fine with out
>> issues but
>> > the alias doesnot works (https://alias.example.com)
>> > So i am not sure if the redirect url helps or if its correct
>>
>> Your rewrite configuration says that you have to be using host
>> "example.com" but your request goes to www.example.com. Your
>> configuration should only redirect a request such as:
>>
>> $ curl -v http://example.com:7777/something
>>
>> HTTP/1.1 301 Moved Permanently
>> ...
>> Location: https://www.example.com:7777/example
>>
>> If you make a request like:
>>
>> $ curl -v http://www.example.com:7777/something
>>
>> I wouldn't expect a redirect because of your "host" condition. The
>> "%{HTTP_HOST} example.com" looks at the entire Host header and not just
>> anything that ends in "example.com". You'd have to use a glob/regex if
>> you wanted to check for [anything and maybe nothing.]example.com.
>>
>> You'd also have to make sure that your application is serving responses
>> to requests to / which is why I'm recommending you use the ROOT web
>> application name instead of "towl".
>>
>> -chris
>>
>> > On Fri, Apr 19, 2024 at 1:21 PM Christopher Schultz <
>> > chris@christopherschultz.net> wrote:
>> >
>> >> Ammu,
>> >>
>> >> On 4/18/24 09:34, lavanya tech wrote:
>> >>> I am attaching server.xml and context.xml and rewrite.config files.
>> >>> The paths are
>> >>>
>> >>> /git/app/apache-tomcat-10.1.11/webapps/towl/context.xml
>> >>> <Context>
>> >>> <Valve
>> className="org.apache.catalina.valves.rewrite.RewriteValve"
>> >> />
>> >>> <!-- Other context configuration -->
>> >>> </Context>
>> >>
>> >> This file ^^^ is in the wrong place. It should be in
>> >> /git/app/apache-tomcat-10.1.11/webapps/towl/META-INF/context.xml
>> >>
>> >>> /git/app/apache-tomcat-10.1.11/webapps/towl/WEB-INF/rewrite.config
>> >>>
>> >>> <RewriteCond %{HTTP_HOST} example.com [NC]
>> >>> <RewriteRule ^/(.*)$ https://www.example.com:7777/example [R=301,L]
>> >>
>> >> Why do you have < symbols at the beginning of these lines?
>> >>
>> >>> server.xml
>> >>>
>> >> > [...]
>> >>>
>> >>> <Host name="example.com" appBase="webapps" unpackWARs="true"
>> >>> autoDeploy="true">
>> >>> <Context path="" docBase="towl" />
>> >>
>> >> It's best not to define any <Context> in server.xml. I would remove
>> this
>> >> <Context> entirely and allow Tomcat to auto-reploy from your
>> >> webapps/towl directory. If you need this application to be deployed as
>> >> the ROOT context (on / and not /towl) then you should re-name
>> >> /git/app/apache-tomcat-10.1.11/webapps/towl to
>> >> /git/app/apache-tomcat-10.1.11/webapps/ROOT
>> >>
>> >> You also don't need a <Host> for example.com as well as adding an
>> >> <Alias> for the same domain (though this is probably to anonymize the
>> >> configuration). You can feel free to simply use the "localhost" <Host>
>> >> as the default <Host> and deploy everything into it. This makes your
>> >> configuration changes relative to a stock Tomcat less significant and
>> >> easier to apply to new versions if/when necessary.
>> >>
>> >> -chris
>> >>
>> >>> On Thu, Apr 18, 2024 at 2:17 PM Christopher Schultz <
>> >>> chris@christopherschultz.net> wrote:
>> >>>
>> >>>> Ammu,
>> >>>>
>> >>>> On 4/18/24 07:45, lavanya tech wrote:
>> >>>>> I added classname rewrite valeus in contex.xml file .
>> >>>>>
>> >>>>> <!-- REWRITE VALVE -->
>> >>>>> <Valve
>> >> className="org.apache.catalina.valves.rewrite.RewriteValve"
>> >>>> />
>> >>>>> <!-- // -->
>> >>>>>
>> >>>>> created rewrite.config so both of them is located under conf under
>> >>>>> apache-tomcat.
>> >>>>>
>> >>>>>
>> >>>>> <RewriteCond %{HTTP_HOST} example.com [NC]
>> >>>>> <RewriteRule ^/(.*)$
>> >>>>> https://www.example.com:7777/example [R=301,L]
>> >>>>>
>> >>>>> So according to the documentaion they say context.xml should be
>> placed
>> >>>>> under webapps and rewrite.config file should be put in WEB-INF
>> folder
>> >> of
>> >>>>> apache-tomcat . I placed and restarted tomcat webserver but still it
>> >>>>> doesnot redirect.
>> >>>>
>> >>>> Can you give full paths to both server.xml and rewrite.config,
>> re-post
>> >>>> your current server.xml <Context> element, and the complete contents
>> of
>> >>>> rewrite.config?
>> >>>>
>> >>>> Have you looked at the log files after start?
>> >>>>
>> >>>> -chris
>> >>>>
>> >>>>> On Thu, Apr 18, 2024 at 1:36 PM lavanya tech <
>> lavanyatech440@gmail.com
>> >>>
>> >>>>> wrote:
>> >>>>>
>> >>>>>> Hi Thomas,
>> >>>>>>
>> >>>>>> Thanks for the fast response.
>> >>>>>>
>> >>>>>> I added classname rewrite valeus in contex.xml file .
>> >>>>>>
>> >>>>>> <!-- REWRITE VALVE -->
>> >>>>>> <Valve
>> >> className="org.apache.catalina.valves.rewrite.RewriteValve"
>> >>>> />
>> >>>>>> <!-- // -->
>> >>>>>>
>> >>>>>> created rewrite.config so both of them is located under conf under
>> >>>>>> apache-tomcat.
>> >>>>>>
>> >>>>>> So according to the documentaion they say context.xml should be
>> placed
>> >>>>>> under webapps and rewrite.config file should be put in WEB-INF
>> folder
>> >> of
>> >>>>>> apache-tomcat
>> >>>>>>
>> >>>>>> Thnks,
>> >>>>>> Ammu
>> >>>>>>
>> >>>>>>
>> >>>>>>
>> >>>>>> On Thu, Apr 18, 2024 at 1:22 PM Mark Thomas <ma...@apache.org>
>> wrote:
>> >>>>>>
>> >>>>>>> On 18/04/2024 12:05, lavanya tech wrote:
>> >>>>>>>> Hi Team,
>> >>>>>>>>
>> >>>>>>>> I am using "Tomcat 10.1" in our environment and I wanted to
>> redirect
>> >>>> url
>> >>>>>>>> from https://example.com to https://www.servercom:7777 and for
>> >> this i
>> >>>>>>>> modified the server.xml as below in tomcat config, and the below
>> >>>>>>>> configuration doesnot seems to work. Does anyone has ideas.
>> Please
>> >>>>>>> suggest.
>> >>>>>>>> The url alone https://www.servercom:7777/ already works. But
>> just
>> >>>>>>>> redirection from the old to one doesnot.
>> >>>>>>>>
>> >>>>>>>> <Host name="example.com" appBase="app" unpackWARs="true"
>> >>>>>>> autoDeploy="true">
>> >>>>>>>> <Context path="" docBase="example" />
>> >>>>>>>> <Alias>example.com</Alias>
>> >>>>>>>> <!-- Add RewriteValve and RewriteRule here -->
>> >>>>>>>> <Valve
>> >>>>>>> className="org.apache.catalina.valves.rewrite.RewriteValve"/>
>> >>>>>>>> <Engine name="Catalina" defaultHost="localhost">
>> >>>>>>>> <Host name="example.com" appBase="app"
>> unpackWARs="true"
>> >>>>>>>> autoDeploy="true">
>> >>>>>>>> <Context path="" docBase="example" />
>> >>>>>>>> <Alias>example.com</Alias>
>> >>>>>>>> <Valve
>> >>>>>>> className="org.apache.catalina.valves.rewrite.RewriteValve"/>
>> >>>>>>>> <Engine name="Catalina" defaultHost="localhost">
>> >>>>>>>> <Host name="example.com" appBase="app"
>> >>>>>>>> unpackWARs="true" autoDeploy="true">
>> >>>>>>>> <Context path="" docBase="example" />
>> >>>>>>>> <Alias>example.com</Alias>
>> >>>>>>>> <!-- Rewrite rule to redirect to
>> >>>>>>>> www.servercom:8080/example -->
>> >>>>>>>> <RewriteCond %{HTTP_HOST} example\.com
>> [NC]
>> >>>>>>>> <RewriteRule ^/(.*)$
>> >>>>>>>> https://www.servercom:7777/example/$1 [R=301,L]
>> >>>>>>>
>> >>>>>>> 1. That isn't valid XML.
>> >>>>>>>
>> >>>>>>> 2. Where in the Tomcat docs does it say you can nest re-write
>> rules
>> >> in
>> >>>> a
>> >>>>>>> Host element (or any other element)?
>> >>>>>>>
>> >>>>>>>> </Host>
>> >>>>>>>> </Engine>
>> >>>>>>>> </Host>
>> >>>>>>>> </Engine>
>> >>>>>>>> </Host>
>> >>>>>>>
>> >>>>>>> You need to configure the RewriteValve.
>> >>>>>>> https://tomcat.apache.org/tomcat-10.1-doc/rewrite.html
>> >>>>>>>
>> >>>>>>> Mark
>> >>>>>>>
>> >>>>>>>
>> ---------------------------------------------------------------------
>> >>>>>>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>> >>>>>>> For additional commands, e-mail: users-help@tomcat.apache.org
>> >>>>>>>
>> >>>>>>>
>> >>>>>
>> >>>>
>> >>>> ---------------------------------------------------------------------
>> >>>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>> >>>> For additional commands, e-mail: users-help@tomcat.apache.org
>> >>>>
>> >>>>
>> >>>
>> >>
>> >> ---------------------------------------------------------------------
>> >> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>> >> For additional commands, e-mail: users-help@tomcat.apache.org
>> >>
>> >>
>> >
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>> For additional commands, e-mail: users-help@tomcat.apache.org
>>
>>
Re: Regarding Tomcat url redirection
Posted by Christopher Schultz <ch...@christopherschultz.net>.
Lavanya,
On 4/25/24 09:36, lavanya tech wrote:
> I have updated the certificate now, but still I cannot access url
> https://example.lbg.com/towl either https://server.lbg.com/towl ?
>
> I wonder why its working with port 8443 and not with out port
If Tomcat is listening to port 8443, then you need to use port 8443 to
make a request. The cert doesn't cover port number, so you can still use it.
If you want to use port 443 (the default port for HTTPS) then you will
need to change Tomcat to bind to port 443 (if that's allowed on your OS)
or arrange to have port 443 routed to port 8443. You may need additional
configuration in Tomcat (specifically: proxyPort) to avoid having Tomcat
generate URLs with ":8443" in them.
-chris
> On Thu, Apr 25, 2024 at 1:24 PM lavanya tech <la...@gmail.com>
> wrote:
>
>> Hi Chris,
>>
>> One question / doubt:
>>
>> As I mentioned earlier, the below URLS already working in the browser
>>> https://server.lbg.com:8443/towl
>>> https://example.lbg.com:8443/towl -> redirect ( which means when I hit
>> in browser) it points to https://server.lbg.com:8443/towl ---> To be
>> frank, even I donot need redirect here, not sure why it redirects.
>>
>> My question is why its working even though SAN is not registered with the
>> certificate ? It doesnot even throw warning in the browser.
>>
>> Why https://server.lbg.com/towl or https://example.lbg.com/towl --> How
>> it should work with New SAN certificate ?
>>
>> Thanks,
>> Lavanya
>>
>>
>>
>> On Thu, Apr 25, 2024 at 10:16 AM lavanya tech <la...@gmail.com>
>> wrote:
>>
>>> Hi Chris,
>>>
>>>
>>> Thanks I will request new certificate with SANs and I will try to fix the
>>> things from our end.
>>>
>>> Best Regards,
>>> Lavanya
>>>
>>> On Wed, Apr 24, 2024 at 11:12 PM Christopher Schultz <
>>> chris@christopherschultz.net> wrote:
>>>
>>>> Lavanya,
>>>>
>>>> On 4/24/24 15:39, lavanya tech wrote:
>>>>> Local host means the machine i am logged in to server.lbg.com
>>>>>
>>>>> You are right, example.lbg.com is CNAME record.
>>>>
>>>> Okay, thanks for clearing that up.
>>>>
>>>>> I dont have any SAN configured for the certificate. The certificate is
>>>>> requested for only server.lbg.com
>>>>
>>>> You will never be able to make a secure request to anything other than
>>>> server.lbg.com without seeing an error. I highly recommend adding the
>>>> other hostname as a SAN to your certificate if you really want to
>>>> support this.
>>>>
>>>> Even if you wanted https://example.lbg.com/whatever to return an HTTP
>>>> 302 redirect to https://server.lbg.com/whatever, the user would see a
>>>> certificate hostname mismatch error which is ugly. It's best to make it
>>>> work without users seeing ugly things.
>>>>
>>>>> So if i just request new certificate with SAN it should work ? If yes,
>>>> I
>>>>> will request for it and follow your steps as below suggested.
>>>>
>>>> Yes, it should.
>>>>
>>>>> Should i use CName record or DNS? Does it make difference?
>>>>
>>>> CNAME *is* DNS.
>>>>
>>>> Whenever possible, use hostnames and not IP addresses as SANs. It's more
>>>> flexible that way, and users get to see hostnames instead of IP
>>>> addresses.
>>>>
>>>> -chris
>>>>
>>>>> On Wednesday, April 24, 2024, Christopher Schultz <
>>>>> chris@christopherschultz.net> wrote:
>>>>>
>>>>>> Lavanya,
>>>>>>
>>>>>> On 4/24/24 07:37, lavanya tech wrote:
>>>>>>
>>>>>>> Sorry I understood wrongly here with regards to my environment, Let
>>>> me
>>>>>>> start from the beginning. I donot want to use redirect at all. I
>>>> simply
>>>>>>> wanted to force apache tomcat to use both localhost and dns name of
>>>> the
>>>>>>> localhost via url.
>>>>>>>
>>>>>>
>>>>>> When you say "force" what do you mean?
>>>>>>
>>>>>> When you say "use both localhost and DNS name" what do you mean?
>>>>>>
>>>>>> When you say "localhost" do you mean 127.0.0.1 or "the machine I'm
>>>>>> logged-into right now"?
>>>>>>
>>>>>> I have DNS resollution as below.
>>>>>>>
>>>>>>> server.lbg.com --> localhost
>>>>>>>
>>>>>>
>>>>>> Is that a CNAME record?
>>>>>>
>>>>>> nslookup server.lbg.com (localhost)
>>>>>>> Name: server.lbg.com
>>>>>>> Address: 192.168.100.20
>>>>>>> alias: example.lbg.com
>>>>>>>
>>>>>>
>>>>>> That's a weird DNS response. The DNS name "localhost" should *always*
>>>>>> return 127.0.0.1 for IPv4 and ::1 for IPv6. It shouldn't return
>>>>>> 191.168.100.20.
>>>>>>
>>>>>> We have working the below urls working:
>>>>>>> https://server.lbg.com:8443/towl
>>>>>>> https://example.lbg.com:8443/towl --> redirects to
>>>>>>>
>>>>>>
>>>>>> What do you mean "redirect"? Does it return a 30x response that
>>>> causes the
>>>>>> browser to make a new request to \/
>>>>>>
>>>>>> https://server.lbg.com:8443/towl --> still works --> we have SSL
>>>>>>> configured for the same but this SSL certificate doesnot have
>>>> additional
>>>>>>> DNS setup.
>>>>>>>
>>>>>>
>>>>>> What SANs are in your certificate? How many certificates do you have?
>>>>>>
>>>>>> But I would need to somehow access https://example.lbg.com --> which
>>>>>>> means
>>>>>>> I would need to access via 443 here ?
>>>>>>>
>>>>>>
>>>>>> I'm so confused. What needs to access what?
>>>>>>
>>>>>> I tried to adding the below to server.xml as below, but that doesnot
>>>> seems
>>>>>>> to work.
>>>>>>>
>>>>>>> <Connector port="80"
>>>>>>> protocol="org.apache.coyote.http11.Http11NioProtocol"
>>>>>>> connectionTimeout="20000"
>>>>>>> redirectPort="443" />
>>>>>>>
>>>>>>
>>>>>> This will only redirect (HTTP 302) requests to
>>>> http://yourhost/anything
>>>>>> to https://yourhost/anything *if the application specifically
>>>> requests
>>>>>> CONFIDENTIAL transport*. It doesn't just redirect everything by
>>>> default. If
>>>>>> you want it to redirect everything, you'll need to set that up e.g.
>>>> using
>>>>>> RewriteValve. There are other options, too.
>>>>>>
>>>>>> Do i need additional SSL certificate for the https://example.lbg.com
>>>> to
>>>>>>> make it work ?
>>>>>>>
>>>>>>
>>>>>> If you don't want your browser to complain, you will need at least
>>>> one TLS
>>>>>> certificate that contains every Subject Alternative Name (SAN) for
>>>> every
>>>>>> possible hostname you expect to use with this service. You ca do it
>>>> with
>>>>>> multiple certificates as well, but a single cert with multiple SANs
>>>> is less
>>>>>> work.
>>>>>>
>>>>>> Do i need to set up an additional web server for this like apache or
>>>> nginx
>>>>>>> for redirecting requests?
>>>>>>>
>>>>>>
>>>>>> No.
>>>>>>
>>>>>> Please stop saying "redirect" because it sounds like you almost never
>>>> mean
>>>>>> "HTTP 30x redirect" and that's confusing everything.
>>>>>>
>>>>>> I *think* you only need the following:
>>>>>>
>>>>>> 1. A TLS certificate with the following SANs:
>>>>>>
>>>>>> * server.lbg.com
>>>>>> * example.lbg.com
>>>>>> * localhost (you shouldn't do this)
>>>>>>
>>>>>> 2. DNS configured for all hostnames:
>>>>>>
>>>>>> * server.lbg.com -> A 192.168.100.20
>>>>>> * example.lgb.com -> A 192.168.100.20
>>>>>>
>>>>>> 3. Tomcat configured with a single <Host> which is the default virtual
>>>>>> host. Note that this is the *default Tomcat configuration* and
>>>> doesn't need
>>>>>> to be changed from the default.
>>>>>>
>>>>>> 4. Tomcat configured with your certificate like this:
>>>>>>
>>>>>> <Connector ...
>>>>>> SSLEnabled="true">
>>>>>> <SSLHostConfig>
>>>>>> <Certificate
>>>>>> certificateFile="/path/to/your/cert.crt"
>>>>>> certificateKeyFile="/path/to/your/key.pem" />
>>>>>> <!-- You may need certificateKeyPassword in <Certificate> -->
>>>>>> </SSLHostConfig>
>>>>>> </Connector>
>>>>>>
>>>>>> If your SANs are configured properly, this should allow you to connect
>>>>>> using any of these URLs:
>>>>>>
>>>>>> $ curl https://server.lbg.com/towl/login.jsp
>>>>>>
>>>>>> (returns login page)
>>>>>>
>>>>>> $ curl https://example.lbg.com/towl/login.jsp
>>>>>>
>>>>>> (returns login page)
>>>>>>
>>>>>> If your application's web.xml contains something like this:
>>>>>>
>>>>>> <security-constraint>
>>>>>> <web-resource-collection>
>>>>>> <web-resource-name>theapp</web-resource-name>
>>>>>> <url-pattern>/*</url-pattern>
>>>>>> </web-resource-collection>
>>>>>> <user-data-constraint>
>>>>>> <transport-guarantee>CONFIDENTIAL</transport-guarantee>
>>>>>> </user-data-constraint>
>>>>>> </security-constraint>
>>>>>>
>>>>>> ... then these URLs insecure HTTP URLs should redirect your clients:
>>>>>>
>>>>>> $ curl http://server.lbg.com/towl/login.jsp
>>>>>>
>>>>>> (returns HTTP 302 redirect to
>>>> https://server.lbg.com/towl/login.jsp)
>>>>>>
>>>>>> $ curl https://server.lbg.com/towl/login.jsp
>>>>>>
>>>>>> (returns HTTP 302 redirect to
>>>> https://example.lbg.com/towl/login.jsp)
>>>>>>
>>>>>> I don't think you need any use of the RewriteValve unless you want to
>>>>>> handle sending HTTP 302 redirect responses to insecure requests
>>>> without
>>>>>> specifying the CONFIDENTIAL transport-guarantee in your application's
>>>>>> web.xml file. But I don't see any reason NOT to have that in there.
>>>>>>
>>>>>> -chris
>>>>>>
>>>>>> On Tue, Apr 23, 2024 at 10:52 PM Christopher Schultz <
>>>>>>> chris@christopherschultz.net> wrote:
>>>>>>>
>>>>>>> Lavanya,
>>>>>>>>
>>>>>>>> On 4/22/24 05:21, lavanya tech wrote:
>>>>>>>>
>>>>>>>>> Could you please explain, what you exactly mean ? So here redirect
>>>> is
>>>>>>>>>
>>>>>>>> not a
>>>>>>>>
>>>>>>>>> solution right ?
>>>>>>>>>
>>>>>>>>
>>>>>>>> Redirecting is fine.
>>>>>>>>
>>>>>>>> Perhaps you should take a step back and decide: what do you actually
>>>>>>>> want, here? You might be trying to solve problem X by applying
>>>> solution
>>>>>>>> Y, and you've already decided that solution Y is correct so you are
>>>>>>>> trying to get help with that.
>>>>>>>>
>>>>>>>> Perhaps ask for help with Problem X?
>>>>>>>>
>>>>>>>> For example, "I don't want users to have to type the name of my
>>>>>>>> application to reach it so I want example.com/ to go to my
>>>> application
>>>>>>>> instead of example.com/myapp/".
>>>>>>>>
>>>>>>>> Or, "I have multiple domains and I want all of them to redirect to
>>>> the
>>>>>>>> canonical domain example.com and to go to me web application
>>>> /myapp so
>>>>>>>> everything goes to example.com/myapp/".
>>>>>>>>
>>>>>>>> "You'd have to use a glob/regex if
>>>>>>>>> you wanted to check for [anything and maybe nothing.]example.com."
>>>>>>>>>
>>>>>>>>
>>>>>>>> There is nothing in your configuration or question that suggests
>>>> that
>>>>>>>> the hostname in the request is relevant, but you are making it a
>>>>>>>> *requirement* that the request contains a specific Host header. IF
>>>> you
>>>>>>>> don't actually need that, why do you have it?
>>>>>>>>
>>>>>>>> -chris
>>>>>>>>
>>>>>>>> On Fri, Apr 19, 2024 at 3:03 PM Christopher Schultz <
>>>>>>>>> chris@christopherschultz.net> wrote:
>>>>>>>>>
>>>>>>>>> Ammu,
>>>>>>>>>>
>>>>>>>>>> On 4/19/24 08:32, lavanya tech wrote:
>>>>>>>>>>
>>>>>>>>>>> Thank you very much. I removed <Host> for example.com as well as
>>>>>>>>>>>
>>>>>>>>>> adding
>>>>>>>>
>>>>>>>>> an
>>>>>>>>>>
>>>>>>>>>>> <Alias> in server.xml
>>>>>>>>>>> I copied context.xml file
>>>>>>>>>>> /git/app/apache-tomcat-10.1.11/webapps/towl/META-INF/context.xml
>>>>>>>>>>> Removed < in rewrite.config files.
>>>>>>>>>>>
>>>>>>>>>>> But still I dont redirect the URL.
>>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> If you have <Context> in server.xml and also your application in
>>>> the
>>>>>>>>>> webapps/ directory, then you will be double-deploying your
>>>> application.
>>>>>>>>>>
>>>>>>>>>> Re-name /git/app/apache-tomcat-10.1.11/webapps/towl/ to be
>>>>>>>>>> /git/app/apache-tomcat-10.1.11/webapps/ROOT (the capitals are
>>>>>>>>>> important)
>>>>>>>>>> and remove the <Context> element from your server.xml.
>>>>>>>>>>
>>>>>>>>>> Then start your server and read the logs.
>>>>>>>>>>
>>>>>>>>>> *nslookup alias.example.com <http://alias.example.com>
>>>>>>>>>>> gives-->Non-authoritative answer:Name: www.example.com
>>>>>>>>>>> <http://www.example.com>Address: 192.168.200.10Aliases:
>>>>>>>>>>>
>>>>>>>>>> alias.example.com
>>>>>>>>>>
>>>>>>>>>>> <http://alias.example.com>*
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> Just to give some information here, *www.example.com
>>>>>>>>>>> <http://www.example.com>* has alias* "alias.example.com
>>>>>>>>>>> <http://alias.example.com>"*
>>>>>>>>>>> But https://www.example.com:7777/example --> works fine with out
>>>>>>>>>>>
>>>>>>>>>> issues
>>>>>>>>
>>>>>>>>> but
>>>>>>>>>>
>>>>>>>>>>> the alias doesnot works (https://alias.example.com)
>>>>>>>>>>> So i am not sure if the redirect url helps or if its correct
>>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> Your rewrite configuration says that you have to be using host
>>>>>>>>>> "example.com" but your request goes to www.example.com. Your
>>>>>>>>>> configuration should only redirect a request such as:
>>>>>>>>>>
>>>>>>>>>> $ curl -v http://example.com:7777/something
>>>>>>>>>>
>>>>>>>>>> HTTP/1.1 301 Moved Permanently
>>>>>>>>>> ...
>>>>>>>>>> Location: https://www.example.com:7777/example
>>>>>>>>>>
>>>>>>>>>> If you make a request like:
>>>>>>>>>>
>>>>>>>>>> $ curl -v http://www.example.com:7777/something
>>>>>>>>>>
>>>>>>>>>> I wouldn't expect a redirect because of your "host" condition. The
>>>>>>>>>> "%{HTTP_HOST} example.com" looks at the entire Host header and
>>>> not
>>>>>>>>>> just
>>>>>>>>>> anything that ends in "example.com". You'd have to use a
>>>> glob/regex if
>>>>>>>>>> you wanted to check for [anything and maybe nothing.]example.com.
>>>>>>>>>>
>>>>>>>>>> You'd also have to make sure that your application is serving
>>>> responses
>>>>>>>>>> to requests to / which is why I'm recommending you use the ROOT
>>>> web
>>>>>>>>>> application name instead of "towl".
>>>>>>>>>>
>>>>>>>>>> -chris
>>>>>>>>>>
>>>>>>>>>> On Fri, Apr 19, 2024 at 1:21 PM Christopher Schultz <
>>>>>>>>>>> chris@christopherschultz.net> wrote:
>>>>>>>>>>>
>>>>>>>>>>> Ammu,
>>>>>>>>>>>>
>>>>>>>>>>>> On 4/18/24 09:34, lavanya tech wrote:
>>>>>>>>>>>>
>>>>>>>>>>>>> I am attaching server.xml and context.xml and rewrite.config
>>>> files.
>>>>>>>>>>>>> The paths are
>>>>>>>>>>>>>
>>>>>>>>>>>>> /git/app/apache-tomcat-10.1.11/webapps/towl/context.xml
>>>>>>>>>>>>> <Context>
>>>>>>>>>>>>> <Valve
>>>>>>>>>>>>>
>>>>>>>>>>>> className="org.apache.catalina.valves.rewrite.RewriteValve"
>>>>>>>>>>
>>>>>>>>>>> />
>>>>>>>>>>>>
>>>>>>>>>>>>> <!-- Other context configuration -->
>>>>>>>>>>>>> </Context>
>>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>> This file ^^^ is in the wrong place. It should be in
>>>>>>>>>>>> /git/app/apache-tomcat-10.1.11/webapps/towl/META-INF/context.xml
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>> /git/app/apache-tomcat-10.1.11/webapps/towl/WEB-INF/rewrite.config
>>>>>>>>>>>>>
>>>>>>>>>>>>> <RewriteCond %{HTTP_HOST} example.com [NC]
>>>>>>>>>>>>> <RewriteRule ^/(.*)$ https://www.example.com:7777/example
>>>> [R=301,L]
>>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>> Why do you have < symbols at the beginning of these lines?
>>>>>>>>>>>>
>>>>>>>>>>>> server.xml
>>>>>>>>>>>>>
>>>>>>>>>>>>> > [...]
>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>> <Host name="example.com" appBase="webapps"
>>>>>>>>>>>>>
>>>>>>>>>>>> unpackWARs="true"
>>>>>>>>
>>>>>>>>> autoDeploy="true">
>>>>>>>>>>>>> <Context path="" docBase="towl" />
>>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>> It's best not to define any <Context> in server.xml. I would
>>>> remove
>>>>>>>>>>>>
>>>>>>>>>>> this
>>>>>>>>
>>>>>>>>> <Context> entirely and allow Tomcat to auto-reploy from your
>>>>>>>>>>>> webapps/towl directory. If you need this application to be
>>>> deployed
>>>>>>>>>>>> as
>>>>>>>>>>>> the ROOT context (on / and not /towl) then you should re-name
>>>>>>>>>>>> /git/app/apache-tomcat-10.1.11/webapps/towl to
>>>>>>>>>>>> /git/app/apache-tomcat-10.1.11/webapps/ROOT
>>>>>>>>>>>>
>>>>>>>>>>>> You also don't need a <Host> for example.com as well as adding
>>>> an
>>>>>>>>>>>> <Alias> for the same domain (though this is probably to
>>>> anonymize the
>>>>>>>>>>>> configuration). You can feel free to simply use the "localhost"
>>>>>>>>>>>> <Host>
>>>>>>>>>>>> as the default <Host> and deploy everything into it. This makes
>>>> your
>>>>>>>>>>>> configuration changes relative to a stock Tomcat less
>>>> significant and
>>>>>>>>>>>> easier to apply to new versions if/when necessary.
>>>>>>>>>>>>
>>>>>>>>>>>> -chris
>>>>>>>>>>>>
>>>>>>>>>>>> On Thu, Apr 18, 2024 at 2:17 PM Christopher Schultz <
>>>>>>>>>>>>> chris@christopherschultz.net> wrote:
>>>>>>>>>>>>>
>>>>>>>>>>>>> Ammu,
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> On 4/18/24 07:45, lavanya tech wrote:
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> I added classname rewrite valeus in contex.xml file .
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> <!-- REWRITE VALVE -->
>>>>>>>>>>>>>>> <Valve
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>> className="org.apache.catalina.valves.rewrite.RewriteValve"
>>>>>>>>>>>>
>>>>>>>>>>>>> />
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> <!-- // -->
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> created rewrite.config so both of them is located under conf
>>>>>>>>>>>>>>> under
>>>>>>>>>>>>>>> apache-tomcat.
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> <RewriteCond %{HTTP_HOST}
>>>> example.com
>>>>>>>>>>>>>>> [NC]
>>>>>>>>>>>>>>> <RewriteRule ^/(.*)$
>>>>>>>>>>>>>>> https://www.example.com:7777/example [R=301,L]
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> So according to the documentaion they say context.xml should
>>>> be
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>> placed
>>>>>>>>>>
>>>>>>>>>>> under webapps and rewrite.config file should be put in WEB-INF
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>> folder
>>>>>>>>
>>>>>>>>> of
>>>>>>>>>>>>
>>>>>>>>>>>>> apache-tomcat . I placed and restarted tomcat webserver but
>>>> still
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>> it
>>>>>>>>
>>>>>>>>> doesnot redirect.
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> Can you give full paths to both server.xml and rewrite.config,
>>>>>>>>>>>>>>
>>>>>>>>>>>>> re-post
>>>>>>>>
>>>>>>>>> your current server.xml <Context> element, and the complete
>>>> contents
>>>>>>>>>>>>>>
>>>>>>>>>>>>> of
>>>>>>>>>>
>>>>>>>>>>> rewrite.config?
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> Have you looked at the log files after start?
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> -chris
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> On Thu, Apr 18, 2024 at 1:36 PM lavanya tech <
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>> lavanyatech440@gmail.com
>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>>> wrote:
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> Hi Thomas,
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> Thanks for the fast response.
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> I added classname rewrite valeus in contex.xml file .
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> <!-- REWRITE VALVE -->
>>>>>>>>>>>>>>>> <Valve
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> className="org.apache.catalina.valves.rewrite.RewriteValve"
>>>>>>>>>>>>
>>>>>>>>>>>>> />
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> <!-- // -->
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> created rewrite.config so both of them is located under
>>>> conf
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> under
>>>>>>>>
>>>>>>>>> apache-tomcat.
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> So according to the documentaion they say context.xml
>>>> should be
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> placed
>>>>>>>>>>
>>>>>>>>>>> under webapps and rewrite.config file should be put in WEB-INF
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> folder
>>>>>>>>>>
>>>>>>>>>>> of
>>>>>>>>>>>>
>>>>>>>>>>>>> apache-tomcat
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> Thnks,
>>>>>>>>>>>>>>>> Ammu
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> On Thu, Apr 18, 2024 at 1:22 PM Mark Thomas <
>>>> markt@apache.org>
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> wrote:
>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>>>>>> On 18/04/2024 12:05, lavanya tech wrote:
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>> Hi Team,
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>> I am using "Tomcat 10.1" in our environment and I wanted
>>>> to
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> redirect
>>>>>>>>>>
>>>>>>>>>>> url
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> from https://example.com to https://www.servercom:7777 and
>>>> for
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> this i
>>>>>>>>>>>>
>>>>>>>>>>>>> modified the server.xml as below in tomcat config, and the
>>>> below
>>>>>>>>>>>>>>>>>> configuration doesnot seems to work. Does anyone has
>>>> ideas.
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> Please
>>>>>>>>
>>>>>>>>> suggest.
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>> The url alone https://www.servercom:7777/ already works.
>>>> But
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> just
>>>>>>>>
>>>>>>>>> redirection from the old to one doesnot.
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>> <Host name="example.com" appBase="app" unpackWARs="true"
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> autoDeploy="true">
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>> <Context path="" docBase="example" />
>>>>>>>>>>>>>>>>>> <Alias>example.com</Alias>
>>>>>>>>>>>>>>>>>> <!-- Add RewriteValve and RewriteRule here -->
>>>>>>>>>>>>>>>>>> <Valve
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>
>>>> className="org.apache.catalina.valves.rewrite.RewriteValve"/>
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>> <Engine name="Catalina"
>>>> defaultHost="localhost">
>>>>>>>>>>>>>>>>>> <Host name="example.com" appBase="app"
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> unpackWARs="true"
>>>>>>>>>>
>>>>>>>>>>> autoDeploy="true">
>>>>>>>>>>>>>>>>>> <Context path="" docBase="example" />
>>>>>>>>>>>>>>>>>> <Alias>example.com</Alias>
>>>>>>>>>>>>>>>>>> <Valve
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>
>>>> className="org.apache.catalina.valves.rewrite.RewriteValve"/>
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>> <Engine name="Catalina"
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> defaultHost="localhost">
>>>>>>>>
>>>>>>>>> <Host name="example.com" appBase="app"
>>>>>>>>>>>>>>>>>> unpackWARs="true" autoDeploy="true">
>>>>>>>>>>>>>>>>>> <Context path=""
>>>> docBase="example" />
>>>>>>>>>>>>>>>>>> <Alias>example.com</Alias>
>>>>>>>>>>>>>>>>>> <!-- Rewrite rule to redirect
>>>> to
>>>>>>>>>>>>>>>>>> www.servercom:8080/example -->
>>>>>>>>>>>>>>>>>> <RewriteCond %{HTTP_HOST}
>>>>>>>>>>>>>>>>>> example\.com
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> [NC]
>>>>>>>>>>
>>>>>>>>>>> <RewriteRule ^/(.*)$
>>>>>>>>>>>>>>>>>> https://www.servercom:7777/example/$1 [R=301,L]
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> 1. That isn't valid XML.
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> 2. Where in the Tomcat docs does it say you can nest
>>>> re-write
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> rules
>>>>>>>>
>>>>>>>>> in
>>>>>>>>>>>>
>>>>>>>>>>>>> a
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> Host element (or any other element)?
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> </Host>
>>>>>>>>>>>>>>>>>> </Engine>
>>>>>>>>>>>>>>>>>> </Host>
>>>>>>>>>>>>>>>>>> </Engine>
>>>>>>>>>>>>>>>>>> </Host>
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> You need to configure the RewriteValve.
>>>>>>>>>>>>>>>>> https://tomcat.apache.org/tomcat-10.1-doc/rewrite.html
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> Mark
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>
>>>> ------------------------------------------------------------
>>>>>>>>>> ---------
>>>>>>>>>>
>>>>>>>>>>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>>>>>>>>>>>>>>>>> For additional commands, e-mail:
>>>> users-help@tomcat.apache.org
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> ------------------------------------------------------------
>>>>>>>> ---------
>>>>>>>>
>>>>>>>>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>>>>>>>>>>>>>> For additional commands, e-mail: users-help@tomcat.apache.org
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>> ------------------------------------------------------------
>>>>>>>>>>>> ---------
>>>>>>>>>>>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>>>>>>>>>>>> For additional commands, e-mail: users-help@tomcat.apache.org
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>
>>>> ---------------------------------------------------------------------
>>>>>>>>>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>>>>>>>>>> For additional commands, e-mail: users-help@tomcat.apache.org
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>
>>>>>>>>
>>>> ---------------------------------------------------------------------
>>>>>>>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>>>>>>>> For additional commands, e-mail: users-help@tomcat.apache.org
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>> ---------------------------------------------------------------------
>>>>>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>>>>>> For additional commands, e-mail: users-help@tomcat.apache.org
>>>>>>
>>>>>>
>>>>>
>>>>
>>>> ---------------------------------------------------------------------
>>>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>>>> For additional commands, e-mail: users-help@tomcat.apache.org
>>>>
>>>>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Regarding Tomcat url redirection
Posted by Christopher Schultz <ch...@christopherschultz.net>.
Lavanya,
On 5/8/24 06:48, lavanya tech wrote:
> I figured out how I can it make it work with 443. Now the URls are working.
> I added iptables route 443 to 8443 and it started working.
>
> nslookup example.lbg.com
>
> Non-authoritative answer:
> Name: server.lbg.com
> Address: 192.168.200.105
> Aliases: example.lbg.com
>
>
> I have some application towl running with apache tomcat. I have the below
> URLs working.
>
> https://server.lbg.com:8443/towl
> https://server.lbg.com
> https://example.lbg.com
> https://example.lbg.com/towl
>
>
> Now i wanted to disable the url https://example.lbg.com/towl and
> https://server.lbg.com and access only the other remaining two.
Is that a typo? You want specifically https://server.lbg.com/towl and
https://example.lbg.com/ to point to your application?
I would *highly* recommend that you pick either /towl or / and not try
to do both, unless you want to deploy the application twice (which is
fine, just deploy towl.war and ROOT.war as copies of each other). If you
try to re-write /towl to / or / to /towl, you'll find you spend the rest
of your days tracking-down edge-cases and "fixing" them -- likely making
things confusing and, probably, worse.
> In the end our goal to makesure that the links are not always dead as soon
> as the towl is moved to a new machine. Can you pelase assit me how to do
> that?
The goal should be that "moving" the application only means changing DNS
and everything else works as expected.
If you:
1. Deploy the application with a single context (e.g. /towl, which I
recommend)
2. Re-direct / to /towl (this requires a reverse-proxy or a ROOT
application that does nothing but redirect ; my personal preference)
3. Do not define any <Host> other than "localhost" and make it the
default. Do not bother with any <Alias> elements since they are not
necessary.
Moving the application should only require that you:
4. Deploy the same application with the same configuration in the new
location
5. Change DNS to point example.lbg.com and server.lbg.com to the new
location of the service
Hope that helps,
-chris
> On Tue, Apr 30, 2024 at 5:44 PM Christopher Schultz <
> chris@christopherschultz.net> wrote:
>
>> Lavanya,
>>
>> On 4/30/24 07:10, lavanya tech wrote:
>>> Can you tell me how to do the below ? How should I setup Tomcat in
>>> server.xml ?
>>>
>>>
>>> If you want to use port 443 (the default port for HTTPS) then you will
>>> need to change Tomcat to bind to port 443 (if that's allowed on your OS)
>>> or arrange to have port 443 routed to port 8443. You may need additional
>>> configuration in Tomcat (specifically: proxyPort) to avoid having Tomcat
>>> generate URLs with ":8443" in them.
>>>
>>> Looking forward to your reply.
>>
>> If Tomcat is listening on port 8443 then you will need to include that
>> in your URL, period. If you want to allow URLs without a port number,
>> you will have to arrange to have something listening on port 443.
>>
>> On Windows, Tomcat can listen directly on port 443. On UNIX and
>> UNIX-like systems, you won't be able to do this without running Tomcat
>> as root WHICH YOU ABSOLUTELY SHOULD NOT DO.
>>
>> There are other ways to get port 443 working, but I'll need to know more
>> about your environment. The port issue is "easier" than figuring out
>> whatever is going on with your DNS, aliases, etc. so I would recommend
>> we fix one thing at a time.
>>
>> -chris
>>
>>> On Mon, Apr 29, 2024 at 2:03 PM lavanya tech <la...@gmail.com>
>>> wrote:
>>>
>>>> Hi Chris,
>>>>
>>>> There is no issues with browser, because I tested with different
>> browsers
>>>> and it all works fine. I am sure that there is no issue with the
>>>> certificate.
>>>> Because I was able to establish successful connections with port
>> 8443, it
>>>> just doesnot work with out port
>>>>
>>>> curl https://example.lbg.com/towl
>>>> curl: (56) Received HTTP code 504 from proxy after CONNECT
>>>> curl: (56) Received HTTP code 504 from proxy after CONNECT
>>>>
>>>>
>>>> If you want to use port 443 (the default port for HTTPS) then you will
>>>> need to change Tomcat to bind to port 443 (if that's allowed on your OS)
>>>> or arrange to have port 443 routed to port 8443. You may need additional
>>>> configuration in Tomcat (specifically: proxyPort) to avoid having Tomcat
>>>> generate URLs with ":8443" in them.
>>>>
>>>> <Connector port="443" protocol="HTTP/1.1"
>>>> connectionTimeout="20000"
>>>> redirectPort="8443"
>>>> maxThreads="150"
>>>> scheme="https" secure="true" SSLEnabled="true"
>>>> keystoreFile="path_to_your_keystore_file"
>>>> keystorePass="your_keystore_password"
>>>> keystoreType="PKCS12"
>>>> clientAuth="false" sslProtocol="TLS"
>>>> proxyPort="443"/>
>>>>
>>>> should i use connect port like the above ? But you mentioned before we
>>>> dont need any configuration changes. Please clarify I am not able to
>> figure
>>>> this out and I have this issue many days pending. How to make it work
>> with
>>>> port 8443 and with out port
>>>>
>>>> Also I wanted to use weburl with alias name permanently instead of the
>>>> hostname. How can I achieve both
>>>>
>>>> Thanks,
>>>> Lavanya
>>>>
>>>>
>>>> -->
>>>>
>>>>
>>>> On Fri, Apr 26, 2024 at 9:28 PM Christopher Schultz <
>>>> chris@christopherschultz.net> wrote:
>>>>
>>>>> Lavanya,
>>>>>
>>>>> On 4/25/24 07:24, lavanya tech wrote:
>>>>>> Hi Chris,
>>>>>>
>>>>>> One question / doubt:
>>>>>>
>>>>>> As I mentioned earlier, the below URLS already working in the browser
>>>>>>> https://server.lbg.com:8443/towl
>>>>>>> https://example.lbg.com:8443/towl -> redirect ( which means when I
>>>>> hit in
>>>>>> browser) it points to https://server.lbg.com:8443/towl ---> To be
>>>>> frank,
>>>>>> even I donot need redirect here, not sure why it redirects.
>>>>>>
>>>>>> My question is why its working even though SAN is not registered with
>>>>> the
>>>>>> certificate ? It doesnot even throw warning in the browser.
>>>>>
>>>>> I'm not sure. Is it possible you have dismissed this error in the past
>>>>> and the browser is remembering that? Try this with a different web
>>>>> browser or maybe with curl from the command-line to see what happens.
>>>>>
>>>>>> Why https://server.lbg.com/towl or https://example.lbg.com/towl -->
>>>>> How it
>>>>>> should work with New SAN certificate ?
>>>>>
>>>>> You don't need to worry about the port number or application name, only
>>>>> the hostname is a part of the SAN.
>>>>>
>>>>> -chris
>>>>>
>>>>>> On Thu, Apr 25, 2024 at 10:16 AM lavanya tech <
>> lavanyatech440@gmail.com
>>>>>>
>>>>>> wrote:
>>>>>>
>>>>>>> Hi Chris,
>>>>>>>
>>>>>>>
>>>>>>> Thanks I will request new certificate with SANs and I will try to fix
>>>>> the
>>>>>>> things from our end.
>>>>>>>
>>>>>>> Best Regards,
>>>>>>> Lavanya
>>>>>>>
>>>>>>> On Wed, Apr 24, 2024 at 11:12 PM Christopher Schultz <
>>>>>>> chris@christopherschultz.net> wrote:
>>>>>>>
>>>>>>>> Lavanya,
>>>>>>>>
>>>>>>>> On 4/24/24 15:39, lavanya tech wrote:
>>>>>>>>> Local host means the machine i am logged in to server.lbg.com
>>>>>>>>>
>>>>>>>>> You are right, example.lbg.com is CNAME record.
>>>>>>>>
>>>>>>>> Okay, thanks for clearing that up.
>>>>>>>>
>>>>>>>>> I dont have any SAN configured for the certificate. The certificate
>>>>> is
>>>>>>>>> requested for only server.lbg.com
>>>>>>>>
>>>>>>>> You will never be able to make a secure request to anything other
>> than
>>>>>>>> server.lbg.com without seeing an error. I highly recommend adding
>> the
>>>>>>>> other hostname as a SAN to your certificate if you really want to
>>>>>>>> support this.
>>>>>>>>
>>>>>>>> Even if you wanted https://example.lbg.com/whatever to return an
>> HTTP
>>>>>>>> 302 redirect to https://server.lbg.com/whatever, the user would
>> see a
>>>>>>>> certificate hostname mismatch error which is ugly. It's best to make
>>>>> it
>>>>>>>> work without users seeing ugly things.
>>>>>>>>
>>>>>>>>> So if i just request new certificate with SAN it should work ? If
>>>>> yes, I
>>>>>>>>> will request for it and follow your steps as below suggested.
>>>>>>>>
>>>>>>>> Yes, it should.
>>>>>>>>
>>>>>>>>> Should i use CName record or DNS? Does it make difference?
>>>>>>>>
>>>>>>>> CNAME *is* DNS.
>>>>>>>>
>>>>>>>> Whenever possible, use hostnames and not IP addresses as SANs. It's
>>>>> more
>>>>>>>> flexible that way, and users get to see hostnames instead of IP
>>>>> addresses.
>>>>>>>>
>>>>>>>> -chris
>>>>>>>>
>>>>>>>>> On Wednesday, April 24, 2024, Christopher Schultz <
>>>>>>>>> chris@christopherschultz.net> wrote:
>>>>>>>>>
>>>>>>>>>> Lavanya,
>>>>>>>>>>
>>>>>>>>>> On 4/24/24 07:37, lavanya tech wrote:
>>>>>>>>>>
>>>>>>>>>>> Sorry I understood wrongly here with regards to my environment,
>>>>> Let me
>>>>>>>>>>> start from the beginning. I donot want to use redirect at all. I
>>>>>>>> simply
>>>>>>>>>>> wanted to force apache tomcat to use both localhost and dns name
>> of
>>>>>>>> the
>>>>>>>>>>> localhost via url.
>>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> When you say "force" what do you mean?
>>>>>>>>>>
>>>>>>>>>> When you say "use both localhost and DNS name" what do you mean?
>>>>>>>>>>
>>>>>>>>>> When you say "localhost" do you mean 127.0.0.1 or "the machine I'm
>>>>>>>>>> logged-into right now"?
>>>>>>>>>>
>>>>>>>>>> I have DNS resollution as below.
>>>>>>>>>>>
>>>>>>>>>>> server.lbg.com --> localhost
>>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> Is that a CNAME record?
>>>>>>>>>>
>>>>>>>>>> nslookup server.lbg.com (localhost)
>>>>>>>>>>> Name: server.lbg.com
>>>>>>>>>>> Address: 192.168.100.20
>>>>>>>>>>> alias: example.lbg.com
>>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> That's a weird DNS response. The DNS name "localhost" should
>>>>> *always*
>>>>>>>>>> return 127.0.0.1 for IPv4 and ::1 for IPv6. It shouldn't return
>>>>>>>>>> 191.168.100.20.
>>>>>>>>>>
>>>>>>>>>> We have working the below urls working:
>>>>>>>>>>> https://server.lbg.com:8443/towl
>>>>>>>>>>> https://example.lbg.com:8443/towl --> redirects to
>>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> What do you mean "redirect"? Does it return a 30x response that
>>>>> causes
>>>>>>>> the
>>>>>>>>>> browser to make a new request to \/
>>>>>>>>>>
>>>>>>>>>> https://server.lbg.com:8443/towl --> still works --> we have SSL
>>>>>>>>>>> configured for the same but this SSL certificate doesnot have
>>>>>>>> additional
>>>>>>>>>>> DNS setup.
>>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> What SANs are in your certificate? How many certificates do you
>>>>> have?
>>>>>>>>>>
>>>>>>>>>> But I would need to somehow access https://example.lbg.com -->
>>>>> which
>>>>>>>>>>> means
>>>>>>>>>>> I would need to access via 443 here ?
>>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> I'm so confused. What needs to access what?
>>>>>>>>>>
>>>>>>>>>> I tried to adding the below to server.xml as below, but that
>>>>> doesnot
>>>>>>>> seems
>>>>>>>>>>> to work.
>>>>>>>>>>>
>>>>>>>>>>> <Connector port="80"
>>>>>>>>>>> protocol="org.apache.coyote.http11.Http11NioProtocol"
>>>>>>>>>>> connectionTimeout="20000"
>>>>>>>>>>> redirectPort="443" />
>>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> This will only redirect (HTTP 302) requests to
>>>>>>>> http://yourhost/anything
>>>>>>>>>> to https://yourhost/anything *if the application specifically
>>>>> requests
>>>>>>>>>> CONFIDENTIAL transport*. It doesn't just redirect everything by
>>>>>>>> default. If
>>>>>>>>>> you want it to redirect everything, you'll need to set that up
>> e.g.
>>>>>>>> using
>>>>>>>>>> RewriteValve. There are other options, too.
>>>>>>>>>>
>>>>>>>>>> Do i need additional SSL certificate for the
>>>>> https://example.lbg.com
>>>>>>>> to
>>>>>>>>>>> make it work ?
>>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> If you don't want your browser to complain, you will need at least
>>>>> one
>>>>>>>> TLS
>>>>>>>>>> certificate that contains every Subject Alternative Name (SAN) for
>>>>>>>> every
>>>>>>>>>> possible hostname you expect to use with this service. You ca do
>> it
>>>>>>>> with
>>>>>>>>>> multiple certificates as well, but a single cert with multiple
>> SANs
>>>>> is
>>>>>>>> less
>>>>>>>>>> work.
>>>>>>>>>>
>>>>>>>>>> Do i need to set up an additional web server for this like apache
>> or
>>>>>>>> nginx
>>>>>>>>>>> for redirecting requests?
>>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> No.
>>>>>>>>>>
>>>>>>>>>> Please stop saying "redirect" because it sounds like you almost
>>>>> never
>>>>>>>> mean
>>>>>>>>>> "HTTP 30x redirect" and that's confusing everything.
>>>>>>>>>>
>>>>>>>>>> I *think* you only need the following:
>>>>>>>>>>
>>>>>>>>>> 1. A TLS certificate with the following SANs:
>>>>>>>>>>
>>>>>>>>>> * server.lbg.com
>>>>>>>>>> * example.lbg.com
>>>>>>>>>> * localhost (you shouldn't do this)
>>>>>>>>>>
>>>>>>>>>> 2. DNS configured for all hostnames:
>>>>>>>>>>
>>>>>>>>>> * server.lbg.com -> A 192.168.100.20
>>>>>>>>>> * example.lgb.com -> A 192.168.100.20
>>>>>>>>>>
>>>>>>>>>> 3. Tomcat configured with a single <Host> which is the default
>>>>> virtual
>>>>>>>>>> host. Note that this is the *default Tomcat configuration* and
>>>>> doesn't
>>>>>>>> need
>>>>>>>>>> to be changed from the default.
>>>>>>>>>>
>>>>>>>>>> 4. Tomcat configured with your certificate like this:
>>>>>>>>>>
>>>>>>>>>> <Connector ...
>>>>>>>>>> SSLEnabled="true">
>>>>>>>>>> <SSLHostConfig>
>>>>>>>>>> <Certificate
>>>>>>>>>> certificateFile="/path/to/your/cert.crt"
>>>>>>>>>> certificateKeyFile="/path/to/your/key.pem" />
>>>>>>>>>> <!-- You may need certificateKeyPassword in
>> <Certificate>
>>>>> -->
>>>>>>>>>> </SSLHostConfig>
>>>>>>>>>> </Connector>
>>>>>>>>>>
>>>>>>>>>> If your SANs are configured properly, this should allow you to
>>>>> connect
>>>>>>>>>> using any of these URLs:
>>>>>>>>>>
>>>>>>>>>> $ curl https://server.lbg.com/towl/login.jsp
>>>>>>>>>>
>>>>>>>>>> (returns login page)
>>>>>>>>>>
>>>>>>>>>> $ curl https://example.lbg.com/towl/login.jsp
>>>>>>>>>>
>>>>>>>>>> (returns login page)
>>>>>>>>>>
>>>>>>>>>> If your application's web.xml contains something like this:
>>>>>>>>>>
>>>>>>>>>> <security-constraint>
>>>>>>>>>> <web-resource-collection>
>>>>>>>>>> <web-resource-name>theapp</web-resource-name>
>>>>>>>>>> <url-pattern>/*</url-pattern>
>>>>>>>>>> </web-resource-collection>
>>>>>>>>>> <user-data-constraint>
>>>>>>>>>> <transport-guarantee>CONFIDENTIAL</transport-guarantee>
>>>>>>>>>> </user-data-constraint>
>>>>>>>>>> </security-constraint>
>>>>>>>>>>
>>>>>>>>>> ... then these URLs insecure HTTP URLs should redirect your
>> clients:
>>>>>>>>>>
>>>>>>>>>> $ curl http://server.lbg.com/towl/login.jsp
>>>>>>>>>>
>>>>>>>>>> (returns HTTP 302 redirect to
>>>>> https://server.lbg.com/towl/login.jsp
>>>>>>>> )
>>>>>>>>>>
>>>>>>>>>> $ curl https://server.lbg.com/towl/login.jsp
>>>>>>>>>>
>>>>>>>>>> (returns HTTP 302 redirect to
>>>>>>>> https://example.lbg.com/towl/login.jsp)
>>>>>>>>>>
>>>>>>>>>> I don't think you need any use of the RewriteValve unless you want
>>>>> to
>>>>>>>>>> handle sending HTTP 302 redirect responses to insecure requests
>>>>> without
>>>>>>>>>> specifying the CONFIDENTIAL transport-guarantee in your
>>>>> application's
>>>>>>>>>> web.xml file. But I don't see any reason NOT to have that in
>> there.
>>>>>>>>>>
>>>>>>>>>> -chris
>>>>>>>>>>
>>>>>>>>>> On Tue, Apr 23, 2024 at 10:52 PM Christopher Schultz <
>>>>>>>>>>> chris@christopherschultz.net> wrote:
>>>>>>>>>>>
>>>>>>>>>>> Lavanya,
>>>>>>>>>>>>
>>>>>>>>>>>> On 4/22/24 05:21, lavanya tech wrote:
>>>>>>>>>>>>
>>>>>>>>>>>>> Could you please explain, what you exactly mean ? So here
>>>>> redirect
>>>>>>>> is
>>>>>>>>>>>>>
>>>>>>>>>>>> not a
>>>>>>>>>>>>
>>>>>>>>>>>>> solution right ?
>>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>> Redirecting is fine.
>>>>>>>>>>>>
>>>>>>>>>>>> Perhaps you should take a step back and decide: what do you
>>>>> actually
>>>>>>>>>>>> want, here? You might be trying to solve problem X by applying
>>>>>>>> solution
>>>>>>>>>>>> Y, and you've already decided that solution Y is correct so you
>>>>> are
>>>>>>>>>>>> trying to get help with that.
>>>>>>>>>>>>
>>>>>>>>>>>> Perhaps ask for help with Problem X?
>>>>>>>>>>>>
>>>>>>>>>>>> For example, "I don't want users to have to type the name of my
>>>>>>>>>>>> application to reach it so I want example.com/ to go to my
>>>>>>>> application
>>>>>>>>>>>> instead of example.com/myapp/".
>>>>>>>>>>>>
>>>>>>>>>>>> Or, "I have multiple domains and I want all of them to redirect
>> to
>>>>>>>> the
>>>>>>>>>>>> canonical domain example.com and to go to me web application
>>>>> /myapp
>>>>>>>> so
>>>>>>>>>>>> everything goes to example.com/myapp/".
>>>>>>>>>>>>
>>>>>>>>>>>> "You'd have to use a glob/regex if
>>>>>>>>>>>>> you wanted to check for [anything and maybe nothing.]
>> example.com
>>>>> ."
>>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>> There is nothing in your configuration or question that suggests
>>>>> that
>>>>>>>>>>>> the hostname in the request is relevant, but you are making it a
>>>>>>>>>>>> *requirement* that the request contains a specific Host header.
>> IF
>>>>>>>> you
>>>>>>>>>>>> don't actually need that, why do you have it?
>>>>>>>>>>>>
>>>>>>>>>>>> -chris
>>>>>>>>>>>>
>>>>>>>>>>>> On Fri, Apr 19, 2024 at 3:03 PM Christopher Schultz <
>>>>>>>>>>>>> chris@christopherschultz.net> wrote:
>>>>>>>>>>>>>
>>>>>>>>>>>>> Ammu,
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> On 4/19/24 08:32, lavanya tech wrote:
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> Thank you very much. I removed <Host> for example.com as
>> well
>>>>> as
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>> adding
>>>>>>>>>>>>
>>>>>>>>>>>>> an
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> <Alias> in server.xml
>>>>>>>>>>>>>>> I copied context.xml file
>>>>>>>>>>>>>>>
>>>>> /git/app/apache-tomcat-10.1.11/webapps/towl/META-INF/context.xml
>>>>>>>>>>>>>>> Removed < in rewrite.config files.
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> But still I dont redirect the URL.
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> If you have <Context> in server.xml and also your application
>> in
>>>>>>>> the
>>>>>>>>>>>>>> webapps/ directory, then you will be double-deploying your
>>>>>>>> application.
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> Re-name /git/app/apache-tomcat-10.1.11/webapps/towl/ to be
>>>>>>>>>>>>>> /git/app/apache-tomcat-10.1.11/webapps/ROOT (the capitals are
>>>>>>>>>>>>>> important)
>>>>>>>>>>>>>> and remove the <Context> element from your server.xml.
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> Then start your server and read the logs.
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> *nslookup alias.example.com <http://alias.example.com>
>>>>>>>>>>>>>>> gives-->Non-authoritative answer:Name: www.example.com
>>>>>>>>>>>>>>> <http://www.example.com>Address: 192.168.200.10Aliases:
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>> alias.example.com
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> <http://alias.example.com>*
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> Just to give some information here, *www.example.com
>>>>>>>>>>>>>>> <http://www.example.com>* has alias* "alias.example.com
>>>>>>>>>>>>>>> <http://alias.example.com>"*
>>>>>>>>>>>>>>> But https://www.example.com:7777/example --> works fine with
>>>>> out
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>> issues
>>>>>>>>>>>>
>>>>>>>>>>>>> but
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> the alias doesnot works (https://alias.example.com)
>>>>>>>>>>>>>>> So i am not sure if the redirect url helps or if its correct
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> Your rewrite configuration says that you have to be using host
>>>>>>>>>>>>>> "example.com" but your request goes to www.example.com. Your
>>>>>>>>>>>>>> configuration should only redirect a request such as:
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> $ curl -v http://example.com:7777/something
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> HTTP/1.1 301 Moved Permanently
>>>>>>>>>>>>>> ...
>>>>>>>>>>>>>> Location: https://www.example.com:7777/example
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> If you make a request like:
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> $ curl -v http://www.example.com:7777/something
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> I wouldn't expect a redirect because of your "host" condition.
>>>>> The
>>>>>>>>>>>>>> "%{HTTP_HOST} example.com" looks at the entire Host header
>> and
>>>>> not
>>>>>>>>>>>>>> just
>>>>>>>>>>>>>> anything that ends in "example.com". You'd have to use a
>>>>>>>> glob/regex if
>>>>>>>>>>>>>> you wanted to check for [anything and maybe nothing.]
>>>>> example.com.
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> You'd also have to make sure that your application is serving
>>>>>>>> responses
>>>>>>>>>>>>>> to requests to / which is why I'm recommending you use the
>> ROOT
>>>>> web
>>>>>>>>>>>>>> application name instead of "towl".
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> -chris
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> On Fri, Apr 19, 2024 at 1:21 PM Christopher Schultz <
>>>>>>>>>>>>>>> chris@christopherschultz.net> wrote:
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> Ammu,
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> On 4/18/24 09:34, lavanya tech wrote:
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> I am attaching server.xml and context.xml and
>> rewrite.config
>>>>>>>> files.
>>>>>>>>>>>>>>>>> The paths are
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> /git/app/apache-tomcat-10.1.11/webapps/towl/context.xml
>>>>>>>>>>>>>>>>> <Context>
>>>>>>>>>>>>>>>>> <Valve
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> className="org.apache.catalina.valves.rewrite.RewriteValve"
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> />
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> <!-- Other context configuration -->
>>>>>>>>>>>>>>>>> </Context>
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> This file ^^^ is in the wrong place. It should be in
>>>>>>>>>>>>>>>>
>>>>> /git/app/apache-tomcat-10.1.11/webapps/towl/META-INF/context.xml
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>
>>>>>>>> /git/app/apache-tomcat-10.1.11/webapps/towl/WEB-INF/rewrite.config
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> <RewriteCond %{HTTP_HOST} example.com [NC]
>>>>>>>>>>>>>>>>> <RewriteRule ^/(.*)$ https://www.example.com:7777/example
>>>>>>>> [R=301,L]
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> Why do you have < symbols at the beginning of these lines?
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> server.xml
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> > [...]
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> <Host name="example.com" appBase="webapps"
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> unpackWARs="true"
>>>>>>>>>>>>
>>>>>>>>>>>>> autoDeploy="true">
>>>>>>>>>>>>>>>>> <Context path="" docBase="towl" />
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> It's best not to define any <Context> in server.xml. I would
>>>>>>>> remove
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> this
>>>>>>>>>>>>
>>>>>>>>>>>>> <Context> entirely and allow Tomcat to auto-reploy from your
>>>>>>>>>>>>>>>> webapps/towl directory. If you need this application to be
>>>>>>>> deployed
>>>>>>>>>>>>>>>> as
>>>>>>>>>>>>>>>> the ROOT context (on / and not /towl) then you should
>> re-name
>>>>>>>>>>>>>>>> /git/app/apache-tomcat-10.1.11/webapps/towl to
>>>>>>>>>>>>>>>> /git/app/apache-tomcat-10.1.11/webapps/ROOT
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> You also don't need a <Host> for example.com as well as
>>>>> adding
>>>>>>>> an
>>>>>>>>>>>>>>>> <Alias> for the same domain (though this is probably to
>>>>>>>> anonymize the
>>>>>>>>>>>>>>>> configuration). You can feel free to simply use the
>>>>> "localhost"
>>>>>>>>>>>>>>>> <Host>
>>>>>>>>>>>>>>>> as the default <Host> and deploy everything into it. This
>>>>> makes
>>>>>>>> your
>>>>>>>>>>>>>>>> configuration changes relative to a stock Tomcat less
>>>>>>>> significant and
>>>>>>>>>>>>>>>> easier to apply to new versions if/when necessary.
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> -chris
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> On Thu, Apr 18, 2024 at 2:17 PM Christopher Schultz <
>>>>>>>>>>>>>>>>> chris@christopherschultz.net> wrote:
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> Ammu,
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>> On 4/18/24 07:45, lavanya tech wrote:
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>> I added classname rewrite valeus in contex.xml file .
>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>> <!-- REWRITE VALVE -->
>>>>>>>>>>>>>>>>>>> <Valve
>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>
>> className="org.apache.catalina.valves.rewrite.RewriteValve"
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> />
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>> <!-- // -->
>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>> created rewrite.config so both of them is located under
>>>>> conf
>>>>>>>>>>>>>>>>>>> under
>>>>>>>>>>>>>>>>>>> apache-tomcat.
>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>> <RewriteCond %{HTTP_HOST}
>>>>>>>> example.com
>>>>>>>>>>>>>>>>>>> [NC]
>>>>>>>>>>>>>>>>>>> <RewriteRule ^/(.*)$
>>>>>>>>>>>>>>>>>>> https://www.example.com:7777/example [R=301,L]
>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>> So according to the documentaion they say context.xml
>>>>> should
>>>>>>>> be
>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>> placed
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> under webapps and rewrite.config file should be put in
>> WEB-INF
>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>> folder
>>>>>>>>>>>>
>>>>>>>>>>>>> of
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> apache-tomcat . I placed and restarted tomcat webserver but
>>>>>>>> still
>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>> it
>>>>>>>>>>>>
>>>>>>>>>>>>> doesnot redirect.
>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>> Can you give full paths to both server.xml and
>>>>> rewrite.config,
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> re-post
>>>>>>>>>>>>
>>>>>>>>>>>>> your current server.xml <Context> element, and the complete
>>>>> contents
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> of
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> rewrite.config?
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>> Have you looked at the log files after start?
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>> -chris
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>> On Thu, Apr 18, 2024 at 1:36 PM lavanya tech <
>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>> lavanyatech440@gmail.com
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> wrote:
>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>> Hi Thomas,
>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>> Thanks for the fast response.
>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>> I added classname rewrite valeus in contex.xml file .
>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>> <!-- REWRITE VALVE -->
>>>>>>>>>>>>>>>>>>>> <Valve
>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>
>> className="org.apache.catalina.valves.rewrite.RewriteValve"
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> />
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>> <!-- // -->
>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>> created rewrite.config so both of them is located under
>>>>> conf
>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>> under
>>>>>>>>>>>>
>>>>>>>>>>>>> apache-tomcat.
>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>> So according to the documentaion they say context.xml
>>>>> should
>>>>>>>> be
>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>> placed
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> under webapps and rewrite.config file should be put in
>> WEB-INF
>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>> folder
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> of
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> apache-tomcat
>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>> Thnks,
>>>>>>>>>>>>>>>>>>>> Ammu
>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>> On Thu, Apr 18, 2024 at 1:22 PM Mark Thomas <
>>>>>>>> markt@apache.org>
>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>> wrote:
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>> On 18/04/2024 12:05, lavanya tech wrote:
>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>> Hi Team,
>>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>> I am using "Tomcat 10.1" in our environment and I
>>>>> wanted to
>>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>> redirect
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> url
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>> from https://example.com to https://www.servercom:7777
>> and
>>>>>>>> for
>>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>> this i
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> modified the server.xml as below in tomcat config, and the
>>>>> below
>>>>>>>>>>>>>>>>>>>>>> configuration doesnot seems to work. Does anyone has
>>>>> ideas.
>>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>> Please
>>>>>>>>>>>>
>>>>>>>>>>>>> suggest.
>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>> The url alone https://www.servercom:7777/ already
>>>>> works.
>>>>>>>> But
>>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>> just
>>>>>>>>>>>>
>>>>>>>>>>>>> redirection from the old to one doesnot.
>>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>> <Host name="example.com" appBase="app"
>>>>> unpackWARs="true"
>>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>> autoDeploy="true">
>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>> <Context path="" docBase="example" />
>>>>>>>>>>>>>>>>>>>>>> <Alias>example.com</Alias>
>>>>>>>>>>>>>>>>>>>>>> <!-- Add RewriteValve and RewriteRule
>> here
>>>>> -->
>>>>>>>>>>>>>>>>>>>>>> <Valve
>>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>
>>>>>>>> className="org.apache.catalina.valves.rewrite.RewriteValve"/>
>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>> <Engine name="Catalina"
>>>>> defaultHost="localhost">
>>>>>>>>>>>>>>>>>>>>>> <Host name="example.com"
>> appBase="app"
>>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>> unpackWARs="true"
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> autoDeploy="true">
>>>>>>>>>>>>>>>>>>>>>> <Context path=""
>> docBase="example"
>>>>> />
>>>>>>>>>>>>>>>>>>>>>> <Alias>example.com</Alias>
>>>>>>>>>>>>>>>>>>>>>> <Valve
>>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>
>>>>>>>> className="org.apache.catalina.valves.rewrite.RewriteValve"/>
>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>> <Engine name="Catalina"
>>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>> defaultHost="localhost">
>>>>>>>>>>>>
>>>>>>>>>>>>> <Host name="example.com"
>> appBase="app"
>>>>>>>>>>>>>>>>>>>>>> unpackWARs="true" autoDeploy="true">
>>>>>>>>>>>>>>>>>>>>>> <Context path=""
>>>>>>>> docBase="example" />
>>>>>>>>>>>>>>>>>>>>>> <Alias>example.com
>> </Alias>
>>>>>>>>>>>>>>>>>>>>>> <!-- Rewrite rule to
>>>>> redirect to
>>>>>>>>>>>>>>>>>>>>>> www.servercom:8080/example -->
>>>>>>>>>>>>>>>>>>>>>> <RewriteCond %{HTTP_HOST}
>>>>>>>>>>>>>>>>>>>>>> example\.com
>>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>> [NC]
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> <RewriteRule ^/(.*)$
>>>>>>>>>>>>>>>>>>>>>> https://www.servercom:7777/example/$1 [R=301,L]
>>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>> 1. That isn't valid XML.
>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>> 2. Where in the Tomcat docs does it say you can nest
>>>>>>>> re-write
>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>> rules
>>>>>>>>>>>>
>>>>>>>>>>>>> in
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> a
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>> Host element (or any other element)?
>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>> </Host>
>>>>>>>>>>>>>>>>>>>>>> </Engine>
>>>>>>>>>>>>>>>>>>>>>> </Host>
>>>>>>>>>>>>>>>>>>>>>> </Engine>
>>>>>>>>>>>>>>>>>>>>>> </Host>
>>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>> You need to configure the RewriteValve.
>>>>>>>>>>>>>>>>>>>>> https://tomcat.apache.org/tomcat-10.1-doc/rewrite.html
>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>> Mark
>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>
>>>>> ------------------------------------------------------------
>>>>>>>>>>>>>> ---------
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>>>>>>>>>>>>>>>>>>>>> For additional commands, e-mail:
>>>>>>>> users-help@tomcat.apache.org
>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>
>> ------------------------------------------------------------
>>>>>>>>>>>> ---------
>>>>>>>>>>>>
>>>>>>>>>>>>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>>>>>>>>>>>>>>>>>> For additional commands, e-mail:
>>>>> users-help@tomcat.apache.org
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> ------------------------------------------------------------
>>>>>>>>>>>>>>>> ---------
>>>>>>>>>>>>>>>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>>>>>>>>>>>>>>>> For additional commands, e-mail:
>> users-help@tomcat.apache.org
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>
>> ---------------------------------------------------------------------
>>>>>>>>>>>>>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>>>>>>>>>>>>>> For additional commands, e-mail: users-help@tomcat.apache.org
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>> ---------------------------------------------------------------------
>>>>>>>>>>>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>>>>>>>>>>>> For additional commands, e-mail: users-help@tomcat.apache.org
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>
>>>>> ---------------------------------------------------------------------
>>>>>>>>>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>>>>>>>>>> For additional commands, e-mail: users-help@tomcat.apache.org
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>
>>>>>>>>
>>>>>>>>
>> ---------------------------------------------------------------------
>>>>>>>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>>>>>>>> For additional commands, e-mail: users-help@tomcat.apache.org
>>>>>>>>
>>>>>>>>
>>>>>>
>>>>>
>>>>> ---------------------------------------------------------------------
>>>>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>>>>> For additional commands, e-mail: users-help@tomcat.apache.org
>>>>>
>>>>>
>>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>> For additional commands, e-mail: users-help@tomcat.apache.org
>>
>>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Regarding Tomcat url redirection
Posted by lavanya tech <la...@gmail.com>.
Hello Chris,
I figured out how I can it make it work with 443. Now the URls are working.
I added iptables route 443 to 8443 and it started working.
nslookup example.lbg.com
Non-authoritative answer:
Name: server.lbg.com
Address: 192.168.200.105
Aliases: example.lbg.com
I have some application towl running with apache tomcat. I have the below
URLs working.
https://server.lbg.com:8443/towl
https://server.lbg.com
https://example.lbg.com
https://example.lbg.com/towl
Now i wanted to disable the url https://example.lbg.com/towl and
https://server.lbg.com and access only the other remaining two.
In the end our goal to makesure that the links are not always dead as soon
as the towl is moved to a new machine. Can you pelase assit me how to do
that ?
Thanks,
Lavanya
On Tue, Apr 30, 2024 at 5:44 PM Christopher Schultz <
chris@christopherschultz.net> wrote:
> Lavanya,
>
> On 4/30/24 07:10, lavanya tech wrote:
> > Can you tell me how to do the below ? How should I setup Tomcat in
> > server.xml ?
> >
> >
> > If you want to use port 443 (the default port for HTTPS) then you will
> > need to change Tomcat to bind to port 443 (if that's allowed on your OS)
> > or arrange to have port 443 routed to port 8443. You may need additional
> > configuration in Tomcat (specifically: proxyPort) to avoid having Tomcat
> > generate URLs with ":8443" in them.
> >
> > Looking forward to your reply.
>
> If Tomcat is listening on port 8443 then you will need to include that
> in your URL, period. If you want to allow URLs without a port number,
> you will have to arrange to have something listening on port 443.
>
> On Windows, Tomcat can listen directly on port 443. On UNIX and
> UNIX-like systems, you won't be able to do this without running Tomcat
> as root WHICH YOU ABSOLUTELY SHOULD NOT DO.
>
> There are other ways to get port 443 working, but I'll need to know more
> about your environment. The port issue is "easier" than figuring out
> whatever is going on with your DNS, aliases, etc. so I would recommend
> we fix one thing at a time.
>
> -chris
>
> > On Mon, Apr 29, 2024 at 2:03 PM lavanya tech <la...@gmail.com>
> > wrote:
> >
> >> Hi Chris,
> >>
> >> There is no issues with browser, because I tested with different
> browsers
> >> and it all works fine. I am sure that there is no issue with the
> >> certificate.
> >> Because I was able to establish successful connections with port
> 8443, it
> >> just doesnot work with out port
> >>
> >> curl https://example.lbg.com/towl
> >> curl: (56) Received HTTP code 504 from proxy after CONNECT
> >> curl: (56) Received HTTP code 504 from proxy after CONNECT
> >>
> >>
> >> If you want to use port 443 (the default port for HTTPS) then you will
> >> need to change Tomcat to bind to port 443 (if that's allowed on your OS)
> >> or arrange to have port 443 routed to port 8443. You may need additional
> >> configuration in Tomcat (specifically: proxyPort) to avoid having Tomcat
> >> generate URLs with ":8443" in them.
> >>
> >> <Connector port="443" protocol="HTTP/1.1"
> >> connectionTimeout="20000"
> >> redirectPort="8443"
> >> maxThreads="150"
> >> scheme="https" secure="true" SSLEnabled="true"
> >> keystoreFile="path_to_your_keystore_file"
> >> keystorePass="your_keystore_password"
> >> keystoreType="PKCS12"
> >> clientAuth="false" sslProtocol="TLS"
> >> proxyPort="443"/>
> >>
> >> should i use connect port like the above ? But you mentioned before we
> >> dont need any configuration changes. Please clarify I am not able to
> figure
> >> this out and I have this issue many days pending. How to make it work
> with
> >> port 8443 and with out port
> >>
> >> Also I wanted to use weburl with alias name permanently instead of the
> >> hostname. How can I achieve both
> >>
> >> Thanks,
> >> Lavanya
> >>
> >>
> >> -->
> >>
> >>
> >> On Fri, Apr 26, 2024 at 9:28 PM Christopher Schultz <
> >> chris@christopherschultz.net> wrote:
> >>
> >>> Lavanya,
> >>>
> >>> On 4/25/24 07:24, lavanya tech wrote:
> >>>> Hi Chris,
> >>>>
> >>>> One question / doubt:
> >>>>
> >>>> As I mentioned earlier, the below URLS already working in the browser
> >>>>> https://server.lbg.com:8443/towl
> >>>>> https://example.lbg.com:8443/towl -> redirect ( which means when I
> >>> hit in
> >>>> browser) it points to https://server.lbg.com:8443/towl ---> To be
> >>> frank,
> >>>> even I donot need redirect here, not sure why it redirects.
> >>>>
> >>>> My question is why its working even though SAN is not registered with
> >>> the
> >>>> certificate ? It doesnot even throw warning in the browser.
> >>>
> >>> I'm not sure. Is it possible you have dismissed this error in the past
> >>> and the browser is remembering that? Try this with a different web
> >>> browser or maybe with curl from the command-line to see what happens.
> >>>
> >>>> Why https://server.lbg.com/towl or https://example.lbg.com/towl -->
> >>> How it
> >>>> should work with New SAN certificate ?
> >>>
> >>> You don't need to worry about the port number or application name, only
> >>> the hostname is a part of the SAN.
> >>>
> >>> -chris
> >>>
> >>>> On Thu, Apr 25, 2024 at 10:16 AM lavanya tech <
> lavanyatech440@gmail.com
> >>>>
> >>>> wrote:
> >>>>
> >>>>> Hi Chris,
> >>>>>
> >>>>>
> >>>>> Thanks I will request new certificate with SANs and I will try to fix
> >>> the
> >>>>> things from our end.
> >>>>>
> >>>>> Best Regards,
> >>>>> Lavanya
> >>>>>
> >>>>> On Wed, Apr 24, 2024 at 11:12 PM Christopher Schultz <
> >>>>> chris@christopherschultz.net> wrote:
> >>>>>
> >>>>>> Lavanya,
> >>>>>>
> >>>>>> On 4/24/24 15:39, lavanya tech wrote:
> >>>>>>> Local host means the machine i am logged in to server.lbg.com
> >>>>>>>
> >>>>>>> You are right, example.lbg.com is CNAME record.
> >>>>>>
> >>>>>> Okay, thanks for clearing that up.
> >>>>>>
> >>>>>>> I dont have any SAN configured for the certificate. The certificate
> >>> is
> >>>>>>> requested for only server.lbg.com
> >>>>>>
> >>>>>> You will never be able to make a secure request to anything other
> than
> >>>>>> server.lbg.com without seeing an error. I highly recommend adding
> the
> >>>>>> other hostname as a SAN to your certificate if you really want to
> >>>>>> support this.
> >>>>>>
> >>>>>> Even if you wanted https://example.lbg.com/whatever to return an
> HTTP
> >>>>>> 302 redirect to https://server.lbg.com/whatever, the user would
> see a
> >>>>>> certificate hostname mismatch error which is ugly. It's best to make
> >>> it
> >>>>>> work without users seeing ugly things.
> >>>>>>
> >>>>>>> So if i just request new certificate with SAN it should work ? If
> >>> yes, I
> >>>>>>> will request for it and follow your steps as below suggested.
> >>>>>>
> >>>>>> Yes, it should.
> >>>>>>
> >>>>>>> Should i use CName record or DNS? Does it make difference?
> >>>>>>
> >>>>>> CNAME *is* DNS.
> >>>>>>
> >>>>>> Whenever possible, use hostnames and not IP addresses as SANs. It's
> >>> more
> >>>>>> flexible that way, and users get to see hostnames instead of IP
> >>> addresses.
> >>>>>>
> >>>>>> -chris
> >>>>>>
> >>>>>>> On Wednesday, April 24, 2024, Christopher Schultz <
> >>>>>>> chris@christopherschultz.net> wrote:
> >>>>>>>
> >>>>>>>> Lavanya,
> >>>>>>>>
> >>>>>>>> On 4/24/24 07:37, lavanya tech wrote:
> >>>>>>>>
> >>>>>>>>> Sorry I understood wrongly here with regards to my environment,
> >>> Let me
> >>>>>>>>> start from the beginning. I donot want to use redirect at all. I
> >>>>>> simply
> >>>>>>>>> wanted to force apache tomcat to use both localhost and dns name
> of
> >>>>>> the
> >>>>>>>>> localhost via url.
> >>>>>>>>>
> >>>>>>>>
> >>>>>>>> When you say "force" what do you mean?
> >>>>>>>>
> >>>>>>>> When you say "use both localhost and DNS name" what do you mean?
> >>>>>>>>
> >>>>>>>> When you say "localhost" do you mean 127.0.0.1 or "the machine I'm
> >>>>>>>> logged-into right now"?
> >>>>>>>>
> >>>>>>>> I have DNS resollution as below.
> >>>>>>>>>
> >>>>>>>>> server.lbg.com --> localhost
> >>>>>>>>>
> >>>>>>>>
> >>>>>>>> Is that a CNAME record?
> >>>>>>>>
> >>>>>>>> nslookup server.lbg.com (localhost)
> >>>>>>>>> Name: server.lbg.com
> >>>>>>>>> Address: 192.168.100.20
> >>>>>>>>> alias: example.lbg.com
> >>>>>>>>>
> >>>>>>>>
> >>>>>>>> That's a weird DNS response. The DNS name "localhost" should
> >>> *always*
> >>>>>>>> return 127.0.0.1 for IPv4 and ::1 for IPv6. It shouldn't return
> >>>>>>>> 191.168.100.20.
> >>>>>>>>
> >>>>>>>> We have working the below urls working:
> >>>>>>>>> https://server.lbg.com:8443/towl
> >>>>>>>>> https://example.lbg.com:8443/towl --> redirects to
> >>>>>>>>>
> >>>>>>>>
> >>>>>>>> What do you mean "redirect"? Does it return a 30x response that
> >>> causes
> >>>>>> the
> >>>>>>>> browser to make a new request to \/
> >>>>>>>>
> >>>>>>>> https://server.lbg.com:8443/towl --> still works --> we have SSL
> >>>>>>>>> configured for the same but this SSL certificate doesnot have
> >>>>>> additional
> >>>>>>>>> DNS setup.
> >>>>>>>>>
> >>>>>>>>
> >>>>>>>> What SANs are in your certificate? How many certificates do you
> >>> have?
> >>>>>>>>
> >>>>>>>> But I would need to somehow access https://example.lbg.com -->
> >>> which
> >>>>>>>>> means
> >>>>>>>>> I would need to access via 443 here ?
> >>>>>>>>>
> >>>>>>>>
> >>>>>>>> I'm so confused. What needs to access what?
> >>>>>>>>
> >>>>>>>> I tried to adding the below to server.xml as below, but that
> >>> doesnot
> >>>>>> seems
> >>>>>>>>> to work.
> >>>>>>>>>
> >>>>>>>>> <Connector port="80"
> >>>>>>>>> protocol="org.apache.coyote.http11.Http11NioProtocol"
> >>>>>>>>> connectionTimeout="20000"
> >>>>>>>>> redirectPort="443" />
> >>>>>>>>>
> >>>>>>>>
> >>>>>>>> This will only redirect (HTTP 302) requests to
> >>>>>> http://yourhost/anything
> >>>>>>>> to https://yourhost/anything *if the application specifically
> >>> requests
> >>>>>>>> CONFIDENTIAL transport*. It doesn't just redirect everything by
> >>>>>> default. If
> >>>>>>>> you want it to redirect everything, you'll need to set that up
> e.g.
> >>>>>> using
> >>>>>>>> RewriteValve. There are other options, too.
> >>>>>>>>
> >>>>>>>> Do i need additional SSL certificate for the
> >>> https://example.lbg.com
> >>>>>> to
> >>>>>>>>> make it work ?
> >>>>>>>>>
> >>>>>>>>
> >>>>>>>> If you don't want your browser to complain, you will need at least
> >>> one
> >>>>>> TLS
> >>>>>>>> certificate that contains every Subject Alternative Name (SAN) for
> >>>>>> every
> >>>>>>>> possible hostname you expect to use with this service. You ca do
> it
> >>>>>> with
> >>>>>>>> multiple certificates as well, but a single cert with multiple
> SANs
> >>> is
> >>>>>> less
> >>>>>>>> work.
> >>>>>>>>
> >>>>>>>> Do i need to set up an additional web server for this like apache
> or
> >>>>>> nginx
> >>>>>>>>> for redirecting requests?
> >>>>>>>>>
> >>>>>>>>
> >>>>>>>> No.
> >>>>>>>>
> >>>>>>>> Please stop saying "redirect" because it sounds like you almost
> >>> never
> >>>>>> mean
> >>>>>>>> "HTTP 30x redirect" and that's confusing everything.
> >>>>>>>>
> >>>>>>>> I *think* you only need the following:
> >>>>>>>>
> >>>>>>>> 1. A TLS certificate with the following SANs:
> >>>>>>>>
> >>>>>>>> * server.lbg.com
> >>>>>>>> * example.lbg.com
> >>>>>>>> * localhost (you shouldn't do this)
> >>>>>>>>
> >>>>>>>> 2. DNS configured for all hostnames:
> >>>>>>>>
> >>>>>>>> * server.lbg.com -> A 192.168.100.20
> >>>>>>>> * example.lgb.com -> A 192.168.100.20
> >>>>>>>>
> >>>>>>>> 3. Tomcat configured with a single <Host> which is the default
> >>> virtual
> >>>>>>>> host. Note that this is the *default Tomcat configuration* and
> >>> doesn't
> >>>>>> need
> >>>>>>>> to be changed from the default.
> >>>>>>>>
> >>>>>>>> 4. Tomcat configured with your certificate like this:
> >>>>>>>>
> >>>>>>>> <Connector ...
> >>>>>>>> SSLEnabled="true">
> >>>>>>>> <SSLHostConfig>
> >>>>>>>> <Certificate
> >>>>>>>> certificateFile="/path/to/your/cert.crt"
> >>>>>>>> certificateKeyFile="/path/to/your/key.pem" />
> >>>>>>>> <!-- You may need certificateKeyPassword in
> <Certificate>
> >>> -->
> >>>>>>>> </SSLHostConfig>
> >>>>>>>> </Connector>
> >>>>>>>>
> >>>>>>>> If your SANs are configured properly, this should allow you to
> >>> connect
> >>>>>>>> using any of these URLs:
> >>>>>>>>
> >>>>>>>> $ curl https://server.lbg.com/towl/login.jsp
> >>>>>>>>
> >>>>>>>> (returns login page)
> >>>>>>>>
> >>>>>>>> $ curl https://example.lbg.com/towl/login.jsp
> >>>>>>>>
> >>>>>>>> (returns login page)
> >>>>>>>>
> >>>>>>>> If your application's web.xml contains something like this:
> >>>>>>>>
> >>>>>>>> <security-constraint>
> >>>>>>>> <web-resource-collection>
> >>>>>>>> <web-resource-name>theapp</web-resource-name>
> >>>>>>>> <url-pattern>/*</url-pattern>
> >>>>>>>> </web-resource-collection>
> >>>>>>>> <user-data-constraint>
> >>>>>>>> <transport-guarantee>CONFIDENTIAL</transport-guarantee>
> >>>>>>>> </user-data-constraint>
> >>>>>>>> </security-constraint>
> >>>>>>>>
> >>>>>>>> ... then these URLs insecure HTTP URLs should redirect your
> clients:
> >>>>>>>>
> >>>>>>>> $ curl http://server.lbg.com/towl/login.jsp
> >>>>>>>>
> >>>>>>>> (returns HTTP 302 redirect to
> >>> https://server.lbg.com/towl/login.jsp
> >>>>>> )
> >>>>>>>>
> >>>>>>>> $ curl https://server.lbg.com/towl/login.jsp
> >>>>>>>>
> >>>>>>>> (returns HTTP 302 redirect to
> >>>>>> https://example.lbg.com/towl/login.jsp)
> >>>>>>>>
> >>>>>>>> I don't think you need any use of the RewriteValve unless you want
> >>> to
> >>>>>>>> handle sending HTTP 302 redirect responses to insecure requests
> >>> without
> >>>>>>>> specifying the CONFIDENTIAL transport-guarantee in your
> >>> application's
> >>>>>>>> web.xml file. But I don't see any reason NOT to have that in
> there.
> >>>>>>>>
> >>>>>>>> -chris
> >>>>>>>>
> >>>>>>>> On Tue, Apr 23, 2024 at 10:52 PM Christopher Schultz <
> >>>>>>>>> chris@christopherschultz.net> wrote:
> >>>>>>>>>
> >>>>>>>>> Lavanya,
> >>>>>>>>>>
> >>>>>>>>>> On 4/22/24 05:21, lavanya tech wrote:
> >>>>>>>>>>
> >>>>>>>>>>> Could you please explain, what you exactly mean ? So here
> >>> redirect
> >>>>>> is
> >>>>>>>>>>>
> >>>>>>>>>> not a
> >>>>>>>>>>
> >>>>>>>>>>> solution right ?
> >>>>>>>>>>>
> >>>>>>>>>>
> >>>>>>>>>> Redirecting is fine.
> >>>>>>>>>>
> >>>>>>>>>> Perhaps you should take a step back and decide: what do you
> >>> actually
> >>>>>>>>>> want, here? You might be trying to solve problem X by applying
> >>>>>> solution
> >>>>>>>>>> Y, and you've already decided that solution Y is correct so you
> >>> are
> >>>>>>>>>> trying to get help with that.
> >>>>>>>>>>
> >>>>>>>>>> Perhaps ask for help with Problem X?
> >>>>>>>>>>
> >>>>>>>>>> For example, "I don't want users to have to type the name of my
> >>>>>>>>>> application to reach it so I want example.com/ to go to my
> >>>>>> application
> >>>>>>>>>> instead of example.com/myapp/".
> >>>>>>>>>>
> >>>>>>>>>> Or, "I have multiple domains and I want all of them to redirect
> to
> >>>>>> the
> >>>>>>>>>> canonical domain example.com and to go to me web application
> >>> /myapp
> >>>>>> so
> >>>>>>>>>> everything goes to example.com/myapp/".
> >>>>>>>>>>
> >>>>>>>>>> "You'd have to use a glob/regex if
> >>>>>>>>>>> you wanted to check for [anything and maybe nothing.]
> example.com
> >>> ."
> >>>>>>>>>>>
> >>>>>>>>>>
> >>>>>>>>>> There is nothing in your configuration or question that suggests
> >>> that
> >>>>>>>>>> the hostname in the request is relevant, but you are making it a
> >>>>>>>>>> *requirement* that the request contains a specific Host header.
> IF
> >>>>>> you
> >>>>>>>>>> don't actually need that, why do you have it?
> >>>>>>>>>>
> >>>>>>>>>> -chris
> >>>>>>>>>>
> >>>>>>>>>> On Fri, Apr 19, 2024 at 3:03 PM Christopher Schultz <
> >>>>>>>>>>> chris@christopherschultz.net> wrote:
> >>>>>>>>>>>
> >>>>>>>>>>> Ammu,
> >>>>>>>>>>>>
> >>>>>>>>>>>> On 4/19/24 08:32, lavanya tech wrote:
> >>>>>>>>>>>>
> >>>>>>>>>>>>> Thank you very much. I removed <Host> for example.com as
> well
> >>> as
> >>>>>>>>>>>>>
> >>>>>>>>>>>> adding
> >>>>>>>>>>
> >>>>>>>>>>> an
> >>>>>>>>>>>>
> >>>>>>>>>>>>> <Alias> in server.xml
> >>>>>>>>>>>>> I copied context.xml file
> >>>>>>>>>>>>>
> >>> /git/app/apache-tomcat-10.1.11/webapps/towl/META-INF/context.xml
> >>>>>>>>>>>>> Removed < in rewrite.config files.
> >>>>>>>>>>>>>
> >>>>>>>>>>>>> But still I dont redirect the URL.
> >>>>>>>>>>>>>
> >>>>>>>>>>>>
> >>>>>>>>>>>> If you have <Context> in server.xml and also your application
> in
> >>>>>> the
> >>>>>>>>>>>> webapps/ directory, then you will be double-deploying your
> >>>>>> application.
> >>>>>>>>>>>>
> >>>>>>>>>>>> Re-name /git/app/apache-tomcat-10.1.11/webapps/towl/ to be
> >>>>>>>>>>>> /git/app/apache-tomcat-10.1.11/webapps/ROOT (the capitals are
> >>>>>>>>>>>> important)
> >>>>>>>>>>>> and remove the <Context> element from your server.xml.
> >>>>>>>>>>>>
> >>>>>>>>>>>> Then start your server and read the logs.
> >>>>>>>>>>>>
> >>>>>>>>>>>> *nslookup alias.example.com <http://alias.example.com>
> >>>>>>>>>>>>> gives-->Non-authoritative answer:Name: www.example.com
> >>>>>>>>>>>>> <http://www.example.com>Address: 192.168.200.10Aliases:
> >>>>>>>>>>>>>
> >>>>>>>>>>>> alias.example.com
> >>>>>>>>>>>>
> >>>>>>>>>>>>> <http://alias.example.com>*
> >>>>>>>>>>>>>
> >>>>>>>>>>>>>
> >>>>>>>>>>>>> Just to give some information here, *www.example.com
> >>>>>>>>>>>>> <http://www.example.com>* has alias* "alias.example.com
> >>>>>>>>>>>>> <http://alias.example.com>"*
> >>>>>>>>>>>>> But https://www.example.com:7777/example --> works fine with
> >>> out
> >>>>>>>>>>>>>
> >>>>>>>>>>>> issues
> >>>>>>>>>>
> >>>>>>>>>>> but
> >>>>>>>>>>>>
> >>>>>>>>>>>>> the alias doesnot works (https://alias.example.com)
> >>>>>>>>>>>>> So i am not sure if the redirect url helps or if its correct
> >>>>>>>>>>>>>
> >>>>>>>>>>>>
> >>>>>>>>>>>> Your rewrite configuration says that you have to be using host
> >>>>>>>>>>>> "example.com" but your request goes to www.example.com. Your
> >>>>>>>>>>>> configuration should only redirect a request such as:
> >>>>>>>>>>>>
> >>>>>>>>>>>> $ curl -v http://example.com:7777/something
> >>>>>>>>>>>>
> >>>>>>>>>>>> HTTP/1.1 301 Moved Permanently
> >>>>>>>>>>>> ...
> >>>>>>>>>>>> Location: https://www.example.com:7777/example
> >>>>>>>>>>>>
> >>>>>>>>>>>> If you make a request like:
> >>>>>>>>>>>>
> >>>>>>>>>>>> $ curl -v http://www.example.com:7777/something
> >>>>>>>>>>>>
> >>>>>>>>>>>> I wouldn't expect a redirect because of your "host" condition.
> >>> The
> >>>>>>>>>>>> "%{HTTP_HOST} example.com" looks at the entire Host header
> and
> >>> not
> >>>>>>>>>>>> just
> >>>>>>>>>>>> anything that ends in "example.com". You'd have to use a
> >>>>>> glob/regex if
> >>>>>>>>>>>> you wanted to check for [anything and maybe nothing.]
> >>> example.com.
> >>>>>>>>>>>>
> >>>>>>>>>>>> You'd also have to make sure that your application is serving
> >>>>>> responses
> >>>>>>>>>>>> to requests to / which is why I'm recommending you use the
> ROOT
> >>> web
> >>>>>>>>>>>> application name instead of "towl".
> >>>>>>>>>>>>
> >>>>>>>>>>>> -chris
> >>>>>>>>>>>>
> >>>>>>>>>>>> On Fri, Apr 19, 2024 at 1:21 PM Christopher Schultz <
> >>>>>>>>>>>>> chris@christopherschultz.net> wrote:
> >>>>>>>>>>>>>
> >>>>>>>>>>>>> Ammu,
> >>>>>>>>>>>>>>
> >>>>>>>>>>>>>> On 4/18/24 09:34, lavanya tech wrote:
> >>>>>>>>>>>>>>
> >>>>>>>>>>>>>>> I am attaching server.xml and context.xml and
> rewrite.config
> >>>>>> files.
> >>>>>>>>>>>>>>> The paths are
> >>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>> /git/app/apache-tomcat-10.1.11/webapps/towl/context.xml
> >>>>>>>>>>>>>>> <Context>
> >>>>>>>>>>>>>>> <Valve
> >>>>>>>>>>>>>>>
> >>>>>>>>>>>>>> className="org.apache.catalina.valves.rewrite.RewriteValve"
> >>>>>>>>>>>>
> >>>>>>>>>>>>> />
> >>>>>>>>>>>>>>
> >>>>>>>>>>>>>>> <!-- Other context configuration -->
> >>>>>>>>>>>>>>> </Context>
> >>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>
> >>>>>>>>>>>>>> This file ^^^ is in the wrong place. It should be in
> >>>>>>>>>>>>>>
> >>> /git/app/apache-tomcat-10.1.11/webapps/towl/META-INF/context.xml
> >>>>>>>>>>>>>>
> >>>>>>>>>>>>>>
> >>>>>> /git/app/apache-tomcat-10.1.11/webapps/towl/WEB-INF/rewrite.config
> >>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>> <RewriteCond %{HTTP_HOST} example.com [NC]
> >>>>>>>>>>>>>>> <RewriteRule ^/(.*)$ https://www.example.com:7777/example
> >>>>>> [R=301,L]
> >>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>
> >>>>>>>>>>>>>> Why do you have < symbols at the beginning of these lines?
> >>>>>>>>>>>>>>
> >>>>>>>>>>>>>> server.xml
> >>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>> > [...]
> >>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>> <Host name="example.com" appBase="webapps"
> >>>>>>>>>>>>>>>
> >>>>>>>>>>>>>> unpackWARs="true"
> >>>>>>>>>>
> >>>>>>>>>>> autoDeploy="true">
> >>>>>>>>>>>>>>> <Context path="" docBase="towl" />
> >>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>
> >>>>>>>>>>>>>> It's best not to define any <Context> in server.xml. I would
> >>>>>> remove
> >>>>>>>>>>>>>>
> >>>>>>>>>>>>> this
> >>>>>>>>>>
> >>>>>>>>>>> <Context> entirely and allow Tomcat to auto-reploy from your
> >>>>>>>>>>>>>> webapps/towl directory. If you need this application to be
> >>>>>> deployed
> >>>>>>>>>>>>>> as
> >>>>>>>>>>>>>> the ROOT context (on / and not /towl) then you should
> re-name
> >>>>>>>>>>>>>> /git/app/apache-tomcat-10.1.11/webapps/towl to
> >>>>>>>>>>>>>> /git/app/apache-tomcat-10.1.11/webapps/ROOT
> >>>>>>>>>>>>>>
> >>>>>>>>>>>>>> You also don't need a <Host> for example.com as well as
> >>> adding
> >>>>>> an
> >>>>>>>>>>>>>> <Alias> for the same domain (though this is probably to
> >>>>>> anonymize the
> >>>>>>>>>>>>>> configuration). You can feel free to simply use the
> >>> "localhost"
> >>>>>>>>>>>>>> <Host>
> >>>>>>>>>>>>>> as the default <Host> and deploy everything into it. This
> >>> makes
> >>>>>> your
> >>>>>>>>>>>>>> configuration changes relative to a stock Tomcat less
> >>>>>> significant and
> >>>>>>>>>>>>>> easier to apply to new versions if/when necessary.
> >>>>>>>>>>>>>>
> >>>>>>>>>>>>>> -chris
> >>>>>>>>>>>>>>
> >>>>>>>>>>>>>> On Thu, Apr 18, 2024 at 2:17 PM Christopher Schultz <
> >>>>>>>>>>>>>>> chris@christopherschultz.net> wrote:
> >>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>> Ammu,
> >>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>> On 4/18/24 07:45, lavanya tech wrote:
> >>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>> I added classname rewrite valeus in contex.xml file .
> >>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>> <!-- REWRITE VALVE -->
> >>>>>>>>>>>>>>>>> <Valve
> >>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>
> className="org.apache.catalina.valves.rewrite.RewriteValve"
> >>>>>>>>>>>>>>
> >>>>>>>>>>>>>>> />
> >>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>> <!-- // -->
> >>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>> created rewrite.config so both of them is located under
> >>> conf
> >>>>>>>>>>>>>>>>> under
> >>>>>>>>>>>>>>>>> apache-tomcat.
> >>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>> <RewriteCond %{HTTP_HOST}
> >>>>>> example.com
> >>>>>>>>>>>>>>>>> [NC]
> >>>>>>>>>>>>>>>>> <RewriteRule ^/(.*)$
> >>>>>>>>>>>>>>>>> https://www.example.com:7777/example [R=301,L]
> >>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>> So according to the documentaion they say context.xml
> >>> should
> >>>>>> be
> >>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>> placed
> >>>>>>>>>>>>
> >>>>>>>>>>>>> under webapps and rewrite.config file should be put in
> WEB-INF
> >>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>> folder
> >>>>>>>>>>
> >>>>>>>>>>> of
> >>>>>>>>>>>>>>
> >>>>>>>>>>>>>>> apache-tomcat . I placed and restarted tomcat webserver but
> >>>>>> still
> >>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>> it
> >>>>>>>>>>
> >>>>>>>>>>> doesnot redirect.
> >>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>> Can you give full paths to both server.xml and
> >>> rewrite.config,
> >>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>> re-post
> >>>>>>>>>>
> >>>>>>>>>>> your current server.xml <Context> element, and the complete
> >>> contents
> >>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>> of
> >>>>>>>>>>>>
> >>>>>>>>>>>>> rewrite.config?
> >>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>> Have you looked at the log files after start?
> >>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>> -chris
> >>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>> On Thu, Apr 18, 2024 at 1:36 PM lavanya tech <
> >>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>> lavanyatech440@gmail.com
> >>>>>>>>>>>>
> >>>>>>>>>>>>>
> >>>>>>>>>>>>>>> wrote:
> >>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>> Hi Thomas,
> >>>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>> Thanks for the fast response.
> >>>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>> I added classname rewrite valeus in contex.xml file .
> >>>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>> <!-- REWRITE VALVE -->
> >>>>>>>>>>>>>>>>>> <Valve
> >>>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>
> className="org.apache.catalina.valves.rewrite.RewriteValve"
> >>>>>>>>>>>>>>
> >>>>>>>>>>>>>>> />
> >>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>> <!-- // -->
> >>>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>> created rewrite.config so both of them is located under
> >>> conf
> >>>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>> under
> >>>>>>>>>>
> >>>>>>>>>>> apache-tomcat.
> >>>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>> So according to the documentaion they say context.xml
> >>> should
> >>>>>> be
> >>>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>> placed
> >>>>>>>>>>>>
> >>>>>>>>>>>>> under webapps and rewrite.config file should be put in
> WEB-INF
> >>>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>> folder
> >>>>>>>>>>>>
> >>>>>>>>>>>>> of
> >>>>>>>>>>>>>>
> >>>>>>>>>>>>>>> apache-tomcat
> >>>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>> Thnks,
> >>>>>>>>>>>>>>>>>> Ammu
> >>>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>> On Thu, Apr 18, 2024 at 1:22 PM Mark Thomas <
> >>>>>> markt@apache.org>
> >>>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>> wrote:
> >>>>>>>>>>>>
> >>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>> On 18/04/2024 12:05, lavanya tech wrote:
> >>>>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>>>> Hi Team,
> >>>>>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>>>> I am using "Tomcat 10.1" in our environment and I
> >>> wanted to
> >>>>>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>>> redirect
> >>>>>>>>>>>>
> >>>>>>>>>>>>> url
> >>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>> from https://example.com to https://www.servercom:7777
> and
> >>>>>> for
> >>>>>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>>> this i
> >>>>>>>>>>>>>>
> >>>>>>>>>>>>>>> modified the server.xml as below in tomcat config, and the
> >>> below
> >>>>>>>>>>>>>>>>>>>> configuration doesnot seems to work. Does anyone has
> >>> ideas.
> >>>>>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>>> Please
> >>>>>>>>>>
> >>>>>>>>>>> suggest.
> >>>>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>>>> The url alone https://www.servercom:7777/ already
> >>> works.
> >>>>>> But
> >>>>>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>>> just
> >>>>>>>>>>
> >>>>>>>>>>> redirection from the old to one doesnot.
> >>>>>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>>>> <Host name="example.com" appBase="app"
> >>> unpackWARs="true"
> >>>>>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>>> autoDeploy="true">
> >>>>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>>>> <Context path="" docBase="example" />
> >>>>>>>>>>>>>>>>>>>> <Alias>example.com</Alias>
> >>>>>>>>>>>>>>>>>>>> <!-- Add RewriteValve and RewriteRule
> here
> >>> -->
> >>>>>>>>>>>>>>>>>>>> <Valve
> >>>>>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>>>
> >>>>>> className="org.apache.catalina.valves.rewrite.RewriteValve"/>
> >>>>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>>>> <Engine name="Catalina"
> >>> defaultHost="localhost">
> >>>>>>>>>>>>>>>>>>>> <Host name="example.com"
> appBase="app"
> >>>>>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>>> unpackWARs="true"
> >>>>>>>>>>>>
> >>>>>>>>>>>>> autoDeploy="true">
> >>>>>>>>>>>>>>>>>>>> <Context path=""
> docBase="example"
> >>> />
> >>>>>>>>>>>>>>>>>>>> <Alias>example.com</Alias>
> >>>>>>>>>>>>>>>>>>>> <Valve
> >>>>>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>>>
> >>>>>> className="org.apache.catalina.valves.rewrite.RewriteValve"/>
> >>>>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>>>> <Engine name="Catalina"
> >>>>>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>>> defaultHost="localhost">
> >>>>>>>>>>
> >>>>>>>>>>> <Host name="example.com"
> appBase="app"
> >>>>>>>>>>>>>>>>>>>> unpackWARs="true" autoDeploy="true">
> >>>>>>>>>>>>>>>>>>>> <Context path=""
> >>>>>> docBase="example" />
> >>>>>>>>>>>>>>>>>>>> <Alias>example.com
> </Alias>
> >>>>>>>>>>>>>>>>>>>> <!-- Rewrite rule to
> >>> redirect to
> >>>>>>>>>>>>>>>>>>>> www.servercom:8080/example -->
> >>>>>>>>>>>>>>>>>>>> <RewriteCond %{HTTP_HOST}
> >>>>>>>>>>>>>>>>>>>> example\.com
> >>>>>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>>> [NC]
> >>>>>>>>>>>>
> >>>>>>>>>>>>> <RewriteRule ^/(.*)$
> >>>>>>>>>>>>>>>>>>>> https://www.servercom:7777/example/$1 [R=301,L]
> >>>>>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>>> 1. That isn't valid XML.
> >>>>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>>> 2. Where in the Tomcat docs does it say you can nest
> >>>>>> re-write
> >>>>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>> rules
> >>>>>>>>>>
> >>>>>>>>>>> in
> >>>>>>>>>>>>>>
> >>>>>>>>>>>>>>> a
> >>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>> Host element (or any other element)?
> >>>>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>>> </Host>
> >>>>>>>>>>>>>>>>>>>> </Engine>
> >>>>>>>>>>>>>>>>>>>> </Host>
> >>>>>>>>>>>>>>>>>>>> </Engine>
> >>>>>>>>>>>>>>>>>>>> </Host>
> >>>>>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>>> You need to configure the RewriteValve.
> >>>>>>>>>>>>>>>>>>> https://tomcat.apache.org/tomcat-10.1-doc/rewrite.html
> >>>>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>>> Mark
> >>>>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>>>
> >>> ------------------------------------------------------------
> >>>>>>>>>>>> ---------
> >>>>>>>>>>>>
> >>>>>>>>>>>>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> >>>>>>>>>>>>>>>>>>> For additional commands, e-mail:
> >>>>>> users-help@tomcat.apache.org
> >>>>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>
> ------------------------------------------------------------
> >>>>>>>>>> ---------
> >>>>>>>>>>
> >>>>>>>>>>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> >>>>>>>>>>>>>>>> For additional commands, e-mail:
> >>> users-help@tomcat.apache.org
> >>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>
> >>>>>>>>>>>>>> ------------------------------------------------------------
> >>>>>>>>>>>>>> ---------
> >>>>>>>>>>>>>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> >>>>>>>>>>>>>> For additional commands, e-mail:
> users-help@tomcat.apache.org
> >>>>>>>>>>>>>>
> >>>>>>>>>>>>>>
> >>>>>>>>>>>>>>
> >>>>>>>>>>>>>
> >>>>>>>>>>>>
> >>>>>>
> ---------------------------------------------------------------------
> >>>>>>>>>>>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> >>>>>>>>>>>> For additional commands, e-mail: users-help@tomcat.apache.org
> >>>>>>>>>>>>
> >>>>>>>>>>>>
> >>>>>>>>>>>>
> >>>>>>>>>>>
> >>>>>>>>>>
> >>> ---------------------------------------------------------------------
> >>>>>>>>>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> >>>>>>>>>> For additional commands, e-mail: users-help@tomcat.apache.org
> >>>>>>>>>>
> >>>>>>>>>>
> >>>>>>>>>>
> >>>>>>>>>
> >>>>>>>>
> >>> ---------------------------------------------------------------------
> >>>>>>>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> >>>>>>>> For additional commands, e-mail: users-help@tomcat.apache.org
> >>>>>>>>
> >>>>>>>>
> >>>>>>>
> >>>>>>
> >>>>>>
> ---------------------------------------------------------------------
> >>>>>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> >>>>>> For additional commands, e-mail: users-help@tomcat.apache.org
> >>>>>>
> >>>>>>
> >>>>
> >>>
> >>> ---------------------------------------------------------------------
> >>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> >>> For additional commands, e-mail: users-help@tomcat.apache.org
> >>>
> >>>
> >
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>
Re: Regarding Tomcat url redirection
Posted by Christopher Schultz <ch...@christopherschultz.net>.
Lavanya,
On 4/30/24 07:10, lavanya tech wrote:
> Can you tell me how to do the below ? How should I setup Tomcat in
> server.xml ?
>
>
> If you want to use port 443 (the default port for HTTPS) then you will
> need to change Tomcat to bind to port 443 (if that's allowed on your OS)
> or arrange to have port 443 routed to port 8443. You may need additional
> configuration in Tomcat (specifically: proxyPort) to avoid having Tomcat
> generate URLs with ":8443" in them.
>
> Looking forward to your reply.
If Tomcat is listening on port 8443 then you will need to include that
in your URL, period. If you want to allow URLs without a port number,
you will have to arrange to have something listening on port 443.
On Windows, Tomcat can listen directly on port 443. On UNIX and
UNIX-like systems, you won't be able to do this without running Tomcat
as root WHICH YOU ABSOLUTELY SHOULD NOT DO.
There are other ways to get port 443 working, but I'll need to know more
about your environment. The port issue is "easier" than figuring out
whatever is going on with your DNS, aliases, etc. so I would recommend
we fix one thing at a time.
-chris
> On Mon, Apr 29, 2024 at 2:03 PM lavanya tech <la...@gmail.com>
> wrote:
>
>> Hi Chris,
>>
>> There is no issues with browser, because I tested with different browsers
>> and it all works fine. I am sure that there is no issue with the
>> certificate.
>> Because I was able to establish successful connections with port 8443, it
>> just doesnot work with out port
>>
>> curl https://example.lbg.com/towl
>> curl: (56) Received HTTP code 504 from proxy after CONNECT
>> curl: (56) Received HTTP code 504 from proxy after CONNECT
>>
>>
>> If you want to use port 443 (the default port for HTTPS) then you will
>> need to change Tomcat to bind to port 443 (if that's allowed on your OS)
>> or arrange to have port 443 routed to port 8443. You may need additional
>> configuration in Tomcat (specifically: proxyPort) to avoid having Tomcat
>> generate URLs with ":8443" in them.
>>
>> <Connector port="443" protocol="HTTP/1.1"
>> connectionTimeout="20000"
>> redirectPort="8443"
>> maxThreads="150"
>> scheme="https" secure="true" SSLEnabled="true"
>> keystoreFile="path_to_your_keystore_file"
>> keystorePass="your_keystore_password"
>> keystoreType="PKCS12"
>> clientAuth="false" sslProtocol="TLS"
>> proxyPort="443"/>
>>
>> should i use connect port like the above ? But you mentioned before we
>> dont need any configuration changes. Please clarify I am not able to figure
>> this out and I have this issue many days pending. How to make it work with
>> port 8443 and with out port
>>
>> Also I wanted to use weburl with alias name permanently instead of the
>> hostname. How can I achieve both
>>
>> Thanks,
>> Lavanya
>>
>>
>> -->
>>
>>
>> On Fri, Apr 26, 2024 at 9:28 PM Christopher Schultz <
>> chris@christopherschultz.net> wrote:
>>
>>> Lavanya,
>>>
>>> On 4/25/24 07:24, lavanya tech wrote:
>>>> Hi Chris,
>>>>
>>>> One question / doubt:
>>>>
>>>> As I mentioned earlier, the below URLS already working in the browser
>>>>> https://server.lbg.com:8443/towl
>>>>> https://example.lbg.com:8443/towl -> redirect ( which means when I
>>> hit in
>>>> browser) it points to https://server.lbg.com:8443/towl ---> To be
>>> frank,
>>>> even I donot need redirect here, not sure why it redirects.
>>>>
>>>> My question is why its working even though SAN is not registered with
>>> the
>>>> certificate ? It doesnot even throw warning in the browser.
>>>
>>> I'm not sure. Is it possible you have dismissed this error in the past
>>> and the browser is remembering that? Try this with a different web
>>> browser or maybe with curl from the command-line to see what happens.
>>>
>>>> Why https://server.lbg.com/towl or https://example.lbg.com/towl -->
>>> How it
>>>> should work with New SAN certificate ?
>>>
>>> You don't need to worry about the port number or application name, only
>>> the hostname is a part of the SAN.
>>>
>>> -chris
>>>
>>>> On Thu, Apr 25, 2024 at 10:16 AM lavanya tech <lavanyatech440@gmail.com
>>>>
>>>> wrote:
>>>>
>>>>> Hi Chris,
>>>>>
>>>>>
>>>>> Thanks I will request new certificate with SANs and I will try to fix
>>> the
>>>>> things from our end.
>>>>>
>>>>> Best Regards,
>>>>> Lavanya
>>>>>
>>>>> On Wed, Apr 24, 2024 at 11:12 PM Christopher Schultz <
>>>>> chris@christopherschultz.net> wrote:
>>>>>
>>>>>> Lavanya,
>>>>>>
>>>>>> On 4/24/24 15:39, lavanya tech wrote:
>>>>>>> Local host means the machine i am logged in to server.lbg.com
>>>>>>>
>>>>>>> You are right, example.lbg.com is CNAME record.
>>>>>>
>>>>>> Okay, thanks for clearing that up.
>>>>>>
>>>>>>> I dont have any SAN configured for the certificate. The certificate
>>> is
>>>>>>> requested for only server.lbg.com
>>>>>>
>>>>>> You will never be able to make a secure request to anything other than
>>>>>> server.lbg.com without seeing an error. I highly recommend adding the
>>>>>> other hostname as a SAN to your certificate if you really want to
>>>>>> support this.
>>>>>>
>>>>>> Even if you wanted https://example.lbg.com/whatever to return an HTTP
>>>>>> 302 redirect to https://server.lbg.com/whatever, the user would see a
>>>>>> certificate hostname mismatch error which is ugly. It's best to make
>>> it
>>>>>> work without users seeing ugly things.
>>>>>>
>>>>>>> So if i just request new certificate with SAN it should work ? If
>>> yes, I
>>>>>>> will request for it and follow your steps as below suggested.
>>>>>>
>>>>>> Yes, it should.
>>>>>>
>>>>>>> Should i use CName record or DNS? Does it make difference?
>>>>>>
>>>>>> CNAME *is* DNS.
>>>>>>
>>>>>> Whenever possible, use hostnames and not IP addresses as SANs. It's
>>> more
>>>>>> flexible that way, and users get to see hostnames instead of IP
>>> addresses.
>>>>>>
>>>>>> -chris
>>>>>>
>>>>>>> On Wednesday, April 24, 2024, Christopher Schultz <
>>>>>>> chris@christopherschultz.net> wrote:
>>>>>>>
>>>>>>>> Lavanya,
>>>>>>>>
>>>>>>>> On 4/24/24 07:37, lavanya tech wrote:
>>>>>>>>
>>>>>>>>> Sorry I understood wrongly here with regards to my environment,
>>> Let me
>>>>>>>>> start from the beginning. I donot want to use redirect at all. I
>>>>>> simply
>>>>>>>>> wanted to force apache tomcat to use both localhost and dns name of
>>>>>> the
>>>>>>>>> localhost via url.
>>>>>>>>>
>>>>>>>>
>>>>>>>> When you say "force" what do you mean?
>>>>>>>>
>>>>>>>> When you say "use both localhost and DNS name" what do you mean?
>>>>>>>>
>>>>>>>> When you say "localhost" do you mean 127.0.0.1 or "the machine I'm
>>>>>>>> logged-into right now"?
>>>>>>>>
>>>>>>>> I have DNS resollution as below.
>>>>>>>>>
>>>>>>>>> server.lbg.com --> localhost
>>>>>>>>>
>>>>>>>>
>>>>>>>> Is that a CNAME record?
>>>>>>>>
>>>>>>>> nslookup server.lbg.com (localhost)
>>>>>>>>> Name: server.lbg.com
>>>>>>>>> Address: 192.168.100.20
>>>>>>>>> alias: example.lbg.com
>>>>>>>>>
>>>>>>>>
>>>>>>>> That's a weird DNS response. The DNS name "localhost" should
>>> *always*
>>>>>>>> return 127.0.0.1 for IPv4 and ::1 for IPv6. It shouldn't return
>>>>>>>> 191.168.100.20.
>>>>>>>>
>>>>>>>> We have working the below urls working:
>>>>>>>>> https://server.lbg.com:8443/towl
>>>>>>>>> https://example.lbg.com:8443/towl --> redirects to
>>>>>>>>>
>>>>>>>>
>>>>>>>> What do you mean "redirect"? Does it return a 30x response that
>>> causes
>>>>>> the
>>>>>>>> browser to make a new request to \/
>>>>>>>>
>>>>>>>> https://server.lbg.com:8443/towl --> still works --> we have SSL
>>>>>>>>> configured for the same but this SSL certificate doesnot have
>>>>>> additional
>>>>>>>>> DNS setup.
>>>>>>>>>
>>>>>>>>
>>>>>>>> What SANs are in your certificate? How many certificates do you
>>> have?
>>>>>>>>
>>>>>>>> But I would need to somehow access https://example.lbg.com -->
>>> which
>>>>>>>>> means
>>>>>>>>> I would need to access via 443 here ?
>>>>>>>>>
>>>>>>>>
>>>>>>>> I'm so confused. What needs to access what?
>>>>>>>>
>>>>>>>> I tried to adding the below to server.xml as below, but that
>>> doesnot
>>>>>> seems
>>>>>>>>> to work.
>>>>>>>>>
>>>>>>>>> <Connector port="80"
>>>>>>>>> protocol="org.apache.coyote.http11.Http11NioProtocol"
>>>>>>>>> connectionTimeout="20000"
>>>>>>>>> redirectPort="443" />
>>>>>>>>>
>>>>>>>>
>>>>>>>> This will only redirect (HTTP 302) requests to
>>>>>> http://yourhost/anything
>>>>>>>> to https://yourhost/anything *if the application specifically
>>> requests
>>>>>>>> CONFIDENTIAL transport*. It doesn't just redirect everything by
>>>>>> default. If
>>>>>>>> you want it to redirect everything, you'll need to set that up e.g.
>>>>>> using
>>>>>>>> RewriteValve. There are other options, too.
>>>>>>>>
>>>>>>>> Do i need additional SSL certificate for the
>>> https://example.lbg.com
>>>>>> to
>>>>>>>>> make it work ?
>>>>>>>>>
>>>>>>>>
>>>>>>>> If you don't want your browser to complain, you will need at least
>>> one
>>>>>> TLS
>>>>>>>> certificate that contains every Subject Alternative Name (SAN) for
>>>>>> every
>>>>>>>> possible hostname you expect to use with this service. You ca do it
>>>>>> with
>>>>>>>> multiple certificates as well, but a single cert with multiple SANs
>>> is
>>>>>> less
>>>>>>>> work.
>>>>>>>>
>>>>>>>> Do i need to set up an additional web server for this like apache or
>>>>>> nginx
>>>>>>>>> for redirecting requests?
>>>>>>>>>
>>>>>>>>
>>>>>>>> No.
>>>>>>>>
>>>>>>>> Please stop saying "redirect" because it sounds like you almost
>>> never
>>>>>> mean
>>>>>>>> "HTTP 30x redirect" and that's confusing everything.
>>>>>>>>
>>>>>>>> I *think* you only need the following:
>>>>>>>>
>>>>>>>> 1. A TLS certificate with the following SANs:
>>>>>>>>
>>>>>>>> * server.lbg.com
>>>>>>>> * example.lbg.com
>>>>>>>> * localhost (you shouldn't do this)
>>>>>>>>
>>>>>>>> 2. DNS configured for all hostnames:
>>>>>>>>
>>>>>>>> * server.lbg.com -> A 192.168.100.20
>>>>>>>> * example.lgb.com -> A 192.168.100.20
>>>>>>>>
>>>>>>>> 3. Tomcat configured with a single <Host> which is the default
>>> virtual
>>>>>>>> host. Note that this is the *default Tomcat configuration* and
>>> doesn't
>>>>>> need
>>>>>>>> to be changed from the default.
>>>>>>>>
>>>>>>>> 4. Tomcat configured with your certificate like this:
>>>>>>>>
>>>>>>>> <Connector ...
>>>>>>>> SSLEnabled="true">
>>>>>>>> <SSLHostConfig>
>>>>>>>> <Certificate
>>>>>>>> certificateFile="/path/to/your/cert.crt"
>>>>>>>> certificateKeyFile="/path/to/your/key.pem" />
>>>>>>>> <!-- You may need certificateKeyPassword in <Certificate>
>>> -->
>>>>>>>> </SSLHostConfig>
>>>>>>>> </Connector>
>>>>>>>>
>>>>>>>> If your SANs are configured properly, this should allow you to
>>> connect
>>>>>>>> using any of these URLs:
>>>>>>>>
>>>>>>>> $ curl https://server.lbg.com/towl/login.jsp
>>>>>>>>
>>>>>>>> (returns login page)
>>>>>>>>
>>>>>>>> $ curl https://example.lbg.com/towl/login.jsp
>>>>>>>>
>>>>>>>> (returns login page)
>>>>>>>>
>>>>>>>> If your application's web.xml contains something like this:
>>>>>>>>
>>>>>>>> <security-constraint>
>>>>>>>> <web-resource-collection>
>>>>>>>> <web-resource-name>theapp</web-resource-name>
>>>>>>>> <url-pattern>/*</url-pattern>
>>>>>>>> </web-resource-collection>
>>>>>>>> <user-data-constraint>
>>>>>>>> <transport-guarantee>CONFIDENTIAL</transport-guarantee>
>>>>>>>> </user-data-constraint>
>>>>>>>> </security-constraint>
>>>>>>>>
>>>>>>>> ... then these URLs insecure HTTP URLs should redirect your clients:
>>>>>>>>
>>>>>>>> $ curl http://server.lbg.com/towl/login.jsp
>>>>>>>>
>>>>>>>> (returns HTTP 302 redirect to
>>> https://server.lbg.com/towl/login.jsp
>>>>>> )
>>>>>>>>
>>>>>>>> $ curl https://server.lbg.com/towl/login.jsp
>>>>>>>>
>>>>>>>> (returns HTTP 302 redirect to
>>>>>> https://example.lbg.com/towl/login.jsp)
>>>>>>>>
>>>>>>>> I don't think you need any use of the RewriteValve unless you want
>>> to
>>>>>>>> handle sending HTTP 302 redirect responses to insecure requests
>>> without
>>>>>>>> specifying the CONFIDENTIAL transport-guarantee in your
>>> application's
>>>>>>>> web.xml file. But I don't see any reason NOT to have that in there.
>>>>>>>>
>>>>>>>> -chris
>>>>>>>>
>>>>>>>> On Tue, Apr 23, 2024 at 10:52 PM Christopher Schultz <
>>>>>>>>> chris@christopherschultz.net> wrote:
>>>>>>>>>
>>>>>>>>> Lavanya,
>>>>>>>>>>
>>>>>>>>>> On 4/22/24 05:21, lavanya tech wrote:
>>>>>>>>>>
>>>>>>>>>>> Could you please explain, what you exactly mean ? So here
>>> redirect
>>>>>> is
>>>>>>>>>>>
>>>>>>>>>> not a
>>>>>>>>>>
>>>>>>>>>>> solution right ?
>>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> Redirecting is fine.
>>>>>>>>>>
>>>>>>>>>> Perhaps you should take a step back and decide: what do you
>>> actually
>>>>>>>>>> want, here? You might be trying to solve problem X by applying
>>>>>> solution
>>>>>>>>>> Y, and you've already decided that solution Y is correct so you
>>> are
>>>>>>>>>> trying to get help with that.
>>>>>>>>>>
>>>>>>>>>> Perhaps ask for help with Problem X?
>>>>>>>>>>
>>>>>>>>>> For example, "I don't want users to have to type the name of my
>>>>>>>>>> application to reach it so I want example.com/ to go to my
>>>>>> application
>>>>>>>>>> instead of example.com/myapp/".
>>>>>>>>>>
>>>>>>>>>> Or, "I have multiple domains and I want all of them to redirect to
>>>>>> the
>>>>>>>>>> canonical domain example.com and to go to me web application
>>> /myapp
>>>>>> so
>>>>>>>>>> everything goes to example.com/myapp/".
>>>>>>>>>>
>>>>>>>>>> "You'd have to use a glob/regex if
>>>>>>>>>>> you wanted to check for [anything and maybe nothing.]example.com
>>> ."
>>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> There is nothing in your configuration or question that suggests
>>> that
>>>>>>>>>> the hostname in the request is relevant, but you are making it a
>>>>>>>>>> *requirement* that the request contains a specific Host header. IF
>>>>>> you
>>>>>>>>>> don't actually need that, why do you have it?
>>>>>>>>>>
>>>>>>>>>> -chris
>>>>>>>>>>
>>>>>>>>>> On Fri, Apr 19, 2024 at 3:03 PM Christopher Schultz <
>>>>>>>>>>> chris@christopherschultz.net> wrote:
>>>>>>>>>>>
>>>>>>>>>>> Ammu,
>>>>>>>>>>>>
>>>>>>>>>>>> On 4/19/24 08:32, lavanya tech wrote:
>>>>>>>>>>>>
>>>>>>>>>>>>> Thank you very much. I removed <Host> for example.com as well
>>> as
>>>>>>>>>>>>>
>>>>>>>>>>>> adding
>>>>>>>>>>
>>>>>>>>>>> an
>>>>>>>>>>>>
>>>>>>>>>>>>> <Alias> in server.xml
>>>>>>>>>>>>> I copied context.xml file
>>>>>>>>>>>>>
>>> /git/app/apache-tomcat-10.1.11/webapps/towl/META-INF/context.xml
>>>>>>>>>>>>> Removed < in rewrite.config files.
>>>>>>>>>>>>>
>>>>>>>>>>>>> But still I dont redirect the URL.
>>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>> If you have <Context> in server.xml and also your application in
>>>>>> the
>>>>>>>>>>>> webapps/ directory, then you will be double-deploying your
>>>>>> application.
>>>>>>>>>>>>
>>>>>>>>>>>> Re-name /git/app/apache-tomcat-10.1.11/webapps/towl/ to be
>>>>>>>>>>>> /git/app/apache-tomcat-10.1.11/webapps/ROOT (the capitals are
>>>>>>>>>>>> important)
>>>>>>>>>>>> and remove the <Context> element from your server.xml.
>>>>>>>>>>>>
>>>>>>>>>>>> Then start your server and read the logs.
>>>>>>>>>>>>
>>>>>>>>>>>> *nslookup alias.example.com <http://alias.example.com>
>>>>>>>>>>>>> gives-->Non-authoritative answer:Name: www.example.com
>>>>>>>>>>>>> <http://www.example.com>Address: 192.168.200.10Aliases:
>>>>>>>>>>>>>
>>>>>>>>>>>> alias.example.com
>>>>>>>>>>>>
>>>>>>>>>>>>> <http://alias.example.com>*
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>> Just to give some information here, *www.example.com
>>>>>>>>>>>>> <http://www.example.com>* has alias* "alias.example.com
>>>>>>>>>>>>> <http://alias.example.com>"*
>>>>>>>>>>>>> But https://www.example.com:7777/example --> works fine with
>>> out
>>>>>>>>>>>>>
>>>>>>>>>>>> issues
>>>>>>>>>>
>>>>>>>>>>> but
>>>>>>>>>>>>
>>>>>>>>>>>>> the alias doesnot works (https://alias.example.com)
>>>>>>>>>>>>> So i am not sure if the redirect url helps or if its correct
>>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>> Your rewrite configuration says that you have to be using host
>>>>>>>>>>>> "example.com" but your request goes to www.example.com. Your
>>>>>>>>>>>> configuration should only redirect a request such as:
>>>>>>>>>>>>
>>>>>>>>>>>> $ curl -v http://example.com:7777/something
>>>>>>>>>>>>
>>>>>>>>>>>> HTTP/1.1 301 Moved Permanently
>>>>>>>>>>>> ...
>>>>>>>>>>>> Location: https://www.example.com:7777/example
>>>>>>>>>>>>
>>>>>>>>>>>> If you make a request like:
>>>>>>>>>>>>
>>>>>>>>>>>> $ curl -v http://www.example.com:7777/something
>>>>>>>>>>>>
>>>>>>>>>>>> I wouldn't expect a redirect because of your "host" condition.
>>> The
>>>>>>>>>>>> "%{HTTP_HOST} example.com" looks at the entire Host header and
>>> not
>>>>>>>>>>>> just
>>>>>>>>>>>> anything that ends in "example.com". You'd have to use a
>>>>>> glob/regex if
>>>>>>>>>>>> you wanted to check for [anything and maybe nothing.]
>>> example.com.
>>>>>>>>>>>>
>>>>>>>>>>>> You'd also have to make sure that your application is serving
>>>>>> responses
>>>>>>>>>>>> to requests to / which is why I'm recommending you use the ROOT
>>> web
>>>>>>>>>>>> application name instead of "towl".
>>>>>>>>>>>>
>>>>>>>>>>>> -chris
>>>>>>>>>>>>
>>>>>>>>>>>> On Fri, Apr 19, 2024 at 1:21 PM Christopher Schultz <
>>>>>>>>>>>>> chris@christopherschultz.net> wrote:
>>>>>>>>>>>>>
>>>>>>>>>>>>> Ammu,
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> On 4/18/24 09:34, lavanya tech wrote:
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> I am attaching server.xml and context.xml and rewrite.config
>>>>>> files.
>>>>>>>>>>>>>>> The paths are
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> /git/app/apache-tomcat-10.1.11/webapps/towl/context.xml
>>>>>>>>>>>>>>> <Context>
>>>>>>>>>>>>>>> <Valve
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>> className="org.apache.catalina.valves.rewrite.RewriteValve"
>>>>>>>>>>>>
>>>>>>>>>>>>> />
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> <!-- Other context configuration -->
>>>>>>>>>>>>>>> </Context>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> This file ^^^ is in the wrong place. It should be in
>>>>>>>>>>>>>>
>>> /git/app/apache-tomcat-10.1.11/webapps/towl/META-INF/context.xml
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>> /git/app/apache-tomcat-10.1.11/webapps/towl/WEB-INF/rewrite.config
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> <RewriteCond %{HTTP_HOST} example.com [NC]
>>>>>>>>>>>>>>> <RewriteRule ^/(.*)$ https://www.example.com:7777/example
>>>>>> [R=301,L]
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> Why do you have < symbols at the beginning of these lines?
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> server.xml
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> > [...]
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> <Host name="example.com" appBase="webapps"
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>> unpackWARs="true"
>>>>>>>>>>
>>>>>>>>>>> autoDeploy="true">
>>>>>>>>>>>>>>> <Context path="" docBase="towl" />
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> It's best not to define any <Context> in server.xml. I would
>>>>>> remove
>>>>>>>>>>>>>>
>>>>>>>>>>>>> this
>>>>>>>>>>
>>>>>>>>>>> <Context> entirely and allow Tomcat to auto-reploy from your
>>>>>>>>>>>>>> webapps/towl directory. If you need this application to be
>>>>>> deployed
>>>>>>>>>>>>>> as
>>>>>>>>>>>>>> the ROOT context (on / and not /towl) then you should re-name
>>>>>>>>>>>>>> /git/app/apache-tomcat-10.1.11/webapps/towl to
>>>>>>>>>>>>>> /git/app/apache-tomcat-10.1.11/webapps/ROOT
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> You also don't need a <Host> for example.com as well as
>>> adding
>>>>>> an
>>>>>>>>>>>>>> <Alias> for the same domain (though this is probably to
>>>>>> anonymize the
>>>>>>>>>>>>>> configuration). You can feel free to simply use the
>>> "localhost"
>>>>>>>>>>>>>> <Host>
>>>>>>>>>>>>>> as the default <Host> and deploy everything into it. This
>>> makes
>>>>>> your
>>>>>>>>>>>>>> configuration changes relative to a stock Tomcat less
>>>>>> significant and
>>>>>>>>>>>>>> easier to apply to new versions if/when necessary.
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> -chris
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> On Thu, Apr 18, 2024 at 2:17 PM Christopher Schultz <
>>>>>>>>>>>>>>> chris@christopherschultz.net> wrote:
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> Ammu,
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> On 4/18/24 07:45, lavanya tech wrote:
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> I added classname rewrite valeus in contex.xml file .
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> <!-- REWRITE VALVE -->
>>>>>>>>>>>>>>>>> <Valve
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> className="org.apache.catalina.valves.rewrite.RewriteValve"
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> />
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> <!-- // -->
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> created rewrite.config so both of them is located under
>>> conf
>>>>>>>>>>>>>>>>> under
>>>>>>>>>>>>>>>>> apache-tomcat.
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> <RewriteCond %{HTTP_HOST}
>>>>>> example.com
>>>>>>>>>>>>>>>>> [NC]
>>>>>>>>>>>>>>>>> <RewriteRule ^/(.*)$
>>>>>>>>>>>>>>>>> https://www.example.com:7777/example [R=301,L]
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> So according to the documentaion they say context.xml
>>> should
>>>>>> be
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> placed
>>>>>>>>>>>>
>>>>>>>>>>>>> under webapps and rewrite.config file should be put in WEB-INF
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> folder
>>>>>>>>>>
>>>>>>>>>>> of
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> apache-tomcat . I placed and restarted tomcat webserver but
>>>>>> still
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> it
>>>>>>>>>>
>>>>>>>>>>> doesnot redirect.
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> Can you give full paths to both server.xml and
>>> rewrite.config,
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> re-post
>>>>>>>>>>
>>>>>>>>>>> your current server.xml <Context> element, and the complete
>>> contents
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> of
>>>>>>>>>>>>
>>>>>>>>>>>>> rewrite.config?
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> Have you looked at the log files after start?
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> -chris
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> On Thu, Apr 18, 2024 at 1:36 PM lavanya tech <
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> lavanyatech440@gmail.com
>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>>> wrote:
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> Hi Thomas,
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>> Thanks for the fast response.
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>> I added classname rewrite valeus in contex.xml file .
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>> <!-- REWRITE VALVE -->
>>>>>>>>>>>>>>>>>> <Valve
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> className="org.apache.catalina.valves.rewrite.RewriteValve"
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> />
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> <!-- // -->
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>> created rewrite.config so both of them is located under
>>> conf
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> under
>>>>>>>>>>
>>>>>>>>>>> apache-tomcat.
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>> So according to the documentaion they say context.xml
>>> should
>>>>>> be
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> placed
>>>>>>>>>>>>
>>>>>>>>>>>>> under webapps and rewrite.config file should be put in WEB-INF
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> folder
>>>>>>>>>>>>
>>>>>>>>>>>>> of
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> apache-tomcat
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>> Thnks,
>>>>>>>>>>>>>>>>>> Ammu
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>> On Thu, Apr 18, 2024 at 1:22 PM Mark Thomas <
>>>>>> markt@apache.org>
>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> wrote:
>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>> On 18/04/2024 12:05, lavanya tech wrote:
>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>> Hi Team,
>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>> I am using "Tomcat 10.1" in our environment and I
>>> wanted to
>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>> redirect
>>>>>>>>>>>>
>>>>>>>>>>>>> url
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> from https://example.com to https://www.servercom:7777 and
>>>>>> for
>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>> this i
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> modified the server.xml as below in tomcat config, and the
>>> below
>>>>>>>>>>>>>>>>>>>> configuration doesnot seems to work. Does anyone has
>>> ideas.
>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>> Please
>>>>>>>>>>
>>>>>>>>>>> suggest.
>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>> The url alone https://www.servercom:7777/ already
>>> works.
>>>>>> But
>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>> just
>>>>>>>>>>
>>>>>>>>>>> redirection from the old to one doesnot.
>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>> <Host name="example.com" appBase="app"
>>> unpackWARs="true"
>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>> autoDeploy="true">
>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>> <Context path="" docBase="example" />
>>>>>>>>>>>>>>>>>>>> <Alias>example.com</Alias>
>>>>>>>>>>>>>>>>>>>> <!-- Add RewriteValve and RewriteRule here
>>> -->
>>>>>>>>>>>>>>>>>>>> <Valve
>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>
>>>>>> className="org.apache.catalina.valves.rewrite.RewriteValve"/>
>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>> <Engine name="Catalina"
>>> defaultHost="localhost">
>>>>>>>>>>>>>>>>>>>> <Host name="example.com" appBase="app"
>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>> unpackWARs="true"
>>>>>>>>>>>>
>>>>>>>>>>>>> autoDeploy="true">
>>>>>>>>>>>>>>>>>>>> <Context path="" docBase="example"
>>> />
>>>>>>>>>>>>>>>>>>>> <Alias>example.com</Alias>
>>>>>>>>>>>>>>>>>>>> <Valve
>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>
>>>>>> className="org.apache.catalina.valves.rewrite.RewriteValve"/>
>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>> <Engine name="Catalina"
>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>> defaultHost="localhost">
>>>>>>>>>>
>>>>>>>>>>> <Host name="example.com" appBase="app"
>>>>>>>>>>>>>>>>>>>> unpackWARs="true" autoDeploy="true">
>>>>>>>>>>>>>>>>>>>> <Context path=""
>>>>>> docBase="example" />
>>>>>>>>>>>>>>>>>>>> <Alias>example.com</Alias>
>>>>>>>>>>>>>>>>>>>> <!-- Rewrite rule to
>>> redirect to
>>>>>>>>>>>>>>>>>>>> www.servercom:8080/example -->
>>>>>>>>>>>>>>>>>>>> <RewriteCond %{HTTP_HOST}
>>>>>>>>>>>>>>>>>>>> example\.com
>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>> [NC]
>>>>>>>>>>>>
>>>>>>>>>>>>> <RewriteRule ^/(.*)$
>>>>>>>>>>>>>>>>>>>> https://www.servercom:7777/example/$1 [R=301,L]
>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>> 1. That isn't valid XML.
>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>> 2. Where in the Tomcat docs does it say you can nest
>>>>>> re-write
>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>> rules
>>>>>>>>>>
>>>>>>>>>>> in
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> a
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> Host element (or any other element)?
>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>> </Host>
>>>>>>>>>>>>>>>>>>>> </Engine>
>>>>>>>>>>>>>>>>>>>> </Host>
>>>>>>>>>>>>>>>>>>>> </Engine>
>>>>>>>>>>>>>>>>>>>> </Host>
>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>> You need to configure the RewriteValve.
>>>>>>>>>>>>>>>>>>> https://tomcat.apache.org/tomcat-10.1-doc/rewrite.html
>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>> Mark
>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>
>>> ------------------------------------------------------------
>>>>>>>>>>>> ---------
>>>>>>>>>>>>
>>>>>>>>>>>>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>>>>>>>>>>>>>>>>>>> For additional commands, e-mail:
>>>>>> users-help@tomcat.apache.org
>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> ------------------------------------------------------------
>>>>>>>>>> ---------
>>>>>>>>>>
>>>>>>>>>>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>>>>>>>>>>>>>>>> For additional commands, e-mail:
>>> users-help@tomcat.apache.org
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>> ------------------------------------------------------------
>>>>>>>>>>>>>> ---------
>>>>>>>>>>>>>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>>>>>>>>>>>>>> For additional commands, e-mail: users-help@tomcat.apache.org
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>> ---------------------------------------------------------------------
>>>>>>>>>>>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>>>>>>>>>>>> For additional commands, e-mail: users-help@tomcat.apache.org
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>
>>> ---------------------------------------------------------------------
>>>>>>>>>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>>>>>>>>>> For additional commands, e-mail: users-help@tomcat.apache.org
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>
>>>>>>>>
>>> ---------------------------------------------------------------------
>>>>>>>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>>>>>>>> For additional commands, e-mail: users-help@tomcat.apache.org
>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>
>>>>>> ---------------------------------------------------------------------
>>>>>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>>>>>> For additional commands, e-mail: users-help@tomcat.apache.org
>>>>>>
>>>>>>
>>>>
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>>> For additional commands, e-mail: users-help@tomcat.apache.org
>>>
>>>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Regarding Tomcat url redirection
Posted by lavanya tech <la...@gmail.com>.
Hi Chris,
Can you tell me how to do the below ? How should I setup Tomcat in
server.xml ?
If you want to use port 443 (the default port for HTTPS) then you will
need to change Tomcat to bind to port 443 (if that's allowed on your OS)
or arrange to have port 443 routed to port 8443. You may need additional
configuration in Tomcat (specifically: proxyPort) to avoid having Tomcat
generate URLs with ":8443" in them.
Looking forward to your reply.
Thanks,
Lavanya
On Mon, Apr 29, 2024 at 2:03 PM lavanya tech <la...@gmail.com>
wrote:
> Hi Chris,
>
> There is no issues with browser, because I tested with different browsers
> and it all works fine. I am sure that there is no issue with the
> certificate.
> Because I was able to establish successful connections with port 8443, it
> just doesnot work with out port
>
> curl https://example.lbg.com/towl
> curl: (56) Received HTTP code 504 from proxy after CONNECT
> curl: (56) Received HTTP code 504 from proxy after CONNECT
>
>
> If you want to use port 443 (the default port for HTTPS) then you will
> need to change Tomcat to bind to port 443 (if that's allowed on your OS)
> or arrange to have port 443 routed to port 8443. You may need additional
> configuration in Tomcat (specifically: proxyPort) to avoid having Tomcat
> generate URLs with ":8443" in them.
>
> <Connector port="443" protocol="HTTP/1.1"
> connectionTimeout="20000"
> redirectPort="8443"
> maxThreads="150"
> scheme="https" secure="true" SSLEnabled="true"
> keystoreFile="path_to_your_keystore_file"
> keystorePass="your_keystore_password"
> keystoreType="PKCS12"
> clientAuth="false" sslProtocol="TLS"
> proxyPort="443"/>
>
> should i use connect port like the above ? But you mentioned before we
> dont need any configuration changes. Please clarify I am not able to figure
> this out and I have this issue many days pending. How to make it work with
> port 8443 and with out port
>
> Also I wanted to use weburl with alias name permanently instead of the
> hostname. How can I achieve both
>
> Thanks,
> Lavanya
>
>
> -->
>
>
> On Fri, Apr 26, 2024 at 9:28 PM Christopher Schultz <
> chris@christopherschultz.net> wrote:
>
>> Lavanya,
>>
>> On 4/25/24 07:24, lavanya tech wrote:
>> > Hi Chris,
>> >
>> > One question / doubt:
>> >
>> > As I mentioned earlier, the below URLS already working in the browser
>> >> https://server.lbg.com:8443/towl
>> >> https://example.lbg.com:8443/towl -> redirect ( which means when I
>> hit in
>> > browser) it points to https://server.lbg.com:8443/towl ---> To be
>> frank,
>> > even I donot need redirect here, not sure why it redirects.
>> >
>> > My question is why its working even though SAN is not registered with
>> the
>> > certificate ? It doesnot even throw warning in the browser.
>>
>> I'm not sure. Is it possible you have dismissed this error in the past
>> and the browser is remembering that? Try this with a different web
>> browser or maybe with curl from the command-line to see what happens.
>>
>> > Why https://server.lbg.com/towl or https://example.lbg.com/towl -->
>> How it
>> > should work with New SAN certificate ?
>>
>> You don't need to worry about the port number or application name, only
>> the hostname is a part of the SAN.
>>
>> -chris
>>
>> > On Thu, Apr 25, 2024 at 10:16 AM lavanya tech <lavanyatech440@gmail.com
>> >
>> > wrote:
>> >
>> >> Hi Chris,
>> >>
>> >>
>> >> Thanks I will request new certificate with SANs and I will try to fix
>> the
>> >> things from our end.
>> >>
>> >> Best Regards,
>> >> Lavanya
>> >>
>> >> On Wed, Apr 24, 2024 at 11:12 PM Christopher Schultz <
>> >> chris@christopherschultz.net> wrote:
>> >>
>> >>> Lavanya,
>> >>>
>> >>> On 4/24/24 15:39, lavanya tech wrote:
>> >>>> Local host means the machine i am logged in to server.lbg.com
>> >>>>
>> >>>> You are right, example.lbg.com is CNAME record.
>> >>>
>> >>> Okay, thanks for clearing that up.
>> >>>
>> >>>> I dont have any SAN configured for the certificate. The certificate
>> is
>> >>>> requested for only server.lbg.com
>> >>>
>> >>> You will never be able to make a secure request to anything other than
>> >>> server.lbg.com without seeing an error. I highly recommend adding the
>> >>> other hostname as a SAN to your certificate if you really want to
>> >>> support this.
>> >>>
>> >>> Even if you wanted https://example.lbg.com/whatever to return an HTTP
>> >>> 302 redirect to https://server.lbg.com/whatever, the user would see a
>> >>> certificate hostname mismatch error which is ugly. It's best to make
>> it
>> >>> work without users seeing ugly things.
>> >>>
>> >>>> So if i just request new certificate with SAN it should work ? If
>> yes, I
>> >>>> will request for it and follow your steps as below suggested.
>> >>>
>> >>> Yes, it should.
>> >>>
>> >>>> Should i use CName record or DNS? Does it make difference?
>> >>>
>> >>> CNAME *is* DNS.
>> >>>
>> >>> Whenever possible, use hostnames and not IP addresses as SANs. It's
>> more
>> >>> flexible that way, and users get to see hostnames instead of IP
>> addresses.
>> >>>
>> >>> -chris
>> >>>
>> >>>> On Wednesday, April 24, 2024, Christopher Schultz <
>> >>>> chris@christopherschultz.net> wrote:
>> >>>>
>> >>>>> Lavanya,
>> >>>>>
>> >>>>> On 4/24/24 07:37, lavanya tech wrote:
>> >>>>>
>> >>>>>> Sorry I understood wrongly here with regards to my environment,
>> Let me
>> >>>>>> start from the beginning. I donot want to use redirect at all. I
>> >>> simply
>> >>>>>> wanted to force apache tomcat to use both localhost and dns name of
>> >>> the
>> >>>>>> localhost via url.
>> >>>>>>
>> >>>>>
>> >>>>> When you say "force" what do you mean?
>> >>>>>
>> >>>>> When you say "use both localhost and DNS name" what do you mean?
>> >>>>>
>> >>>>> When you say "localhost" do you mean 127.0.0.1 or "the machine I'm
>> >>>>> logged-into right now"?
>> >>>>>
>> >>>>> I have DNS resollution as below.
>> >>>>>>
>> >>>>>> server.lbg.com --> localhost
>> >>>>>>
>> >>>>>
>> >>>>> Is that a CNAME record?
>> >>>>>
>> >>>>> nslookup server.lbg.com (localhost)
>> >>>>>> Name: server.lbg.com
>> >>>>>> Address: 192.168.100.20
>> >>>>>> alias: example.lbg.com
>> >>>>>>
>> >>>>>
>> >>>>> That's a weird DNS response. The DNS name "localhost" should
>> *always*
>> >>>>> return 127.0.0.1 for IPv4 and ::1 for IPv6. It shouldn't return
>> >>>>> 191.168.100.20.
>> >>>>>
>> >>>>> We have working the below urls working:
>> >>>>>> https://server.lbg.com:8443/towl
>> >>>>>> https://example.lbg.com:8443/towl --> redirects to
>> >>>>>>
>> >>>>>
>> >>>>> What do you mean "redirect"? Does it return a 30x response that
>> causes
>> >>> the
>> >>>>> browser to make a new request to \/
>> >>>>>
>> >>>>> https://server.lbg.com:8443/towl --> still works --> we have SSL
>> >>>>>> configured for the same but this SSL certificate doesnot have
>> >>> additional
>> >>>>>> DNS setup.
>> >>>>>>
>> >>>>>
>> >>>>> What SANs are in your certificate? How many certificates do you
>> have?
>> >>>>>
>> >>>>> But I would need to somehow access https://example.lbg.com -->
>> which
>> >>>>>> means
>> >>>>>> I would need to access via 443 here ?
>> >>>>>>
>> >>>>>
>> >>>>> I'm so confused. What needs to access what?
>> >>>>>
>> >>>>> I tried to adding the below to server.xml as below, but that
>> doesnot
>> >>> seems
>> >>>>>> to work.
>> >>>>>>
>> >>>>>> <Connector port="80"
>> >>>>>> protocol="org.apache.coyote.http11.Http11NioProtocol"
>> >>>>>> connectionTimeout="20000"
>> >>>>>> redirectPort="443" />
>> >>>>>>
>> >>>>>
>> >>>>> This will only redirect (HTTP 302) requests to
>> >>> http://yourhost/anything
>> >>>>> to https://yourhost/anything *if the application specifically
>> requests
>> >>>>> CONFIDENTIAL transport*. It doesn't just redirect everything by
>> >>> default. If
>> >>>>> you want it to redirect everything, you'll need to set that up e.g.
>> >>> using
>> >>>>> RewriteValve. There are other options, too.
>> >>>>>
>> >>>>> Do i need additional SSL certificate for the
>> https://example.lbg.com
>> >>> to
>> >>>>>> make it work ?
>> >>>>>>
>> >>>>>
>> >>>>> If you don't want your browser to complain, you will need at least
>> one
>> >>> TLS
>> >>>>> certificate that contains every Subject Alternative Name (SAN) for
>> >>> every
>> >>>>> possible hostname you expect to use with this service. You ca do it
>> >>> with
>> >>>>> multiple certificates as well, but a single cert with multiple SANs
>> is
>> >>> less
>> >>>>> work.
>> >>>>>
>> >>>>> Do i need to set up an additional web server for this like apache or
>> >>> nginx
>> >>>>>> for redirecting requests?
>> >>>>>>
>> >>>>>
>> >>>>> No.
>> >>>>>
>> >>>>> Please stop saying "redirect" because it sounds like you almost
>> never
>> >>> mean
>> >>>>> "HTTP 30x redirect" and that's confusing everything.
>> >>>>>
>> >>>>> I *think* you only need the following:
>> >>>>>
>> >>>>> 1. A TLS certificate with the following SANs:
>> >>>>>
>> >>>>> * server.lbg.com
>> >>>>> * example.lbg.com
>> >>>>> * localhost (you shouldn't do this)
>> >>>>>
>> >>>>> 2. DNS configured for all hostnames:
>> >>>>>
>> >>>>> * server.lbg.com -> A 192.168.100.20
>> >>>>> * example.lgb.com -> A 192.168.100.20
>> >>>>>
>> >>>>> 3. Tomcat configured with a single <Host> which is the default
>> virtual
>> >>>>> host. Note that this is the *default Tomcat configuration* and
>> doesn't
>> >>> need
>> >>>>> to be changed from the default.
>> >>>>>
>> >>>>> 4. Tomcat configured with your certificate like this:
>> >>>>>
>> >>>>> <Connector ...
>> >>>>> SSLEnabled="true">
>> >>>>> <SSLHostConfig>
>> >>>>> <Certificate
>> >>>>> certificateFile="/path/to/your/cert.crt"
>> >>>>> certificateKeyFile="/path/to/your/key.pem" />
>> >>>>> <!-- You may need certificateKeyPassword in <Certificate>
>> -->
>> >>>>> </SSLHostConfig>
>> >>>>> </Connector>
>> >>>>>
>> >>>>> If your SANs are configured properly, this should allow you to
>> connect
>> >>>>> using any of these URLs:
>> >>>>>
>> >>>>> $ curl https://server.lbg.com/towl/login.jsp
>> >>>>>
>> >>>>> (returns login page)
>> >>>>>
>> >>>>> $ curl https://example.lbg.com/towl/login.jsp
>> >>>>>
>> >>>>> (returns login page)
>> >>>>>
>> >>>>> If your application's web.xml contains something like this:
>> >>>>>
>> >>>>> <security-constraint>
>> >>>>> <web-resource-collection>
>> >>>>> <web-resource-name>theapp</web-resource-name>
>> >>>>> <url-pattern>/*</url-pattern>
>> >>>>> </web-resource-collection>
>> >>>>> <user-data-constraint>
>> >>>>> <transport-guarantee>CONFIDENTIAL</transport-guarantee>
>> >>>>> </user-data-constraint>
>> >>>>> </security-constraint>
>> >>>>>
>> >>>>> ... then these URLs insecure HTTP URLs should redirect your clients:
>> >>>>>
>> >>>>> $ curl http://server.lbg.com/towl/login.jsp
>> >>>>>
>> >>>>> (returns HTTP 302 redirect to
>> https://server.lbg.com/towl/login.jsp
>> >>> )
>> >>>>>
>> >>>>> $ curl https://server.lbg.com/towl/login.jsp
>> >>>>>
>> >>>>> (returns HTTP 302 redirect to
>> >>> https://example.lbg.com/towl/login.jsp)
>> >>>>>
>> >>>>> I don't think you need any use of the RewriteValve unless you want
>> to
>> >>>>> handle sending HTTP 302 redirect responses to insecure requests
>> without
>> >>>>> specifying the CONFIDENTIAL transport-guarantee in your
>> application's
>> >>>>> web.xml file. But I don't see any reason NOT to have that in there.
>> >>>>>
>> >>>>> -chris
>> >>>>>
>> >>>>> On Tue, Apr 23, 2024 at 10:52 PM Christopher Schultz <
>> >>>>>> chris@christopherschultz.net> wrote:
>> >>>>>>
>> >>>>>> Lavanya,
>> >>>>>>>
>> >>>>>>> On 4/22/24 05:21, lavanya tech wrote:
>> >>>>>>>
>> >>>>>>>> Could you please explain, what you exactly mean ? So here
>> redirect
>> >>> is
>> >>>>>>>>
>> >>>>>>> not a
>> >>>>>>>
>> >>>>>>>> solution right ?
>> >>>>>>>>
>> >>>>>>>
>> >>>>>>> Redirecting is fine.
>> >>>>>>>
>> >>>>>>> Perhaps you should take a step back and decide: what do you
>> actually
>> >>>>>>> want, here? You might be trying to solve problem X by applying
>> >>> solution
>> >>>>>>> Y, and you've already decided that solution Y is correct so you
>> are
>> >>>>>>> trying to get help with that.
>> >>>>>>>
>> >>>>>>> Perhaps ask for help with Problem X?
>> >>>>>>>
>> >>>>>>> For example, "I don't want users to have to type the name of my
>> >>>>>>> application to reach it so I want example.com/ to go to my
>> >>> application
>> >>>>>>> instead of example.com/myapp/".
>> >>>>>>>
>> >>>>>>> Or, "I have multiple domains and I want all of them to redirect to
>> >>> the
>> >>>>>>> canonical domain example.com and to go to me web application
>> /myapp
>> >>> so
>> >>>>>>> everything goes to example.com/myapp/".
>> >>>>>>>
>> >>>>>>> "You'd have to use a glob/regex if
>> >>>>>>>> you wanted to check for [anything and maybe nothing.]example.com
>> ."
>> >>>>>>>>
>> >>>>>>>
>> >>>>>>> There is nothing in your configuration or question that suggests
>> that
>> >>>>>>> the hostname in the request is relevant, but you are making it a
>> >>>>>>> *requirement* that the request contains a specific Host header. IF
>> >>> you
>> >>>>>>> don't actually need that, why do you have it?
>> >>>>>>>
>> >>>>>>> -chris
>> >>>>>>>
>> >>>>>>> On Fri, Apr 19, 2024 at 3:03 PM Christopher Schultz <
>> >>>>>>>> chris@christopherschultz.net> wrote:
>> >>>>>>>>
>> >>>>>>>> Ammu,
>> >>>>>>>>>
>> >>>>>>>>> On 4/19/24 08:32, lavanya tech wrote:
>> >>>>>>>>>
>> >>>>>>>>>> Thank you very much. I removed <Host> for example.com as well
>> as
>> >>>>>>>>>>
>> >>>>>>>>> adding
>> >>>>>>>
>> >>>>>>>> an
>> >>>>>>>>>
>> >>>>>>>>>> <Alias> in server.xml
>> >>>>>>>>>> I copied context.xml file
>> >>>>>>>>>>
>> /git/app/apache-tomcat-10.1.11/webapps/towl/META-INF/context.xml
>> >>>>>>>>>> Removed < in rewrite.config files.
>> >>>>>>>>>>
>> >>>>>>>>>> But still I dont redirect the URL.
>> >>>>>>>>>>
>> >>>>>>>>>
>> >>>>>>>>> If you have <Context> in server.xml and also your application in
>> >>> the
>> >>>>>>>>> webapps/ directory, then you will be double-deploying your
>> >>> application.
>> >>>>>>>>>
>> >>>>>>>>> Re-name /git/app/apache-tomcat-10.1.11/webapps/towl/ to be
>> >>>>>>>>> /git/app/apache-tomcat-10.1.11/webapps/ROOT (the capitals are
>> >>>>>>>>> important)
>> >>>>>>>>> and remove the <Context> element from your server.xml.
>> >>>>>>>>>
>> >>>>>>>>> Then start your server and read the logs.
>> >>>>>>>>>
>> >>>>>>>>> *nslookup alias.example.com <http://alias.example.com>
>> >>>>>>>>>> gives-->Non-authoritative answer:Name: www.example.com
>> >>>>>>>>>> <http://www.example.com>Address: 192.168.200.10Aliases:
>> >>>>>>>>>>
>> >>>>>>>>> alias.example.com
>> >>>>>>>>>
>> >>>>>>>>>> <http://alias.example.com>*
>> >>>>>>>>>>
>> >>>>>>>>>>
>> >>>>>>>>>> Just to give some information here, *www.example.com
>> >>>>>>>>>> <http://www.example.com>* has alias* "alias.example.com
>> >>>>>>>>>> <http://alias.example.com>"*
>> >>>>>>>>>> But https://www.example.com:7777/example --> works fine with
>> out
>> >>>>>>>>>>
>> >>>>>>>>> issues
>> >>>>>>>
>> >>>>>>>> but
>> >>>>>>>>>
>> >>>>>>>>>> the alias doesnot works (https://alias.example.com)
>> >>>>>>>>>> So i am not sure if the redirect url helps or if its correct
>> >>>>>>>>>>
>> >>>>>>>>>
>> >>>>>>>>> Your rewrite configuration says that you have to be using host
>> >>>>>>>>> "example.com" but your request goes to www.example.com. Your
>> >>>>>>>>> configuration should only redirect a request such as:
>> >>>>>>>>>
>> >>>>>>>>> $ curl -v http://example.com:7777/something
>> >>>>>>>>>
>> >>>>>>>>> HTTP/1.1 301 Moved Permanently
>> >>>>>>>>> ...
>> >>>>>>>>> Location: https://www.example.com:7777/example
>> >>>>>>>>>
>> >>>>>>>>> If you make a request like:
>> >>>>>>>>>
>> >>>>>>>>> $ curl -v http://www.example.com:7777/something
>> >>>>>>>>>
>> >>>>>>>>> I wouldn't expect a redirect because of your "host" condition.
>> The
>> >>>>>>>>> "%{HTTP_HOST} example.com" looks at the entire Host header and
>> not
>> >>>>>>>>> just
>> >>>>>>>>> anything that ends in "example.com". You'd have to use a
>> >>> glob/regex if
>> >>>>>>>>> you wanted to check for [anything and maybe nothing.]
>> example.com.
>> >>>>>>>>>
>> >>>>>>>>> You'd also have to make sure that your application is serving
>> >>> responses
>> >>>>>>>>> to requests to / which is why I'm recommending you use the ROOT
>> web
>> >>>>>>>>> application name instead of "towl".
>> >>>>>>>>>
>> >>>>>>>>> -chris
>> >>>>>>>>>
>> >>>>>>>>> On Fri, Apr 19, 2024 at 1:21 PM Christopher Schultz <
>> >>>>>>>>>> chris@christopherschultz.net> wrote:
>> >>>>>>>>>>
>> >>>>>>>>>> Ammu,
>> >>>>>>>>>>>
>> >>>>>>>>>>> On 4/18/24 09:34, lavanya tech wrote:
>> >>>>>>>>>>>
>> >>>>>>>>>>>> I am attaching server.xml and context.xml and rewrite.config
>> >>> files.
>> >>>>>>>>>>>> The paths are
>> >>>>>>>>>>>>
>> >>>>>>>>>>>> /git/app/apache-tomcat-10.1.11/webapps/towl/context.xml
>> >>>>>>>>>>>> <Context>
>> >>>>>>>>>>>> <Valve
>> >>>>>>>>>>>>
>> >>>>>>>>>>> className="org.apache.catalina.valves.rewrite.RewriteValve"
>> >>>>>>>>>
>> >>>>>>>>>> />
>> >>>>>>>>>>>
>> >>>>>>>>>>>> <!-- Other context configuration -->
>> >>>>>>>>>>>> </Context>
>> >>>>>>>>>>>>
>> >>>>>>>>>>>
>> >>>>>>>>>>> This file ^^^ is in the wrong place. It should be in
>> >>>>>>>>>>>
>> /git/app/apache-tomcat-10.1.11/webapps/towl/META-INF/context.xml
>> >>>>>>>>>>>
>> >>>>>>>>>>>
>> >>> /git/app/apache-tomcat-10.1.11/webapps/towl/WEB-INF/rewrite.config
>> >>>>>>>>>>>>
>> >>>>>>>>>>>> <RewriteCond %{HTTP_HOST} example.com [NC]
>> >>>>>>>>>>>> <RewriteRule ^/(.*)$ https://www.example.com:7777/example
>> >>> [R=301,L]
>> >>>>>>>>>>>>
>> >>>>>>>>>>>
>> >>>>>>>>>>> Why do you have < symbols at the beginning of these lines?
>> >>>>>>>>>>>
>> >>>>>>>>>>> server.xml
>> >>>>>>>>>>>>
>> >>>>>>>>>>>> > [...]
>> >>>>>>>>>>>
>> >>>>>>>>>>>>
>> >>>>>>>>>>>> <Host name="example.com" appBase="webapps"
>> >>>>>>>>>>>>
>> >>>>>>>>>>> unpackWARs="true"
>> >>>>>>>
>> >>>>>>>> autoDeploy="true">
>> >>>>>>>>>>>> <Context path="" docBase="towl" />
>> >>>>>>>>>>>>
>> >>>>>>>>>>>
>> >>>>>>>>>>> It's best not to define any <Context> in server.xml. I would
>> >>> remove
>> >>>>>>>>>>>
>> >>>>>>>>>> this
>> >>>>>>>
>> >>>>>>>> <Context> entirely and allow Tomcat to auto-reploy from your
>> >>>>>>>>>>> webapps/towl directory. If you need this application to be
>> >>> deployed
>> >>>>>>>>>>> as
>> >>>>>>>>>>> the ROOT context (on / and not /towl) then you should re-name
>> >>>>>>>>>>> /git/app/apache-tomcat-10.1.11/webapps/towl to
>> >>>>>>>>>>> /git/app/apache-tomcat-10.1.11/webapps/ROOT
>> >>>>>>>>>>>
>> >>>>>>>>>>> You also don't need a <Host> for example.com as well as
>> adding
>> >>> an
>> >>>>>>>>>>> <Alias> for the same domain (though this is probably to
>> >>> anonymize the
>> >>>>>>>>>>> configuration). You can feel free to simply use the
>> "localhost"
>> >>>>>>>>>>> <Host>
>> >>>>>>>>>>> as the default <Host> and deploy everything into it. This
>> makes
>> >>> your
>> >>>>>>>>>>> configuration changes relative to a stock Tomcat less
>> >>> significant and
>> >>>>>>>>>>> easier to apply to new versions if/when necessary.
>> >>>>>>>>>>>
>> >>>>>>>>>>> -chris
>> >>>>>>>>>>>
>> >>>>>>>>>>> On Thu, Apr 18, 2024 at 2:17 PM Christopher Schultz <
>> >>>>>>>>>>>> chris@christopherschultz.net> wrote:
>> >>>>>>>>>>>>
>> >>>>>>>>>>>> Ammu,
>> >>>>>>>>>>>>>
>> >>>>>>>>>>>>> On 4/18/24 07:45, lavanya tech wrote:
>> >>>>>>>>>>>>>
>> >>>>>>>>>>>>>> I added classname rewrite valeus in contex.xml file .
>> >>>>>>>>>>>>>>
>> >>>>>>>>>>>>>> <!-- REWRITE VALVE -->
>> >>>>>>>>>>>>>> <Valve
>> >>>>>>>>>>>>>>
>> >>>>>>>>>>>>> className="org.apache.catalina.valves.rewrite.RewriteValve"
>> >>>>>>>>>>>
>> >>>>>>>>>>>> />
>> >>>>>>>>>>>>>
>> >>>>>>>>>>>>>> <!-- // -->
>> >>>>>>>>>>>>>>
>> >>>>>>>>>>>>>> created rewrite.config so both of them is located under
>> conf
>> >>>>>>>>>>>>>> under
>> >>>>>>>>>>>>>> apache-tomcat.
>> >>>>>>>>>>>>>>
>> >>>>>>>>>>>>>>
>> >>>>>>>>>>>>>> <RewriteCond %{HTTP_HOST}
>> >>> example.com
>> >>>>>>>>>>>>>> [NC]
>> >>>>>>>>>>>>>> <RewriteRule ^/(.*)$
>> >>>>>>>>>>>>>> https://www.example.com:7777/example [R=301,L]
>> >>>>>>>>>>>>>>
>> >>>>>>>>>>>>>> So according to the documentaion they say context.xml
>> should
>> >>> be
>> >>>>>>>>>>>>>>
>> >>>>>>>>>>>>> placed
>> >>>>>>>>>
>> >>>>>>>>>> under webapps and rewrite.config file should be put in WEB-INF
>> >>>>>>>>>>>>>>
>> >>>>>>>>>>>>> folder
>> >>>>>>>
>> >>>>>>>> of
>> >>>>>>>>>>>
>> >>>>>>>>>>>> apache-tomcat . I placed and restarted tomcat webserver but
>> >>> still
>> >>>>>>>>>>>>>>
>> >>>>>>>>>>>>> it
>> >>>>>>>
>> >>>>>>>> doesnot redirect.
>> >>>>>>>>>>>>>>
>> >>>>>>>>>>>>>
>> >>>>>>>>>>>>> Can you give full paths to both server.xml and
>> rewrite.config,
>> >>>>>>>>>>>>>
>> >>>>>>>>>>>> re-post
>> >>>>>>>
>> >>>>>>>> your current server.xml <Context> element, and the complete
>> contents
>> >>>>>>>>>>>>>
>> >>>>>>>>>>>> of
>> >>>>>>>>>
>> >>>>>>>>>> rewrite.config?
>> >>>>>>>>>>>>>
>> >>>>>>>>>>>>> Have you looked at the log files after start?
>> >>>>>>>>>>>>>
>> >>>>>>>>>>>>> -chris
>> >>>>>>>>>>>>>
>> >>>>>>>>>>>>> On Thu, Apr 18, 2024 at 1:36 PM lavanya tech <
>> >>>>>>>>>>>>>>
>> >>>>>>>>>>>>> lavanyatech440@gmail.com
>> >>>>>>>>>
>> >>>>>>>>>>
>> >>>>>>>>>>>> wrote:
>> >>>>>>>>>>>>>>
>> >>>>>>>>>>>>>> Hi Thomas,
>> >>>>>>>>>>>>>>>
>> >>>>>>>>>>>>>>> Thanks for the fast response.
>> >>>>>>>>>>>>>>>
>> >>>>>>>>>>>>>>> I added classname rewrite valeus in contex.xml file .
>> >>>>>>>>>>>>>>>
>> >>>>>>>>>>>>>>> <!-- REWRITE VALVE -->
>> >>>>>>>>>>>>>>> <Valve
>> >>>>>>>>>>>>>>>
>> >>>>>>>>>>>>>> className="org.apache.catalina.valves.rewrite.RewriteValve"
>> >>>>>>>>>>>
>> >>>>>>>>>>>> />
>> >>>>>>>>>>>>>
>> >>>>>>>>>>>>>> <!-- // -->
>> >>>>>>>>>>>>>>>
>> >>>>>>>>>>>>>>> created rewrite.config so both of them is located under
>> conf
>> >>>>>>>>>>>>>>>
>> >>>>>>>>>>>>>> under
>> >>>>>>>
>> >>>>>>>> apache-tomcat.
>> >>>>>>>>>>>>>>>
>> >>>>>>>>>>>>>>> So according to the documentaion they say context.xml
>> should
>> >>> be
>> >>>>>>>>>>>>>>>
>> >>>>>>>>>>>>>> placed
>> >>>>>>>>>
>> >>>>>>>>>> under webapps and rewrite.config file should be put in WEB-INF
>> >>>>>>>>>>>>>>>
>> >>>>>>>>>>>>>> folder
>> >>>>>>>>>
>> >>>>>>>>>> of
>> >>>>>>>>>>>
>> >>>>>>>>>>>> apache-tomcat
>> >>>>>>>>>>>>>>>
>> >>>>>>>>>>>>>>> Thnks,
>> >>>>>>>>>>>>>>> Ammu
>> >>>>>>>>>>>>>>>
>> >>>>>>>>>>>>>>>
>> >>>>>>>>>>>>>>>
>> >>>>>>>>>>>>>>> On Thu, Apr 18, 2024 at 1:22 PM Mark Thomas <
>> >>> markt@apache.org>
>> >>>>>>>>>>>>>>>
>> >>>>>>>>>>>>>> wrote:
>> >>>>>>>>>
>> >>>>>>>>>>
>> >>>>>>>>>>>>>>> On 18/04/2024 12:05, lavanya tech wrote:
>> >>>>>>>>>>>>>>>>
>> >>>>>>>>>>>>>>>>> Hi Team,
>> >>>>>>>>>>>>>>>>>
>> >>>>>>>>>>>>>>>>> I am using "Tomcat 10.1" in our environment and I
>> wanted to
>> >>>>>>>>>>>>>>>>>
>> >>>>>>>>>>>>>>>> redirect
>> >>>>>>>>>
>> >>>>>>>>>> url
>> >>>>>>>>>>>>>
>> >>>>>>>>>>>>>> from https://example.com to https://www.servercom:7777 and
>> >>> for
>> >>>>>>>>>>>>>>>>>
>> >>>>>>>>>>>>>>>> this i
>> >>>>>>>>>>>
>> >>>>>>>>>>>> modified the server.xml as below in tomcat config, and the
>> below
>> >>>>>>>>>>>>>>>>> configuration doesnot seems to work. Does anyone has
>> ideas.
>> >>>>>>>>>>>>>>>>>
>> >>>>>>>>>>>>>>>> Please
>> >>>>>>>
>> >>>>>>>> suggest.
>> >>>>>>>>>>>>>>>>
>> >>>>>>>>>>>>>>>>> The url alone https://www.servercom:7777/ already
>> works.
>> >>> But
>> >>>>>>>>>>>>>>>>>
>> >>>>>>>>>>>>>>>> just
>> >>>>>>>
>> >>>>>>>> redirection from the old to one doesnot.
>> >>>>>>>>>>>>>>>>>
>> >>>>>>>>>>>>>>>>> <Host name="example.com" appBase="app"
>> unpackWARs="true"
>> >>>>>>>>>>>>>>>>>
>> >>>>>>>>>>>>>>>> autoDeploy="true">
>> >>>>>>>>>>>>>>>>
>> >>>>>>>>>>>>>>>>> <Context path="" docBase="example" />
>> >>>>>>>>>>>>>>>>> <Alias>example.com</Alias>
>> >>>>>>>>>>>>>>>>> <!-- Add RewriteValve and RewriteRule here
>> -->
>> >>>>>>>>>>>>>>>>> <Valve
>> >>>>>>>>>>>>>>>>>
>> >>>>>>>>>>>>>>>>
>> >>> className="org.apache.catalina.valves.rewrite.RewriteValve"/>
>> >>>>>>>>>>>>>>>>
>> >>>>>>>>>>>>>>>>> <Engine name="Catalina"
>> defaultHost="localhost">
>> >>>>>>>>>>>>>>>>> <Host name="example.com" appBase="app"
>> >>>>>>>>>>>>>>>>>
>> >>>>>>>>>>>>>>>> unpackWARs="true"
>> >>>>>>>>>
>> >>>>>>>>>> autoDeploy="true">
>> >>>>>>>>>>>>>>>>> <Context path="" docBase="example"
>> />
>> >>>>>>>>>>>>>>>>> <Alias>example.com</Alias>
>> >>>>>>>>>>>>>>>>> <Valve
>> >>>>>>>>>>>>>>>>>
>> >>>>>>>>>>>>>>>>
>> >>> className="org.apache.catalina.valves.rewrite.RewriteValve"/>
>> >>>>>>>>>>>>>>>>
>> >>>>>>>>>>>>>>>>> <Engine name="Catalina"
>> >>>>>>>>>>>>>>>>>
>> >>>>>>>>>>>>>>>> defaultHost="localhost">
>> >>>>>>>
>> >>>>>>>> <Host name="example.com" appBase="app"
>> >>>>>>>>>>>>>>>>> unpackWARs="true" autoDeploy="true">
>> >>>>>>>>>>>>>>>>> <Context path=""
>> >>> docBase="example" />
>> >>>>>>>>>>>>>>>>> <Alias>example.com</Alias>
>> >>>>>>>>>>>>>>>>> <!-- Rewrite rule to
>> redirect to
>> >>>>>>>>>>>>>>>>> www.servercom:8080/example -->
>> >>>>>>>>>>>>>>>>> <RewriteCond %{HTTP_HOST}
>> >>>>>>>>>>>>>>>>> example\.com
>> >>>>>>>>>>>>>>>>>
>> >>>>>>>>>>>>>>>> [NC]
>> >>>>>>>>>
>> >>>>>>>>>> <RewriteRule ^/(.*)$
>> >>>>>>>>>>>>>>>>> https://www.servercom:7777/example/$1 [R=301,L]
>> >>>>>>>>>>>>>>>>>
>> >>>>>>>>>>>>>>>>
>> >>>>>>>>>>>>>>>> 1. That isn't valid XML.
>> >>>>>>>>>>>>>>>>
>> >>>>>>>>>>>>>>>> 2. Where in the Tomcat docs does it say you can nest
>> >>> re-write
>> >>>>>>>>>>>>>>>>
>> >>>>>>>>>>>>>>> rules
>> >>>>>>>
>> >>>>>>>> in
>> >>>>>>>>>>>
>> >>>>>>>>>>>> a
>> >>>>>>>>>>>>>
>> >>>>>>>>>>>>>> Host element (or any other element)?
>> >>>>>>>>>>>>>>>>
>> >>>>>>>>>>>>>>>> </Host>
>> >>>>>>>>>>>>>>>>> </Engine>
>> >>>>>>>>>>>>>>>>> </Host>
>> >>>>>>>>>>>>>>>>> </Engine>
>> >>>>>>>>>>>>>>>>> </Host>
>> >>>>>>>>>>>>>>>>>
>> >>>>>>>>>>>>>>>>
>> >>>>>>>>>>>>>>>> You need to configure the RewriteValve.
>> >>>>>>>>>>>>>>>> https://tomcat.apache.org/tomcat-10.1-doc/rewrite.html
>> >>>>>>>>>>>>>>>>
>> >>>>>>>>>>>>>>>> Mark
>> >>>>>>>>>>>>>>>>
>> >>>>>>>>>>>>>>>>
>> >>>>>>>>>>>>>>>>
>> ------------------------------------------------------------
>> >>>>>>>>> ---------
>> >>>>>>>>>
>> >>>>>>>>>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>> >>>>>>>>>>>>>>>> For additional commands, e-mail:
>> >>> users-help@tomcat.apache.org
>> >>>>>>>>>>>>>>>>
>> >>>>>>>>>>>>>>>>
>> >>>>>>>>>>>>>>>>
>> >>>>>>>>>>>>>>
>> >>>>>>>>>>>>>
>> >>>>>>>>>>>>> ------------------------------------------------------------
>> >>>>>>> ---------
>> >>>>>>>
>> >>>>>>>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>> >>>>>>>>>>>>> For additional commands, e-mail:
>> users-help@tomcat.apache.org
>> >>>>>>>>>>>>>
>> >>>>>>>>>>>>>
>> >>>>>>>>>>>>>
>> >>>>>>>>>>>>
>> >>>>>>>>>>> ------------------------------------------------------------
>> >>>>>>>>>>> ---------
>> >>>>>>>>>>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>> >>>>>>>>>>> For additional commands, e-mail: users-help@tomcat.apache.org
>> >>>>>>>>>>>
>> >>>>>>>>>>>
>> >>>>>>>>>>>
>> >>>>>>>>>>
>> >>>>>>>>>
>> >>> ---------------------------------------------------------------------
>> >>>>>>>>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>> >>>>>>>>> For additional commands, e-mail: users-help@tomcat.apache.org
>> >>>>>>>>>
>> >>>>>>>>>
>> >>>>>>>>>
>> >>>>>>>>
>> >>>>>>>
>> ---------------------------------------------------------------------
>> >>>>>>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>> >>>>>>> For additional commands, e-mail: users-help@tomcat.apache.org
>> >>>>>>>
>> >>>>>>>
>> >>>>>>>
>> >>>>>>
>> >>>>>
>> ---------------------------------------------------------------------
>> >>>>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>> >>>>> For additional commands, e-mail: users-help@tomcat.apache.org
>> >>>>>
>> >>>>>
>> >>>>
>> >>>
>> >>> ---------------------------------------------------------------------
>> >>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>> >>> For additional commands, e-mail: users-help@tomcat.apache.org
>> >>>
>> >>>
>> >
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>> For additional commands, e-mail: users-help@tomcat.apache.org
>>
>>
Re: Regarding Tomcat url redirection
Posted by lavanya tech <la...@gmail.com>.
Hi Chris,
There is no issues with browser, because I tested with different browsers
and it all works fine. I am sure that there is no issue with the
certificate.
Because I was able to establish successful connections with port 8443, it
just doesnot work with out port
curl https://example.lbg.com/towl
curl: (56) Received HTTP code 504 from proxy after CONNECT
curl: (56) Received HTTP code 504 from proxy after CONNECT
If you want to use port 443 (the default port for HTTPS) then you will
need to change Tomcat to bind to port 443 (if that's allowed on your OS)
or arrange to have port 443 routed to port 8443. You may need additional
configuration in Tomcat (specifically: proxyPort) to avoid having Tomcat
generate URLs with ":8443" in them.
<Connector port="443" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="8443"
maxThreads="150"
scheme="https" secure="true" SSLEnabled="true"
keystoreFile="path_to_your_keystore_file"
keystorePass="your_keystore_password"
keystoreType="PKCS12"
clientAuth="false" sslProtocol="TLS"
proxyPort="443"/>
should i use connect port like the above ? But you mentioned before we
dont need any configuration changes. Please clarify I am not able to figure
this out and I have this issue many days pending. How to make it work with
port 8443 and with out port
Also I wanted to use weburl with alias name permanently instead of the
hostname. How can I achieve both
Thanks,
Lavanya
-->
On Fri, Apr 26, 2024 at 9:28 PM Christopher Schultz <
chris@christopherschultz.net> wrote:
> Lavanya,
>
> On 4/25/24 07:24, lavanya tech wrote:
> > Hi Chris,
> >
> > One question / doubt:
> >
> > As I mentioned earlier, the below URLS already working in the browser
> >> https://server.lbg.com:8443/towl
> >> https://example.lbg.com:8443/towl -> redirect ( which means when I hit
> in
> > browser) it points to https://server.lbg.com:8443/towl ---> To be frank,
> > even I donot need redirect here, not sure why it redirects.
> >
> > My question is why its working even though SAN is not registered with the
> > certificate ? It doesnot even throw warning in the browser.
>
> I'm not sure. Is it possible you have dismissed this error in the past
> and the browser is remembering that? Try this with a different web
> browser or maybe with curl from the command-line to see what happens.
>
> > Why https://server.lbg.com/towl or https://example.lbg.com/towl --> How
> it
> > should work with New SAN certificate ?
>
> You don't need to worry about the port number or application name, only
> the hostname is a part of the SAN.
>
> -chris
>
> > On Thu, Apr 25, 2024 at 10:16 AM lavanya tech <la...@gmail.com>
> > wrote:
> >
> >> Hi Chris,
> >>
> >>
> >> Thanks I will request new certificate with SANs and I will try to fix
> the
> >> things from our end.
> >>
> >> Best Regards,
> >> Lavanya
> >>
> >> On Wed, Apr 24, 2024 at 11:12 PM Christopher Schultz <
> >> chris@christopherschultz.net> wrote:
> >>
> >>> Lavanya,
> >>>
> >>> On 4/24/24 15:39, lavanya tech wrote:
> >>>> Local host means the machine i am logged in to server.lbg.com
> >>>>
> >>>> You are right, example.lbg.com is CNAME record.
> >>>
> >>> Okay, thanks for clearing that up.
> >>>
> >>>> I dont have any SAN configured for the certificate. The certificate is
> >>>> requested for only server.lbg.com
> >>>
> >>> You will never be able to make a secure request to anything other than
> >>> server.lbg.com without seeing an error. I highly recommend adding the
> >>> other hostname as a SAN to your certificate if you really want to
> >>> support this.
> >>>
> >>> Even if you wanted https://example.lbg.com/whatever to return an HTTP
> >>> 302 redirect to https://server.lbg.com/whatever, the user would see a
> >>> certificate hostname mismatch error which is ugly. It's best to make it
> >>> work without users seeing ugly things.
> >>>
> >>>> So if i just request new certificate with SAN it should work ? If
> yes, I
> >>>> will request for it and follow your steps as below suggested.
> >>>
> >>> Yes, it should.
> >>>
> >>>> Should i use CName record or DNS? Does it make difference?
> >>>
> >>> CNAME *is* DNS.
> >>>
> >>> Whenever possible, use hostnames and not IP addresses as SANs. It's
> more
> >>> flexible that way, and users get to see hostnames instead of IP
> addresses.
> >>>
> >>> -chris
> >>>
> >>>> On Wednesday, April 24, 2024, Christopher Schultz <
> >>>> chris@christopherschultz.net> wrote:
> >>>>
> >>>>> Lavanya,
> >>>>>
> >>>>> On 4/24/24 07:37, lavanya tech wrote:
> >>>>>
> >>>>>> Sorry I understood wrongly here with regards to my environment, Let
> me
> >>>>>> start from the beginning. I donot want to use redirect at all. I
> >>> simply
> >>>>>> wanted to force apache tomcat to use both localhost and dns name of
> >>> the
> >>>>>> localhost via url.
> >>>>>>
> >>>>>
> >>>>> When you say "force" what do you mean?
> >>>>>
> >>>>> When you say "use both localhost and DNS name" what do you mean?
> >>>>>
> >>>>> When you say "localhost" do you mean 127.0.0.1 or "the machine I'm
> >>>>> logged-into right now"?
> >>>>>
> >>>>> I have DNS resollution as below.
> >>>>>>
> >>>>>> server.lbg.com --> localhost
> >>>>>>
> >>>>>
> >>>>> Is that a CNAME record?
> >>>>>
> >>>>> nslookup server.lbg.com (localhost)
> >>>>>> Name: server.lbg.com
> >>>>>> Address: 192.168.100.20
> >>>>>> alias: example.lbg.com
> >>>>>>
> >>>>>
> >>>>> That's a weird DNS response. The DNS name "localhost" should *always*
> >>>>> return 127.0.0.1 for IPv4 and ::1 for IPv6. It shouldn't return
> >>>>> 191.168.100.20.
> >>>>>
> >>>>> We have working the below urls working:
> >>>>>> https://server.lbg.com:8443/towl
> >>>>>> https://example.lbg.com:8443/towl --> redirects to
> >>>>>>
> >>>>>
> >>>>> What do you mean "redirect"? Does it return a 30x response that
> causes
> >>> the
> >>>>> browser to make a new request to \/
> >>>>>
> >>>>> https://server.lbg.com:8443/towl --> still works --> we have SSL
> >>>>>> configured for the same but this SSL certificate doesnot have
> >>> additional
> >>>>>> DNS setup.
> >>>>>>
> >>>>>
> >>>>> What SANs are in your certificate? How many certificates do you have?
> >>>>>
> >>>>> But I would need to somehow access https://example.lbg.com -->
> which
> >>>>>> means
> >>>>>> I would need to access via 443 here ?
> >>>>>>
> >>>>>
> >>>>> I'm so confused. What needs to access what?
> >>>>>
> >>>>> I tried to adding the below to server.xml as below, but that doesnot
> >>> seems
> >>>>>> to work.
> >>>>>>
> >>>>>> <Connector port="80"
> >>>>>> protocol="org.apache.coyote.http11.Http11NioProtocol"
> >>>>>> connectionTimeout="20000"
> >>>>>> redirectPort="443" />
> >>>>>>
> >>>>>
> >>>>> This will only redirect (HTTP 302) requests to
> >>> http://yourhost/anything
> >>>>> to https://yourhost/anything *if the application specifically
> requests
> >>>>> CONFIDENTIAL transport*. It doesn't just redirect everything by
> >>> default. If
> >>>>> you want it to redirect everything, you'll need to set that up e.g.
> >>> using
> >>>>> RewriteValve. There are other options, too.
> >>>>>
> >>>>> Do i need additional SSL certificate for the https://example.lbg.com
> >>> to
> >>>>>> make it work ?
> >>>>>>
> >>>>>
> >>>>> If you don't want your browser to complain, you will need at least
> one
> >>> TLS
> >>>>> certificate that contains every Subject Alternative Name (SAN) for
> >>> every
> >>>>> possible hostname you expect to use with this service. You ca do it
> >>> with
> >>>>> multiple certificates as well, but a single cert with multiple SANs
> is
> >>> less
> >>>>> work.
> >>>>>
> >>>>> Do i need to set up an additional web server for this like apache or
> >>> nginx
> >>>>>> for redirecting requests?
> >>>>>>
> >>>>>
> >>>>> No.
> >>>>>
> >>>>> Please stop saying "redirect" because it sounds like you almost never
> >>> mean
> >>>>> "HTTP 30x redirect" and that's confusing everything.
> >>>>>
> >>>>> I *think* you only need the following:
> >>>>>
> >>>>> 1. A TLS certificate with the following SANs:
> >>>>>
> >>>>> * server.lbg.com
> >>>>> * example.lbg.com
> >>>>> * localhost (you shouldn't do this)
> >>>>>
> >>>>> 2. DNS configured for all hostnames:
> >>>>>
> >>>>> * server.lbg.com -> A 192.168.100.20
> >>>>> * example.lgb.com -> A 192.168.100.20
> >>>>>
> >>>>> 3. Tomcat configured with a single <Host> which is the default
> virtual
> >>>>> host. Note that this is the *default Tomcat configuration* and
> doesn't
> >>> need
> >>>>> to be changed from the default.
> >>>>>
> >>>>> 4. Tomcat configured with your certificate like this:
> >>>>>
> >>>>> <Connector ...
> >>>>> SSLEnabled="true">
> >>>>> <SSLHostConfig>
> >>>>> <Certificate
> >>>>> certificateFile="/path/to/your/cert.crt"
> >>>>> certificateKeyFile="/path/to/your/key.pem" />
> >>>>> <!-- You may need certificateKeyPassword in <Certificate>
> -->
> >>>>> </SSLHostConfig>
> >>>>> </Connector>
> >>>>>
> >>>>> If your SANs are configured properly, this should allow you to
> connect
> >>>>> using any of these URLs:
> >>>>>
> >>>>> $ curl https://server.lbg.com/towl/login.jsp
> >>>>>
> >>>>> (returns login page)
> >>>>>
> >>>>> $ curl https://example.lbg.com/towl/login.jsp
> >>>>>
> >>>>> (returns login page)
> >>>>>
> >>>>> If your application's web.xml contains something like this:
> >>>>>
> >>>>> <security-constraint>
> >>>>> <web-resource-collection>
> >>>>> <web-resource-name>theapp</web-resource-name>
> >>>>> <url-pattern>/*</url-pattern>
> >>>>> </web-resource-collection>
> >>>>> <user-data-constraint>
> >>>>> <transport-guarantee>CONFIDENTIAL</transport-guarantee>
> >>>>> </user-data-constraint>
> >>>>> </security-constraint>
> >>>>>
> >>>>> ... then these URLs insecure HTTP URLs should redirect your clients:
> >>>>>
> >>>>> $ curl http://server.lbg.com/towl/login.jsp
> >>>>>
> >>>>> (returns HTTP 302 redirect to
> https://server.lbg.com/towl/login.jsp
> >>> )
> >>>>>
> >>>>> $ curl https://server.lbg.com/towl/login.jsp
> >>>>>
> >>>>> (returns HTTP 302 redirect to
> >>> https://example.lbg.com/towl/login.jsp)
> >>>>>
> >>>>> I don't think you need any use of the RewriteValve unless you want to
> >>>>> handle sending HTTP 302 redirect responses to insecure requests
> without
> >>>>> specifying the CONFIDENTIAL transport-guarantee in your application's
> >>>>> web.xml file. But I don't see any reason NOT to have that in there.
> >>>>>
> >>>>> -chris
> >>>>>
> >>>>> On Tue, Apr 23, 2024 at 10:52 PM Christopher Schultz <
> >>>>>> chris@christopherschultz.net> wrote:
> >>>>>>
> >>>>>> Lavanya,
> >>>>>>>
> >>>>>>> On 4/22/24 05:21, lavanya tech wrote:
> >>>>>>>
> >>>>>>>> Could you please explain, what you exactly mean ? So here redirect
> >>> is
> >>>>>>>>
> >>>>>>> not a
> >>>>>>>
> >>>>>>>> solution right ?
> >>>>>>>>
> >>>>>>>
> >>>>>>> Redirecting is fine.
> >>>>>>>
> >>>>>>> Perhaps you should take a step back and decide: what do you
> actually
> >>>>>>> want, here? You might be trying to solve problem X by applying
> >>> solution
> >>>>>>> Y, and you've already decided that solution Y is correct so you are
> >>>>>>> trying to get help with that.
> >>>>>>>
> >>>>>>> Perhaps ask for help with Problem X?
> >>>>>>>
> >>>>>>> For example, "I don't want users to have to type the name of my
> >>>>>>> application to reach it so I want example.com/ to go to my
> >>> application
> >>>>>>> instead of example.com/myapp/".
> >>>>>>>
> >>>>>>> Or, "I have multiple domains and I want all of them to redirect to
> >>> the
> >>>>>>> canonical domain example.com and to go to me web application
> /myapp
> >>> so
> >>>>>>> everything goes to example.com/myapp/".
> >>>>>>>
> >>>>>>> "You'd have to use a glob/regex if
> >>>>>>>> you wanted to check for [anything and maybe nothing.]example.com
> ."
> >>>>>>>>
> >>>>>>>
> >>>>>>> There is nothing in your configuration or question that suggests
> that
> >>>>>>> the hostname in the request is relevant, but you are making it a
> >>>>>>> *requirement* that the request contains a specific Host header. IF
> >>> you
> >>>>>>> don't actually need that, why do you have it?
> >>>>>>>
> >>>>>>> -chris
> >>>>>>>
> >>>>>>> On Fri, Apr 19, 2024 at 3:03 PM Christopher Schultz <
> >>>>>>>> chris@christopherschultz.net> wrote:
> >>>>>>>>
> >>>>>>>> Ammu,
> >>>>>>>>>
> >>>>>>>>> On 4/19/24 08:32, lavanya tech wrote:
> >>>>>>>>>
> >>>>>>>>>> Thank you very much. I removed <Host> for example.com as well
> as
> >>>>>>>>>>
> >>>>>>>>> adding
> >>>>>>>
> >>>>>>>> an
> >>>>>>>>>
> >>>>>>>>>> <Alias> in server.xml
> >>>>>>>>>> I copied context.xml file
> >>>>>>>>>> /git/app/apache-tomcat-10.1.11/webapps/towl/META-INF/context.xml
> >>>>>>>>>> Removed < in rewrite.config files.
> >>>>>>>>>>
> >>>>>>>>>> But still I dont redirect the URL.
> >>>>>>>>>>
> >>>>>>>>>
> >>>>>>>>> If you have <Context> in server.xml and also your application in
> >>> the
> >>>>>>>>> webapps/ directory, then you will be double-deploying your
> >>> application.
> >>>>>>>>>
> >>>>>>>>> Re-name /git/app/apache-tomcat-10.1.11/webapps/towl/ to be
> >>>>>>>>> /git/app/apache-tomcat-10.1.11/webapps/ROOT (the capitals are
> >>>>>>>>> important)
> >>>>>>>>> and remove the <Context> element from your server.xml.
> >>>>>>>>>
> >>>>>>>>> Then start your server and read the logs.
> >>>>>>>>>
> >>>>>>>>> *nslookup alias.example.com <http://alias.example.com>
> >>>>>>>>>> gives-->Non-authoritative answer:Name: www.example.com
> >>>>>>>>>> <http://www.example.com>Address: 192.168.200.10Aliases:
> >>>>>>>>>>
> >>>>>>>>> alias.example.com
> >>>>>>>>>
> >>>>>>>>>> <http://alias.example.com>*
> >>>>>>>>>>
> >>>>>>>>>>
> >>>>>>>>>> Just to give some information here, *www.example.com
> >>>>>>>>>> <http://www.example.com>* has alias* "alias.example.com
> >>>>>>>>>> <http://alias.example.com>"*
> >>>>>>>>>> But https://www.example.com:7777/example --> works fine with
> out
> >>>>>>>>>>
> >>>>>>>>> issues
> >>>>>>>
> >>>>>>>> but
> >>>>>>>>>
> >>>>>>>>>> the alias doesnot works (https://alias.example.com)
> >>>>>>>>>> So i am not sure if the redirect url helps or if its correct
> >>>>>>>>>>
> >>>>>>>>>
> >>>>>>>>> Your rewrite configuration says that you have to be using host
> >>>>>>>>> "example.com" but your request goes to www.example.com. Your
> >>>>>>>>> configuration should only redirect a request such as:
> >>>>>>>>>
> >>>>>>>>> $ curl -v http://example.com:7777/something
> >>>>>>>>>
> >>>>>>>>> HTTP/1.1 301 Moved Permanently
> >>>>>>>>> ...
> >>>>>>>>> Location: https://www.example.com:7777/example
> >>>>>>>>>
> >>>>>>>>> If you make a request like:
> >>>>>>>>>
> >>>>>>>>> $ curl -v http://www.example.com:7777/something
> >>>>>>>>>
> >>>>>>>>> I wouldn't expect a redirect because of your "host" condition.
> The
> >>>>>>>>> "%{HTTP_HOST} example.com" looks at the entire Host header and
> not
> >>>>>>>>> just
> >>>>>>>>> anything that ends in "example.com". You'd have to use a
> >>> glob/regex if
> >>>>>>>>> you wanted to check for [anything and maybe nothing.]example.com
> .
> >>>>>>>>>
> >>>>>>>>> You'd also have to make sure that your application is serving
> >>> responses
> >>>>>>>>> to requests to / which is why I'm recommending you use the ROOT
> web
> >>>>>>>>> application name instead of "towl".
> >>>>>>>>>
> >>>>>>>>> -chris
> >>>>>>>>>
> >>>>>>>>> On Fri, Apr 19, 2024 at 1:21 PM Christopher Schultz <
> >>>>>>>>>> chris@christopherschultz.net> wrote:
> >>>>>>>>>>
> >>>>>>>>>> Ammu,
> >>>>>>>>>>>
> >>>>>>>>>>> On 4/18/24 09:34, lavanya tech wrote:
> >>>>>>>>>>>
> >>>>>>>>>>>> I am attaching server.xml and context.xml and rewrite.config
> >>> files.
> >>>>>>>>>>>> The paths are
> >>>>>>>>>>>>
> >>>>>>>>>>>> /git/app/apache-tomcat-10.1.11/webapps/towl/context.xml
> >>>>>>>>>>>> <Context>
> >>>>>>>>>>>> <Valve
> >>>>>>>>>>>>
> >>>>>>>>>>> className="org.apache.catalina.valves.rewrite.RewriteValve"
> >>>>>>>>>
> >>>>>>>>>> />
> >>>>>>>>>>>
> >>>>>>>>>>>> <!-- Other context configuration -->
> >>>>>>>>>>>> </Context>
> >>>>>>>>>>>>
> >>>>>>>>>>>
> >>>>>>>>>>> This file ^^^ is in the wrong place. It should be in
> >>>>>>>>>>>
> /git/app/apache-tomcat-10.1.11/webapps/towl/META-INF/context.xml
> >>>>>>>>>>>
> >>>>>>>>>>>
> >>> /git/app/apache-tomcat-10.1.11/webapps/towl/WEB-INF/rewrite.config
> >>>>>>>>>>>>
> >>>>>>>>>>>> <RewriteCond %{HTTP_HOST} example.com [NC]
> >>>>>>>>>>>> <RewriteRule ^/(.*)$ https://www.example.com:7777/example
> >>> [R=301,L]
> >>>>>>>>>>>>
> >>>>>>>>>>>
> >>>>>>>>>>> Why do you have < symbols at the beginning of these lines?
> >>>>>>>>>>>
> >>>>>>>>>>> server.xml
> >>>>>>>>>>>>
> >>>>>>>>>>>> > [...]
> >>>>>>>>>>>
> >>>>>>>>>>>>
> >>>>>>>>>>>> <Host name="example.com" appBase="webapps"
> >>>>>>>>>>>>
> >>>>>>>>>>> unpackWARs="true"
> >>>>>>>
> >>>>>>>> autoDeploy="true">
> >>>>>>>>>>>> <Context path="" docBase="towl" />
> >>>>>>>>>>>>
> >>>>>>>>>>>
> >>>>>>>>>>> It's best not to define any <Context> in server.xml. I would
> >>> remove
> >>>>>>>>>>>
> >>>>>>>>>> this
> >>>>>>>
> >>>>>>>> <Context> entirely and allow Tomcat to auto-reploy from your
> >>>>>>>>>>> webapps/towl directory. If you need this application to be
> >>> deployed
> >>>>>>>>>>> as
> >>>>>>>>>>> the ROOT context (on / and not /towl) then you should re-name
> >>>>>>>>>>> /git/app/apache-tomcat-10.1.11/webapps/towl to
> >>>>>>>>>>> /git/app/apache-tomcat-10.1.11/webapps/ROOT
> >>>>>>>>>>>
> >>>>>>>>>>> You also don't need a <Host> for example.com as well as adding
> >>> an
> >>>>>>>>>>> <Alias> for the same domain (though this is probably to
> >>> anonymize the
> >>>>>>>>>>> configuration). You can feel free to simply use the "localhost"
> >>>>>>>>>>> <Host>
> >>>>>>>>>>> as the default <Host> and deploy everything into it. This makes
> >>> your
> >>>>>>>>>>> configuration changes relative to a stock Tomcat less
> >>> significant and
> >>>>>>>>>>> easier to apply to new versions if/when necessary.
> >>>>>>>>>>>
> >>>>>>>>>>> -chris
> >>>>>>>>>>>
> >>>>>>>>>>> On Thu, Apr 18, 2024 at 2:17 PM Christopher Schultz <
> >>>>>>>>>>>> chris@christopherschultz.net> wrote:
> >>>>>>>>>>>>
> >>>>>>>>>>>> Ammu,
> >>>>>>>>>>>>>
> >>>>>>>>>>>>> On 4/18/24 07:45, lavanya tech wrote:
> >>>>>>>>>>>>>
> >>>>>>>>>>>>>> I added classname rewrite valeus in contex.xml file .
> >>>>>>>>>>>>>>
> >>>>>>>>>>>>>> <!-- REWRITE VALVE -->
> >>>>>>>>>>>>>> <Valve
> >>>>>>>>>>>>>>
> >>>>>>>>>>>>> className="org.apache.catalina.valves.rewrite.RewriteValve"
> >>>>>>>>>>>
> >>>>>>>>>>>> />
> >>>>>>>>>>>>>
> >>>>>>>>>>>>>> <!-- // -->
> >>>>>>>>>>>>>>
> >>>>>>>>>>>>>> created rewrite.config so both of them is located under
> conf
> >>>>>>>>>>>>>> under
> >>>>>>>>>>>>>> apache-tomcat.
> >>>>>>>>>>>>>>
> >>>>>>>>>>>>>>
> >>>>>>>>>>>>>> <RewriteCond %{HTTP_HOST}
> >>> example.com
> >>>>>>>>>>>>>> [NC]
> >>>>>>>>>>>>>> <RewriteRule ^/(.*)$
> >>>>>>>>>>>>>> https://www.example.com:7777/example [R=301,L]
> >>>>>>>>>>>>>>
> >>>>>>>>>>>>>> So according to the documentaion they say context.xml should
> >>> be
> >>>>>>>>>>>>>>
> >>>>>>>>>>>>> placed
> >>>>>>>>>
> >>>>>>>>>> under webapps and rewrite.config file should be put in WEB-INF
> >>>>>>>>>>>>>>
> >>>>>>>>>>>>> folder
> >>>>>>>
> >>>>>>>> of
> >>>>>>>>>>>
> >>>>>>>>>>>> apache-tomcat . I placed and restarted tomcat webserver but
> >>> still
> >>>>>>>>>>>>>>
> >>>>>>>>>>>>> it
> >>>>>>>
> >>>>>>>> doesnot redirect.
> >>>>>>>>>>>>>>
> >>>>>>>>>>>>>
> >>>>>>>>>>>>> Can you give full paths to both server.xml and
> rewrite.config,
> >>>>>>>>>>>>>
> >>>>>>>>>>>> re-post
> >>>>>>>
> >>>>>>>> your current server.xml <Context> element, and the complete
> contents
> >>>>>>>>>>>>>
> >>>>>>>>>>>> of
> >>>>>>>>>
> >>>>>>>>>> rewrite.config?
> >>>>>>>>>>>>>
> >>>>>>>>>>>>> Have you looked at the log files after start?
> >>>>>>>>>>>>>
> >>>>>>>>>>>>> -chris
> >>>>>>>>>>>>>
> >>>>>>>>>>>>> On Thu, Apr 18, 2024 at 1:36 PM lavanya tech <
> >>>>>>>>>>>>>>
> >>>>>>>>>>>>> lavanyatech440@gmail.com
> >>>>>>>>>
> >>>>>>>>>>
> >>>>>>>>>>>> wrote:
> >>>>>>>>>>>>>>
> >>>>>>>>>>>>>> Hi Thomas,
> >>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>> Thanks for the fast response.
> >>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>> I added classname rewrite valeus in contex.xml file .
> >>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>> <!-- REWRITE VALVE -->
> >>>>>>>>>>>>>>> <Valve
> >>>>>>>>>>>>>>>
> >>>>>>>>>>>>>> className="org.apache.catalina.valves.rewrite.RewriteValve"
> >>>>>>>>>>>
> >>>>>>>>>>>> />
> >>>>>>>>>>>>>
> >>>>>>>>>>>>>> <!-- // -->
> >>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>> created rewrite.config so both of them is located under
> conf
> >>>>>>>>>>>>>>>
> >>>>>>>>>>>>>> under
> >>>>>>>
> >>>>>>>> apache-tomcat.
> >>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>> So according to the documentaion they say context.xml
> should
> >>> be
> >>>>>>>>>>>>>>>
> >>>>>>>>>>>>>> placed
> >>>>>>>>>
> >>>>>>>>>> under webapps and rewrite.config file should be put in WEB-INF
> >>>>>>>>>>>>>>>
> >>>>>>>>>>>>>> folder
> >>>>>>>>>
> >>>>>>>>>> of
> >>>>>>>>>>>
> >>>>>>>>>>>> apache-tomcat
> >>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>> Thnks,
> >>>>>>>>>>>>>>> Ammu
> >>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>> On Thu, Apr 18, 2024 at 1:22 PM Mark Thomas <
> >>> markt@apache.org>
> >>>>>>>>>>>>>>>
> >>>>>>>>>>>>>> wrote:
> >>>>>>>>>
> >>>>>>>>>>
> >>>>>>>>>>>>>>> On 18/04/2024 12:05, lavanya tech wrote:
> >>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>> Hi Team,
> >>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>> I am using "Tomcat 10.1" in our environment and I wanted
> to
> >>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>> redirect
> >>>>>>>>>
> >>>>>>>>>> url
> >>>>>>>>>>>>>
> >>>>>>>>>>>>>> from https://example.com to https://www.servercom:7777 and
> >>> for
> >>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>> this i
> >>>>>>>>>>>
> >>>>>>>>>>>> modified the server.xml as below in tomcat config, and the
> below
> >>>>>>>>>>>>>>>>> configuration doesnot seems to work. Does anyone has
> ideas.
> >>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>> Please
> >>>>>>>
> >>>>>>>> suggest.
> >>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>> The url alone https://www.servercom:7777/ already works.
> >>> But
> >>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>> just
> >>>>>>>
> >>>>>>>> redirection from the old to one doesnot.
> >>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>> <Host name="example.com" appBase="app" unpackWARs="true"
> >>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>> autoDeploy="true">
> >>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>> <Context path="" docBase="example" />
> >>>>>>>>>>>>>>>>> <Alias>example.com</Alias>
> >>>>>>>>>>>>>>>>> <!-- Add RewriteValve and RewriteRule here
> -->
> >>>>>>>>>>>>>>>>> <Valve
> >>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>
> >>> className="org.apache.catalina.valves.rewrite.RewriteValve"/>
> >>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>> <Engine name="Catalina"
> defaultHost="localhost">
> >>>>>>>>>>>>>>>>> <Host name="example.com" appBase="app"
> >>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>> unpackWARs="true"
> >>>>>>>>>
> >>>>>>>>>> autoDeploy="true">
> >>>>>>>>>>>>>>>>> <Context path="" docBase="example" />
> >>>>>>>>>>>>>>>>> <Alias>example.com</Alias>
> >>>>>>>>>>>>>>>>> <Valve
> >>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>
> >>> className="org.apache.catalina.valves.rewrite.RewriteValve"/>
> >>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>> <Engine name="Catalina"
> >>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>> defaultHost="localhost">
> >>>>>>>
> >>>>>>>> <Host name="example.com" appBase="app"
> >>>>>>>>>>>>>>>>> unpackWARs="true" autoDeploy="true">
> >>>>>>>>>>>>>>>>> <Context path=""
> >>> docBase="example" />
> >>>>>>>>>>>>>>>>> <Alias>example.com</Alias>
> >>>>>>>>>>>>>>>>> <!-- Rewrite rule to
> redirect to
> >>>>>>>>>>>>>>>>> www.servercom:8080/example -->
> >>>>>>>>>>>>>>>>> <RewriteCond %{HTTP_HOST}
> >>>>>>>>>>>>>>>>> example\.com
> >>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>> [NC]
> >>>>>>>>>
> >>>>>>>>>> <RewriteRule ^/(.*)$
> >>>>>>>>>>>>>>>>> https://www.servercom:7777/example/$1 [R=301,L]
> >>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>> 1. That isn't valid XML.
> >>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>> 2. Where in the Tomcat docs does it say you can nest
> >>> re-write
> >>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>> rules
> >>>>>>>
> >>>>>>>> in
> >>>>>>>>>>>
> >>>>>>>>>>>> a
> >>>>>>>>>>>>>
> >>>>>>>>>>>>>> Host element (or any other element)?
> >>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>> </Host>
> >>>>>>>>>>>>>>>>> </Engine>
> >>>>>>>>>>>>>>>>> </Host>
> >>>>>>>>>>>>>>>>> </Engine>
> >>>>>>>>>>>>>>>>> </Host>
> >>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>> You need to configure the RewriteValve.
> >>>>>>>>>>>>>>>> https://tomcat.apache.org/tomcat-10.1-doc/rewrite.html
> >>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>> Mark
> >>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>
> ------------------------------------------------------------
> >>>>>>>>> ---------
> >>>>>>>>>
> >>>>>>>>>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> >>>>>>>>>>>>>>>> For additional commands, e-mail:
> >>> users-help@tomcat.apache.org
> >>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>
> >>>>>>>>>>>>>
> >>>>>>>>>>>>> ------------------------------------------------------------
> >>>>>>> ---------
> >>>>>>>
> >>>>>>>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> >>>>>>>>>>>>> For additional commands, e-mail:
> users-help@tomcat.apache.org
> >>>>>>>>>>>>>
> >>>>>>>>>>>>>
> >>>>>>>>>>>>>
> >>>>>>>>>>>>
> >>>>>>>>>>> ------------------------------------------------------------
> >>>>>>>>>>> ---------
> >>>>>>>>>>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> >>>>>>>>>>> For additional commands, e-mail: users-help@tomcat.apache.org
> >>>>>>>>>>>
> >>>>>>>>>>>
> >>>>>>>>>>>
> >>>>>>>>>>
> >>>>>>>>>
> >>> ---------------------------------------------------------------------
> >>>>>>>>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> >>>>>>>>> For additional commands, e-mail: users-help@tomcat.apache.org
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>
> >>>>>>>
> ---------------------------------------------------------------------
> >>>>>>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> >>>>>>> For additional commands, e-mail: users-help@tomcat.apache.org
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>
> >>>>> ---------------------------------------------------------------------
> >>>>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> >>>>> For additional commands, e-mail: users-help@tomcat.apache.org
> >>>>>
> >>>>>
> >>>>
> >>>
> >>> ---------------------------------------------------------------------
> >>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> >>> For additional commands, e-mail: users-help@tomcat.apache.org
> >>>
> >>>
> >
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>
Re: Regarding Tomcat url redirection
Posted by Christopher Schultz <ch...@christopherschultz.net>.
Lavanya,
On 4/25/24 07:24, lavanya tech wrote:
> Hi Chris,
>
> One question / doubt:
>
> As I mentioned earlier, the below URLS already working in the browser
>> https://server.lbg.com:8443/towl
>> https://example.lbg.com:8443/towl -> redirect ( which means when I hit in
> browser) it points to https://server.lbg.com:8443/towl ---> To be frank,
> even I donot need redirect here, not sure why it redirects.
>
> My question is why its working even though SAN is not registered with the
> certificate ? It doesnot even throw warning in the browser.
I'm not sure. Is it possible you have dismissed this error in the past
and the browser is remembering that? Try this with a different web
browser or maybe with curl from the command-line to see what happens.
> Why https://server.lbg.com/towl or https://example.lbg.com/towl --> How it
> should work with New SAN certificate ?
You don't need to worry about the port number or application name, only
the hostname is a part of the SAN.
-chris
> On Thu, Apr 25, 2024 at 10:16 AM lavanya tech <la...@gmail.com>
> wrote:
>
>> Hi Chris,
>>
>>
>> Thanks I will request new certificate with SANs and I will try to fix the
>> things from our end.
>>
>> Best Regards,
>> Lavanya
>>
>> On Wed, Apr 24, 2024 at 11:12 PM Christopher Schultz <
>> chris@christopherschultz.net> wrote:
>>
>>> Lavanya,
>>>
>>> On 4/24/24 15:39, lavanya tech wrote:
>>>> Local host means the machine i am logged in to server.lbg.com
>>>>
>>>> You are right, example.lbg.com is CNAME record.
>>>
>>> Okay, thanks for clearing that up.
>>>
>>>> I dont have any SAN configured for the certificate. The certificate is
>>>> requested for only server.lbg.com
>>>
>>> You will never be able to make a secure request to anything other than
>>> server.lbg.com without seeing an error. I highly recommend adding the
>>> other hostname as a SAN to your certificate if you really want to
>>> support this.
>>>
>>> Even if you wanted https://example.lbg.com/whatever to return an HTTP
>>> 302 redirect to https://server.lbg.com/whatever, the user would see a
>>> certificate hostname mismatch error which is ugly. It's best to make it
>>> work without users seeing ugly things.
>>>
>>>> So if i just request new certificate with SAN it should work ? If yes, I
>>>> will request for it and follow your steps as below suggested.
>>>
>>> Yes, it should.
>>>
>>>> Should i use CName record or DNS? Does it make difference?
>>>
>>> CNAME *is* DNS.
>>>
>>> Whenever possible, use hostnames and not IP addresses as SANs. It's more
>>> flexible that way, and users get to see hostnames instead of IP addresses.
>>>
>>> -chris
>>>
>>>> On Wednesday, April 24, 2024, Christopher Schultz <
>>>> chris@christopherschultz.net> wrote:
>>>>
>>>>> Lavanya,
>>>>>
>>>>> On 4/24/24 07:37, lavanya tech wrote:
>>>>>
>>>>>> Sorry I understood wrongly here with regards to my environment, Let me
>>>>>> start from the beginning. I donot want to use redirect at all. I
>>> simply
>>>>>> wanted to force apache tomcat to use both localhost and dns name of
>>> the
>>>>>> localhost via url.
>>>>>>
>>>>>
>>>>> When you say "force" what do you mean?
>>>>>
>>>>> When you say "use both localhost and DNS name" what do you mean?
>>>>>
>>>>> When you say "localhost" do you mean 127.0.0.1 or "the machine I'm
>>>>> logged-into right now"?
>>>>>
>>>>> I have DNS resollution as below.
>>>>>>
>>>>>> server.lbg.com --> localhost
>>>>>>
>>>>>
>>>>> Is that a CNAME record?
>>>>>
>>>>> nslookup server.lbg.com (localhost)
>>>>>> Name: server.lbg.com
>>>>>> Address: 192.168.100.20
>>>>>> alias: example.lbg.com
>>>>>>
>>>>>
>>>>> That's a weird DNS response. The DNS name "localhost" should *always*
>>>>> return 127.0.0.1 for IPv4 and ::1 for IPv6. It shouldn't return
>>>>> 191.168.100.20.
>>>>>
>>>>> We have working the below urls working:
>>>>>> https://server.lbg.com:8443/towl
>>>>>> https://example.lbg.com:8443/towl --> redirects to
>>>>>>
>>>>>
>>>>> What do you mean "redirect"? Does it return a 30x response that causes
>>> the
>>>>> browser to make a new request to \/
>>>>>
>>>>> https://server.lbg.com:8443/towl --> still works --> we have SSL
>>>>>> configured for the same but this SSL certificate doesnot have
>>> additional
>>>>>> DNS setup.
>>>>>>
>>>>>
>>>>> What SANs are in your certificate? How many certificates do you have?
>>>>>
>>>>> But I would need to somehow access https://example.lbg.com --> which
>>>>>> means
>>>>>> I would need to access via 443 here ?
>>>>>>
>>>>>
>>>>> I'm so confused. What needs to access what?
>>>>>
>>>>> I tried to adding the below to server.xml as below, but that doesnot
>>> seems
>>>>>> to work.
>>>>>>
>>>>>> <Connector port="80"
>>>>>> protocol="org.apache.coyote.http11.Http11NioProtocol"
>>>>>> connectionTimeout="20000"
>>>>>> redirectPort="443" />
>>>>>>
>>>>>
>>>>> This will only redirect (HTTP 302) requests to
>>> http://yourhost/anything
>>>>> to https://yourhost/anything *if the application specifically requests
>>>>> CONFIDENTIAL transport*. It doesn't just redirect everything by
>>> default. If
>>>>> you want it to redirect everything, you'll need to set that up e.g.
>>> using
>>>>> RewriteValve. There are other options, too.
>>>>>
>>>>> Do i need additional SSL certificate for the https://example.lbg.com
>>> to
>>>>>> make it work ?
>>>>>>
>>>>>
>>>>> If you don't want your browser to complain, you will need at least one
>>> TLS
>>>>> certificate that contains every Subject Alternative Name (SAN) for
>>> every
>>>>> possible hostname you expect to use with this service. You ca do it
>>> with
>>>>> multiple certificates as well, but a single cert with multiple SANs is
>>> less
>>>>> work.
>>>>>
>>>>> Do i need to set up an additional web server for this like apache or
>>> nginx
>>>>>> for redirecting requests?
>>>>>>
>>>>>
>>>>> No.
>>>>>
>>>>> Please stop saying "redirect" because it sounds like you almost never
>>> mean
>>>>> "HTTP 30x redirect" and that's confusing everything.
>>>>>
>>>>> I *think* you only need the following:
>>>>>
>>>>> 1. A TLS certificate with the following SANs:
>>>>>
>>>>> * server.lbg.com
>>>>> * example.lbg.com
>>>>> * localhost (you shouldn't do this)
>>>>>
>>>>> 2. DNS configured for all hostnames:
>>>>>
>>>>> * server.lbg.com -> A 192.168.100.20
>>>>> * example.lgb.com -> A 192.168.100.20
>>>>>
>>>>> 3. Tomcat configured with a single <Host> which is the default virtual
>>>>> host. Note that this is the *default Tomcat configuration* and doesn't
>>> need
>>>>> to be changed from the default.
>>>>>
>>>>> 4. Tomcat configured with your certificate like this:
>>>>>
>>>>> <Connector ...
>>>>> SSLEnabled="true">
>>>>> <SSLHostConfig>
>>>>> <Certificate
>>>>> certificateFile="/path/to/your/cert.crt"
>>>>> certificateKeyFile="/path/to/your/key.pem" />
>>>>> <!-- You may need certificateKeyPassword in <Certificate> -->
>>>>> </SSLHostConfig>
>>>>> </Connector>
>>>>>
>>>>> If your SANs are configured properly, this should allow you to connect
>>>>> using any of these URLs:
>>>>>
>>>>> $ curl https://server.lbg.com/towl/login.jsp
>>>>>
>>>>> (returns login page)
>>>>>
>>>>> $ curl https://example.lbg.com/towl/login.jsp
>>>>>
>>>>> (returns login page)
>>>>>
>>>>> If your application's web.xml contains something like this:
>>>>>
>>>>> <security-constraint>
>>>>> <web-resource-collection>
>>>>> <web-resource-name>theapp</web-resource-name>
>>>>> <url-pattern>/*</url-pattern>
>>>>> </web-resource-collection>
>>>>> <user-data-constraint>
>>>>> <transport-guarantee>CONFIDENTIAL</transport-guarantee>
>>>>> </user-data-constraint>
>>>>> </security-constraint>
>>>>>
>>>>> ... then these URLs insecure HTTP URLs should redirect your clients:
>>>>>
>>>>> $ curl http://server.lbg.com/towl/login.jsp
>>>>>
>>>>> (returns HTTP 302 redirect to https://server.lbg.com/towl/login.jsp
>>> )
>>>>>
>>>>> $ curl https://server.lbg.com/towl/login.jsp
>>>>>
>>>>> (returns HTTP 302 redirect to
>>> https://example.lbg.com/towl/login.jsp)
>>>>>
>>>>> I don't think you need any use of the RewriteValve unless you want to
>>>>> handle sending HTTP 302 redirect responses to insecure requests without
>>>>> specifying the CONFIDENTIAL transport-guarantee in your application's
>>>>> web.xml file. But I don't see any reason NOT to have that in there.
>>>>>
>>>>> -chris
>>>>>
>>>>> On Tue, Apr 23, 2024 at 10:52 PM Christopher Schultz <
>>>>>> chris@christopherschultz.net> wrote:
>>>>>>
>>>>>> Lavanya,
>>>>>>>
>>>>>>> On 4/22/24 05:21, lavanya tech wrote:
>>>>>>>
>>>>>>>> Could you please explain, what you exactly mean ? So here redirect
>>> is
>>>>>>>>
>>>>>>> not a
>>>>>>>
>>>>>>>> solution right ?
>>>>>>>>
>>>>>>>
>>>>>>> Redirecting is fine.
>>>>>>>
>>>>>>> Perhaps you should take a step back and decide: what do you actually
>>>>>>> want, here? You might be trying to solve problem X by applying
>>> solution
>>>>>>> Y, and you've already decided that solution Y is correct so you are
>>>>>>> trying to get help with that.
>>>>>>>
>>>>>>> Perhaps ask for help with Problem X?
>>>>>>>
>>>>>>> For example, "I don't want users to have to type the name of my
>>>>>>> application to reach it so I want example.com/ to go to my
>>> application
>>>>>>> instead of example.com/myapp/".
>>>>>>>
>>>>>>> Or, "I have multiple domains and I want all of them to redirect to
>>> the
>>>>>>> canonical domain example.com and to go to me web application /myapp
>>> so
>>>>>>> everything goes to example.com/myapp/".
>>>>>>>
>>>>>>> "You'd have to use a glob/regex if
>>>>>>>> you wanted to check for [anything and maybe nothing.]example.com."
>>>>>>>>
>>>>>>>
>>>>>>> There is nothing in your configuration or question that suggests that
>>>>>>> the hostname in the request is relevant, but you are making it a
>>>>>>> *requirement* that the request contains a specific Host header. IF
>>> you
>>>>>>> don't actually need that, why do you have it?
>>>>>>>
>>>>>>> -chris
>>>>>>>
>>>>>>> On Fri, Apr 19, 2024 at 3:03 PM Christopher Schultz <
>>>>>>>> chris@christopherschultz.net> wrote:
>>>>>>>>
>>>>>>>> Ammu,
>>>>>>>>>
>>>>>>>>> On 4/19/24 08:32, lavanya tech wrote:
>>>>>>>>>
>>>>>>>>>> Thank you very much. I removed <Host> for example.com as well as
>>>>>>>>>>
>>>>>>>>> adding
>>>>>>>
>>>>>>>> an
>>>>>>>>>
>>>>>>>>>> <Alias> in server.xml
>>>>>>>>>> I copied context.xml file
>>>>>>>>>> /git/app/apache-tomcat-10.1.11/webapps/towl/META-INF/context.xml
>>>>>>>>>> Removed < in rewrite.config files.
>>>>>>>>>>
>>>>>>>>>> But still I dont redirect the URL.
>>>>>>>>>>
>>>>>>>>>
>>>>>>>>> If you have <Context> in server.xml and also your application in
>>> the
>>>>>>>>> webapps/ directory, then you will be double-deploying your
>>> application.
>>>>>>>>>
>>>>>>>>> Re-name /git/app/apache-tomcat-10.1.11/webapps/towl/ to be
>>>>>>>>> /git/app/apache-tomcat-10.1.11/webapps/ROOT (the capitals are
>>>>>>>>> important)
>>>>>>>>> and remove the <Context> element from your server.xml.
>>>>>>>>>
>>>>>>>>> Then start your server and read the logs.
>>>>>>>>>
>>>>>>>>> *nslookup alias.example.com <http://alias.example.com>
>>>>>>>>>> gives-->Non-authoritative answer:Name: www.example.com
>>>>>>>>>> <http://www.example.com>Address: 192.168.200.10Aliases:
>>>>>>>>>>
>>>>>>>>> alias.example.com
>>>>>>>>>
>>>>>>>>>> <http://alias.example.com>*
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> Just to give some information here, *www.example.com
>>>>>>>>>> <http://www.example.com>* has alias* "alias.example.com
>>>>>>>>>> <http://alias.example.com>"*
>>>>>>>>>> But https://www.example.com:7777/example --> works fine with out
>>>>>>>>>>
>>>>>>>>> issues
>>>>>>>
>>>>>>>> but
>>>>>>>>>
>>>>>>>>>> the alias doesnot works (https://alias.example.com)
>>>>>>>>>> So i am not sure if the redirect url helps or if its correct
>>>>>>>>>>
>>>>>>>>>
>>>>>>>>> Your rewrite configuration says that you have to be using host
>>>>>>>>> "example.com" but your request goes to www.example.com. Your
>>>>>>>>> configuration should only redirect a request such as:
>>>>>>>>>
>>>>>>>>> $ curl -v http://example.com:7777/something
>>>>>>>>>
>>>>>>>>> HTTP/1.1 301 Moved Permanently
>>>>>>>>> ...
>>>>>>>>> Location: https://www.example.com:7777/example
>>>>>>>>>
>>>>>>>>> If you make a request like:
>>>>>>>>>
>>>>>>>>> $ curl -v http://www.example.com:7777/something
>>>>>>>>>
>>>>>>>>> I wouldn't expect a redirect because of your "host" condition. The
>>>>>>>>> "%{HTTP_HOST} example.com" looks at the entire Host header and not
>>>>>>>>> just
>>>>>>>>> anything that ends in "example.com". You'd have to use a
>>> glob/regex if
>>>>>>>>> you wanted to check for [anything and maybe nothing.]example.com.
>>>>>>>>>
>>>>>>>>> You'd also have to make sure that your application is serving
>>> responses
>>>>>>>>> to requests to / which is why I'm recommending you use the ROOT web
>>>>>>>>> application name instead of "towl".
>>>>>>>>>
>>>>>>>>> -chris
>>>>>>>>>
>>>>>>>>> On Fri, Apr 19, 2024 at 1:21 PM Christopher Schultz <
>>>>>>>>>> chris@christopherschultz.net> wrote:
>>>>>>>>>>
>>>>>>>>>> Ammu,
>>>>>>>>>>>
>>>>>>>>>>> On 4/18/24 09:34, lavanya tech wrote:
>>>>>>>>>>>
>>>>>>>>>>>> I am attaching server.xml and context.xml and rewrite.config
>>> files.
>>>>>>>>>>>> The paths are
>>>>>>>>>>>>
>>>>>>>>>>>> /git/app/apache-tomcat-10.1.11/webapps/towl/context.xml
>>>>>>>>>>>> <Context>
>>>>>>>>>>>> <Valve
>>>>>>>>>>>>
>>>>>>>>>>> className="org.apache.catalina.valves.rewrite.RewriteValve"
>>>>>>>>>
>>>>>>>>>> />
>>>>>>>>>>>
>>>>>>>>>>>> <!-- Other context configuration -->
>>>>>>>>>>>> </Context>
>>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> This file ^^^ is in the wrong place. It should be in
>>>>>>>>>>> /git/app/apache-tomcat-10.1.11/webapps/towl/META-INF/context.xml
>>>>>>>>>>>
>>>>>>>>>>>
>>> /git/app/apache-tomcat-10.1.11/webapps/towl/WEB-INF/rewrite.config
>>>>>>>>>>>>
>>>>>>>>>>>> <RewriteCond %{HTTP_HOST} example.com [NC]
>>>>>>>>>>>> <RewriteRule ^/(.*)$ https://www.example.com:7777/example
>>> [R=301,L]
>>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> Why do you have < symbols at the beginning of these lines?
>>>>>>>>>>>
>>>>>>>>>>> server.xml
>>>>>>>>>>>>
>>>>>>>>>>>> > [...]
>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>> <Host name="example.com" appBase="webapps"
>>>>>>>>>>>>
>>>>>>>>>>> unpackWARs="true"
>>>>>>>
>>>>>>>> autoDeploy="true">
>>>>>>>>>>>> <Context path="" docBase="towl" />
>>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> It's best not to define any <Context> in server.xml. I would
>>> remove
>>>>>>>>>>>
>>>>>>>>>> this
>>>>>>>
>>>>>>>> <Context> entirely and allow Tomcat to auto-reploy from your
>>>>>>>>>>> webapps/towl directory. If you need this application to be
>>> deployed
>>>>>>>>>>> as
>>>>>>>>>>> the ROOT context (on / and not /towl) then you should re-name
>>>>>>>>>>> /git/app/apache-tomcat-10.1.11/webapps/towl to
>>>>>>>>>>> /git/app/apache-tomcat-10.1.11/webapps/ROOT
>>>>>>>>>>>
>>>>>>>>>>> You also don't need a <Host> for example.com as well as adding
>>> an
>>>>>>>>>>> <Alias> for the same domain (though this is probably to
>>> anonymize the
>>>>>>>>>>> configuration). You can feel free to simply use the "localhost"
>>>>>>>>>>> <Host>
>>>>>>>>>>> as the default <Host> and deploy everything into it. This makes
>>> your
>>>>>>>>>>> configuration changes relative to a stock Tomcat less
>>> significant and
>>>>>>>>>>> easier to apply to new versions if/when necessary.
>>>>>>>>>>>
>>>>>>>>>>> -chris
>>>>>>>>>>>
>>>>>>>>>>> On Thu, Apr 18, 2024 at 2:17 PM Christopher Schultz <
>>>>>>>>>>>> chris@christopherschultz.net> wrote:
>>>>>>>>>>>>
>>>>>>>>>>>> Ammu,
>>>>>>>>>>>>>
>>>>>>>>>>>>> On 4/18/24 07:45, lavanya tech wrote:
>>>>>>>>>>>>>
>>>>>>>>>>>>>> I added classname rewrite valeus in contex.xml file .
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> <!-- REWRITE VALVE -->
>>>>>>>>>>>>>> <Valve
>>>>>>>>>>>>>>
>>>>>>>>>>>>> className="org.apache.catalina.valves.rewrite.RewriteValve"
>>>>>>>>>>>
>>>>>>>>>>>> />
>>>>>>>>>>>>>
>>>>>>>>>>>>>> <!-- // -->
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> created rewrite.config so both of them is located under conf
>>>>>>>>>>>>>> under
>>>>>>>>>>>>>> apache-tomcat.
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> <RewriteCond %{HTTP_HOST}
>>> example.com
>>>>>>>>>>>>>> [NC]
>>>>>>>>>>>>>> <RewriteRule ^/(.*)$
>>>>>>>>>>>>>> https://www.example.com:7777/example [R=301,L]
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> So according to the documentaion they say context.xml should
>>> be
>>>>>>>>>>>>>>
>>>>>>>>>>>>> placed
>>>>>>>>>
>>>>>>>>>> under webapps and rewrite.config file should be put in WEB-INF
>>>>>>>>>>>>>>
>>>>>>>>>>>>> folder
>>>>>>>
>>>>>>>> of
>>>>>>>>>>>
>>>>>>>>>>>> apache-tomcat . I placed and restarted tomcat webserver but
>>> still
>>>>>>>>>>>>>>
>>>>>>>>>>>>> it
>>>>>>>
>>>>>>>> doesnot redirect.
>>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>> Can you give full paths to both server.xml and rewrite.config,
>>>>>>>>>>>>>
>>>>>>>>>>>> re-post
>>>>>>>
>>>>>>>> your current server.xml <Context> element, and the complete contents
>>>>>>>>>>>>>
>>>>>>>>>>>> of
>>>>>>>>>
>>>>>>>>>> rewrite.config?
>>>>>>>>>>>>>
>>>>>>>>>>>>> Have you looked at the log files after start?
>>>>>>>>>>>>>
>>>>>>>>>>>>> -chris
>>>>>>>>>>>>>
>>>>>>>>>>>>> On Thu, Apr 18, 2024 at 1:36 PM lavanya tech <
>>>>>>>>>>>>>>
>>>>>>>>>>>>> lavanyatech440@gmail.com
>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>>> wrote:
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> Hi Thomas,
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> Thanks for the fast response.
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> I added classname rewrite valeus in contex.xml file .
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> <!-- REWRITE VALVE -->
>>>>>>>>>>>>>>> <Valve
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>> className="org.apache.catalina.valves.rewrite.RewriteValve"
>>>>>>>>>>>
>>>>>>>>>>>> />
>>>>>>>>>>>>>
>>>>>>>>>>>>>> <!-- // -->
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> created rewrite.config so both of them is located under conf
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>> under
>>>>>>>
>>>>>>>> apache-tomcat.
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> So according to the documentaion they say context.xml should
>>> be
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>> placed
>>>>>>>>>
>>>>>>>>>> under webapps and rewrite.config file should be put in WEB-INF
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>> folder
>>>>>>>>>
>>>>>>>>>> of
>>>>>>>>>>>
>>>>>>>>>>>> apache-tomcat
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> Thnks,
>>>>>>>>>>>>>>> Ammu
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> On Thu, Apr 18, 2024 at 1:22 PM Mark Thomas <
>>> markt@apache.org>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>> wrote:
>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>>>>>> On 18/04/2024 12:05, lavanya tech wrote:
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> Hi Team,
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> I am using "Tomcat 10.1" in our environment and I wanted to
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> redirect
>>>>>>>>>
>>>>>>>>>> url
>>>>>>>>>>>>>
>>>>>>>>>>>>>> from https://example.com to https://www.servercom:7777 and
>>> for
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> this i
>>>>>>>>>>>
>>>>>>>>>>>> modified the server.xml as below in tomcat config, and the below
>>>>>>>>>>>>>>>>> configuration doesnot seems to work. Does anyone has ideas.
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> Please
>>>>>>>
>>>>>>>> suggest.
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> The url alone https://www.servercom:7777/ already works.
>>> But
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> just
>>>>>>>
>>>>>>>> redirection from the old to one doesnot.
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> <Host name="example.com" appBase="app" unpackWARs="true"
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> autoDeploy="true">
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> <Context path="" docBase="example" />
>>>>>>>>>>>>>>>>> <Alias>example.com</Alias>
>>>>>>>>>>>>>>>>> <!-- Add RewriteValve and RewriteRule here -->
>>>>>>>>>>>>>>>>> <Valve
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>
>>> className="org.apache.catalina.valves.rewrite.RewriteValve"/>
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> <Engine name="Catalina" defaultHost="localhost">
>>>>>>>>>>>>>>>>> <Host name="example.com" appBase="app"
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> unpackWARs="true"
>>>>>>>>>
>>>>>>>>>> autoDeploy="true">
>>>>>>>>>>>>>>>>> <Context path="" docBase="example" />
>>>>>>>>>>>>>>>>> <Alias>example.com</Alias>
>>>>>>>>>>>>>>>>> <Valve
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>
>>> className="org.apache.catalina.valves.rewrite.RewriteValve"/>
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> <Engine name="Catalina"
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> defaultHost="localhost">
>>>>>>>
>>>>>>>> <Host name="example.com" appBase="app"
>>>>>>>>>>>>>>>>> unpackWARs="true" autoDeploy="true">
>>>>>>>>>>>>>>>>> <Context path=""
>>> docBase="example" />
>>>>>>>>>>>>>>>>> <Alias>example.com</Alias>
>>>>>>>>>>>>>>>>> <!-- Rewrite rule to redirect to
>>>>>>>>>>>>>>>>> www.servercom:8080/example -->
>>>>>>>>>>>>>>>>> <RewriteCond %{HTTP_HOST}
>>>>>>>>>>>>>>>>> example\.com
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> [NC]
>>>>>>>>>
>>>>>>>>>> <RewriteRule ^/(.*)$
>>>>>>>>>>>>>>>>> https://www.servercom:7777/example/$1 [R=301,L]
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> 1. That isn't valid XML.
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> 2. Where in the Tomcat docs does it say you can nest
>>> re-write
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> rules
>>>>>>>
>>>>>>>> in
>>>>>>>>>>>
>>>>>>>>>>>> a
>>>>>>>>>>>>>
>>>>>>>>>>>>>> Host element (or any other element)?
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> </Host>
>>>>>>>>>>>>>>>>> </Engine>
>>>>>>>>>>>>>>>>> </Host>
>>>>>>>>>>>>>>>>> </Engine>
>>>>>>>>>>>>>>>>> </Host>
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> You need to configure the RewriteValve.
>>>>>>>>>>>>>>>> https://tomcat.apache.org/tomcat-10.1-doc/rewrite.html
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> Mark
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> ------------------------------------------------------------
>>>>>>>>> ---------
>>>>>>>>>
>>>>>>>>>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>>>>>>>>>>>>>>>> For additional commands, e-mail:
>>> users-help@tomcat.apache.org
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>> ------------------------------------------------------------
>>>>>>> ---------
>>>>>>>
>>>>>>>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>>>>>>>>>>>>> For additional commands, e-mail: users-help@tomcat.apache.org
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>> ------------------------------------------------------------
>>>>>>>>>>> ---------
>>>>>>>>>>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>>>>>>>>>>> For additional commands, e-mail: users-help@tomcat.apache.org
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>
>>> ---------------------------------------------------------------------
>>>>>>>>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>>>>>>>>> For additional commands, e-mail: users-help@tomcat.apache.org
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>
>>>>>>> ---------------------------------------------------------------------
>>>>>>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>>>>>>> For additional commands, e-mail: users-help@tomcat.apache.org
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>
>>>>> ---------------------------------------------------------------------
>>>>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>>>>> For additional commands, e-mail: users-help@tomcat.apache.org
>>>>>
>>>>>
>>>>
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>>> For additional commands, e-mail: users-help@tomcat.apache.org
>>>
>>>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Regarding Tomcat url redirection
Posted by lavanya tech <la...@gmail.com>.
Hi
I have updated the certificate now, but still I cannot access url
https://example.lbg.com/towl either https://server.lbg.com/towl ?
I wonder why its working with port 8443 and not with out port
On Thu, Apr 25, 2024 at 1:24 PM lavanya tech <la...@gmail.com>
wrote:
> Hi Chris,
>
> One question / doubt:
>
> As I mentioned earlier, the below URLS already working in the browser
> > https://server.lbg.com:8443/towl
> > https://example.lbg.com:8443/towl -> redirect ( which means when I hit
> in browser) it points to https://server.lbg.com:8443/towl ---> To be
> frank, even I donot need redirect here, not sure why it redirects.
>
> My question is why its working even though SAN is not registered with the
> certificate ? It doesnot even throw warning in the browser.
>
> Why https://server.lbg.com/towl or https://example.lbg.com/towl --> How
> it should work with New SAN certificate ?
>
> Thanks,
> Lavanya
>
>
>
> On Thu, Apr 25, 2024 at 10:16 AM lavanya tech <la...@gmail.com>
> wrote:
>
>> Hi Chris,
>>
>>
>> Thanks I will request new certificate with SANs and I will try to fix the
>> things from our end.
>>
>> Best Regards,
>> Lavanya
>>
>> On Wed, Apr 24, 2024 at 11:12 PM Christopher Schultz <
>> chris@christopherschultz.net> wrote:
>>
>>> Lavanya,
>>>
>>> On 4/24/24 15:39, lavanya tech wrote:
>>> > Local host means the machine i am logged in to server.lbg.com
>>> >
>>> > You are right, example.lbg.com is CNAME record.
>>>
>>> Okay, thanks for clearing that up.
>>>
>>> > I dont have any SAN configured for the certificate. The certificate is
>>> > requested for only server.lbg.com
>>>
>>> You will never be able to make a secure request to anything other than
>>> server.lbg.com without seeing an error. I highly recommend adding the
>>> other hostname as a SAN to your certificate if you really want to
>>> support this.
>>>
>>> Even if you wanted https://example.lbg.com/whatever to return an HTTP
>>> 302 redirect to https://server.lbg.com/whatever, the user would see a
>>> certificate hostname mismatch error which is ugly. It's best to make it
>>> work without users seeing ugly things.
>>>
>>> > So if i just request new certificate with SAN it should work ? If yes,
>>> I
>>> > will request for it and follow your steps as below suggested.
>>>
>>> Yes, it should.
>>>
>>> > Should i use CName record or DNS? Does it make difference?
>>>
>>> CNAME *is* DNS.
>>>
>>> Whenever possible, use hostnames and not IP addresses as SANs. It's more
>>> flexible that way, and users get to see hostnames instead of IP
>>> addresses.
>>>
>>> -chris
>>>
>>> > On Wednesday, April 24, 2024, Christopher Schultz <
>>> > chris@christopherschultz.net> wrote:
>>> >
>>> >> Lavanya,
>>> >>
>>> >> On 4/24/24 07:37, lavanya tech wrote:
>>> >>
>>> >>> Sorry I understood wrongly here with regards to my environment, Let
>>> me
>>> >>> start from the beginning. I donot want to use redirect at all. I
>>> simply
>>> >>> wanted to force apache tomcat to use both localhost and dns name of
>>> the
>>> >>> localhost via url.
>>> >>>
>>> >>
>>> >> When you say "force" what do you mean?
>>> >>
>>> >> When you say "use both localhost and DNS name" what do you mean?
>>> >>
>>> >> When you say "localhost" do you mean 127.0.0.1 or "the machine I'm
>>> >> logged-into right now"?
>>> >>
>>> >> I have DNS resollution as below.
>>> >>>
>>> >>> server.lbg.com --> localhost
>>> >>>
>>> >>
>>> >> Is that a CNAME record?
>>> >>
>>> >> nslookup server.lbg.com (localhost)
>>> >>> Name: server.lbg.com
>>> >>> Address: 192.168.100.20
>>> >>> alias: example.lbg.com
>>> >>>
>>> >>
>>> >> That's a weird DNS response. The DNS name "localhost" should *always*
>>> >> return 127.0.0.1 for IPv4 and ::1 for IPv6. It shouldn't return
>>> >> 191.168.100.20.
>>> >>
>>> >> We have working the below urls working:
>>> >>> https://server.lbg.com:8443/towl
>>> >>> https://example.lbg.com:8443/towl --> redirects to
>>> >>>
>>> >>
>>> >> What do you mean "redirect"? Does it return a 30x response that
>>> causes the
>>> >> browser to make a new request to \/
>>> >>
>>> >> https://server.lbg.com:8443/towl --> still works --> we have SSL
>>> >>> configured for the same but this SSL certificate doesnot have
>>> additional
>>> >>> DNS setup.
>>> >>>
>>> >>
>>> >> What SANs are in your certificate? How many certificates do you have?
>>> >>
>>> >> But I would need to somehow access https://example.lbg.com --> which
>>> >>> means
>>> >>> I would need to access via 443 here ?
>>> >>>
>>> >>
>>> >> I'm so confused. What needs to access what?
>>> >>
>>> >> I tried to adding the below to server.xml as below, but that doesnot
>>> seems
>>> >>> to work.
>>> >>>
>>> >>> <Connector port="80"
>>> >>> protocol="org.apache.coyote.http11.Http11NioProtocol"
>>> >>> connectionTimeout="20000"
>>> >>> redirectPort="443" />
>>> >>>
>>> >>
>>> >> This will only redirect (HTTP 302) requests to
>>> http://yourhost/anything
>>> >> to https://yourhost/anything *if the application specifically
>>> requests
>>> >> CONFIDENTIAL transport*. It doesn't just redirect everything by
>>> default. If
>>> >> you want it to redirect everything, you'll need to set that up e.g.
>>> using
>>> >> RewriteValve. There are other options, too.
>>> >>
>>> >> Do i need additional SSL certificate for the https://example.lbg.com
>>> to
>>> >>> make it work ?
>>> >>>
>>> >>
>>> >> If you don't want your browser to complain, you will need at least
>>> one TLS
>>> >> certificate that contains every Subject Alternative Name (SAN) for
>>> every
>>> >> possible hostname you expect to use with this service. You ca do it
>>> with
>>> >> multiple certificates as well, but a single cert with multiple SANs
>>> is less
>>> >> work.
>>> >>
>>> >> Do i need to set up an additional web server for this like apache or
>>> nginx
>>> >>> for redirecting requests?
>>> >>>
>>> >>
>>> >> No.
>>> >>
>>> >> Please stop saying "redirect" because it sounds like you almost never
>>> mean
>>> >> "HTTP 30x redirect" and that's confusing everything.
>>> >>
>>> >> I *think* you only need the following:
>>> >>
>>> >> 1. A TLS certificate with the following SANs:
>>> >>
>>> >> * server.lbg.com
>>> >> * example.lbg.com
>>> >> * localhost (you shouldn't do this)
>>> >>
>>> >> 2. DNS configured for all hostnames:
>>> >>
>>> >> * server.lbg.com -> A 192.168.100.20
>>> >> * example.lgb.com -> A 192.168.100.20
>>> >>
>>> >> 3. Tomcat configured with a single <Host> which is the default virtual
>>> >> host. Note that this is the *default Tomcat configuration* and
>>> doesn't need
>>> >> to be changed from the default.
>>> >>
>>> >> 4. Tomcat configured with your certificate like this:
>>> >>
>>> >> <Connector ...
>>> >> SSLEnabled="true">
>>> >> <SSLHostConfig>
>>> >> <Certificate
>>> >> certificateFile="/path/to/your/cert.crt"
>>> >> certificateKeyFile="/path/to/your/key.pem" />
>>> >> <!-- You may need certificateKeyPassword in <Certificate> -->
>>> >> </SSLHostConfig>
>>> >> </Connector>
>>> >>
>>> >> If your SANs are configured properly, this should allow you to connect
>>> >> using any of these URLs:
>>> >>
>>> >> $ curl https://server.lbg.com/towl/login.jsp
>>> >>
>>> >> (returns login page)
>>> >>
>>> >> $ curl https://example.lbg.com/towl/login.jsp
>>> >>
>>> >> (returns login page)
>>> >>
>>> >> If your application's web.xml contains something like this:
>>> >>
>>> >> <security-constraint>
>>> >> <web-resource-collection>
>>> >> <web-resource-name>theapp</web-resource-name>
>>> >> <url-pattern>/*</url-pattern>
>>> >> </web-resource-collection>
>>> >> <user-data-constraint>
>>> >> <transport-guarantee>CONFIDENTIAL</transport-guarantee>
>>> >> </user-data-constraint>
>>> >> </security-constraint>
>>> >>
>>> >> ... then these URLs insecure HTTP URLs should redirect your clients:
>>> >>
>>> >> $ curl http://server.lbg.com/towl/login.jsp
>>> >>
>>> >> (returns HTTP 302 redirect to
>>> https://server.lbg.com/towl/login.jsp)
>>> >>
>>> >> $ curl https://server.lbg.com/towl/login.jsp
>>> >>
>>> >> (returns HTTP 302 redirect to
>>> https://example.lbg.com/towl/login.jsp)
>>> >>
>>> >> I don't think you need any use of the RewriteValve unless you want to
>>> >> handle sending HTTP 302 redirect responses to insecure requests
>>> without
>>> >> specifying the CONFIDENTIAL transport-guarantee in your application's
>>> >> web.xml file. But I don't see any reason NOT to have that in there.
>>> >>
>>> >> -chris
>>> >>
>>> >> On Tue, Apr 23, 2024 at 10:52 PM Christopher Schultz <
>>> >>> chris@christopherschultz.net> wrote:
>>> >>>
>>> >>> Lavanya,
>>> >>>>
>>> >>>> On 4/22/24 05:21, lavanya tech wrote:
>>> >>>>
>>> >>>>> Could you please explain, what you exactly mean ? So here redirect
>>> is
>>> >>>>>
>>> >>>> not a
>>> >>>>
>>> >>>>> solution right ?
>>> >>>>>
>>> >>>>
>>> >>>> Redirecting is fine.
>>> >>>>
>>> >>>> Perhaps you should take a step back and decide: what do you actually
>>> >>>> want, here? You might be trying to solve problem X by applying
>>> solution
>>> >>>> Y, and you've already decided that solution Y is correct so you are
>>> >>>> trying to get help with that.
>>> >>>>
>>> >>>> Perhaps ask for help with Problem X?
>>> >>>>
>>> >>>> For example, "I don't want users to have to type the name of my
>>> >>>> application to reach it so I want example.com/ to go to my
>>> application
>>> >>>> instead of example.com/myapp/".
>>> >>>>
>>> >>>> Or, "I have multiple domains and I want all of them to redirect to
>>> the
>>> >>>> canonical domain example.com and to go to me web application
>>> /myapp so
>>> >>>> everything goes to example.com/myapp/".
>>> >>>>
>>> >>>> "You'd have to use a glob/regex if
>>> >>>>> you wanted to check for [anything and maybe nothing.]example.com."
>>> >>>>>
>>> >>>>
>>> >>>> There is nothing in your configuration or question that suggests
>>> that
>>> >>>> the hostname in the request is relevant, but you are making it a
>>> >>>> *requirement* that the request contains a specific Host header. IF
>>> you
>>> >>>> don't actually need that, why do you have it?
>>> >>>>
>>> >>>> -chris
>>> >>>>
>>> >>>> On Fri, Apr 19, 2024 at 3:03 PM Christopher Schultz <
>>> >>>>> chris@christopherschultz.net> wrote:
>>> >>>>>
>>> >>>>> Ammu,
>>> >>>>>>
>>> >>>>>> On 4/19/24 08:32, lavanya tech wrote:
>>> >>>>>>
>>> >>>>>>> Thank you very much. I removed <Host> for example.com as well as
>>> >>>>>>>
>>> >>>>>> adding
>>> >>>>
>>> >>>>> an
>>> >>>>>>
>>> >>>>>>> <Alias> in server.xml
>>> >>>>>>> I copied context.xml file
>>> >>>>>>> /git/app/apache-tomcat-10.1.11/webapps/towl/META-INF/context.xml
>>> >>>>>>> Removed < in rewrite.config files.
>>> >>>>>>>
>>> >>>>>>> But still I dont redirect the URL.
>>> >>>>>>>
>>> >>>>>>
>>> >>>>>> If you have <Context> in server.xml and also your application in
>>> the
>>> >>>>>> webapps/ directory, then you will be double-deploying your
>>> application.
>>> >>>>>>
>>> >>>>>> Re-name /git/app/apache-tomcat-10.1.11/webapps/towl/ to be
>>> >>>>>> /git/app/apache-tomcat-10.1.11/webapps/ROOT (the capitals are
>>> >>>>>> important)
>>> >>>>>> and remove the <Context> element from your server.xml.
>>> >>>>>>
>>> >>>>>> Then start your server and read the logs.
>>> >>>>>>
>>> >>>>>> *nslookup alias.example.com <http://alias.example.com>
>>> >>>>>>> gives-->Non-authoritative answer:Name: www.example.com
>>> >>>>>>> <http://www.example.com>Address: 192.168.200.10Aliases:
>>> >>>>>>>
>>> >>>>>> alias.example.com
>>> >>>>>>
>>> >>>>>>> <http://alias.example.com>*
>>> >>>>>>>
>>> >>>>>>>
>>> >>>>>>> Just to give some information here, *www.example.com
>>> >>>>>>> <http://www.example.com>* has alias* "alias.example.com
>>> >>>>>>> <http://alias.example.com>"*
>>> >>>>>>> But https://www.example.com:7777/example --> works fine with out
>>> >>>>>>>
>>> >>>>>> issues
>>> >>>>
>>> >>>>> but
>>> >>>>>>
>>> >>>>>>> the alias doesnot works (https://alias.example.com)
>>> >>>>>>> So i am not sure if the redirect url helps or if its correct
>>> >>>>>>>
>>> >>>>>>
>>> >>>>>> Your rewrite configuration says that you have to be using host
>>> >>>>>> "example.com" but your request goes to www.example.com. Your
>>> >>>>>> configuration should only redirect a request such as:
>>> >>>>>>
>>> >>>>>> $ curl -v http://example.com:7777/something
>>> >>>>>>
>>> >>>>>> HTTP/1.1 301 Moved Permanently
>>> >>>>>> ...
>>> >>>>>> Location: https://www.example.com:7777/example
>>> >>>>>>
>>> >>>>>> If you make a request like:
>>> >>>>>>
>>> >>>>>> $ curl -v http://www.example.com:7777/something
>>> >>>>>>
>>> >>>>>> I wouldn't expect a redirect because of your "host" condition. The
>>> >>>>>> "%{HTTP_HOST} example.com" looks at the entire Host header and
>>> not
>>> >>>>>> just
>>> >>>>>> anything that ends in "example.com". You'd have to use a
>>> glob/regex if
>>> >>>>>> you wanted to check for [anything and maybe nothing.]example.com.
>>> >>>>>>
>>> >>>>>> You'd also have to make sure that your application is serving
>>> responses
>>> >>>>>> to requests to / which is why I'm recommending you use the ROOT
>>> web
>>> >>>>>> application name instead of "towl".
>>> >>>>>>
>>> >>>>>> -chris
>>> >>>>>>
>>> >>>>>> On Fri, Apr 19, 2024 at 1:21 PM Christopher Schultz <
>>> >>>>>>> chris@christopherschultz.net> wrote:
>>> >>>>>>>
>>> >>>>>>> Ammu,
>>> >>>>>>>>
>>> >>>>>>>> On 4/18/24 09:34, lavanya tech wrote:
>>> >>>>>>>>
>>> >>>>>>>>> I am attaching server.xml and context.xml and rewrite.config
>>> files.
>>> >>>>>>>>> The paths are
>>> >>>>>>>>>
>>> >>>>>>>>> /git/app/apache-tomcat-10.1.11/webapps/towl/context.xml
>>> >>>>>>>>> <Context>
>>> >>>>>>>>> <Valve
>>> >>>>>>>>>
>>> >>>>>>>> className="org.apache.catalina.valves.rewrite.RewriteValve"
>>> >>>>>>
>>> >>>>>>> />
>>> >>>>>>>>
>>> >>>>>>>>> <!-- Other context configuration -->
>>> >>>>>>>>> </Context>
>>> >>>>>>>>>
>>> >>>>>>>>
>>> >>>>>>>> This file ^^^ is in the wrong place. It should be in
>>> >>>>>>>> /git/app/apache-tomcat-10.1.11/webapps/towl/META-INF/context.xml
>>> >>>>>>>>
>>> >>>>>>>>
>>> /git/app/apache-tomcat-10.1.11/webapps/towl/WEB-INF/rewrite.config
>>> >>>>>>>>>
>>> >>>>>>>>> <RewriteCond %{HTTP_HOST} example.com [NC]
>>> >>>>>>>>> <RewriteRule ^/(.*)$ https://www.example.com:7777/example
>>> [R=301,L]
>>> >>>>>>>>>
>>> >>>>>>>>
>>> >>>>>>>> Why do you have < symbols at the beginning of these lines?
>>> >>>>>>>>
>>> >>>>>>>> server.xml
>>> >>>>>>>>>
>>> >>>>>>>>> > [...]
>>> >>>>>>>>
>>> >>>>>>>>>
>>> >>>>>>>>> <Host name="example.com" appBase="webapps"
>>> >>>>>>>>>
>>> >>>>>>>> unpackWARs="true"
>>> >>>>
>>> >>>>> autoDeploy="true">
>>> >>>>>>>>> <Context path="" docBase="towl" />
>>> >>>>>>>>>
>>> >>>>>>>>
>>> >>>>>>>> It's best not to define any <Context> in server.xml. I would
>>> remove
>>> >>>>>>>>
>>> >>>>>>> this
>>> >>>>
>>> >>>>> <Context> entirely and allow Tomcat to auto-reploy from your
>>> >>>>>>>> webapps/towl directory. If you need this application to be
>>> deployed
>>> >>>>>>>> as
>>> >>>>>>>> the ROOT context (on / and not /towl) then you should re-name
>>> >>>>>>>> /git/app/apache-tomcat-10.1.11/webapps/towl to
>>> >>>>>>>> /git/app/apache-tomcat-10.1.11/webapps/ROOT
>>> >>>>>>>>
>>> >>>>>>>> You also don't need a <Host> for example.com as well as adding
>>> an
>>> >>>>>>>> <Alias> for the same domain (though this is probably to
>>> anonymize the
>>> >>>>>>>> configuration). You can feel free to simply use the "localhost"
>>> >>>>>>>> <Host>
>>> >>>>>>>> as the default <Host> and deploy everything into it. This makes
>>> your
>>> >>>>>>>> configuration changes relative to a stock Tomcat less
>>> significant and
>>> >>>>>>>> easier to apply to new versions if/when necessary.
>>> >>>>>>>>
>>> >>>>>>>> -chris
>>> >>>>>>>>
>>> >>>>>>>> On Thu, Apr 18, 2024 at 2:17 PM Christopher Schultz <
>>> >>>>>>>>> chris@christopherschultz.net> wrote:
>>> >>>>>>>>>
>>> >>>>>>>>> Ammu,
>>> >>>>>>>>>>
>>> >>>>>>>>>> On 4/18/24 07:45, lavanya tech wrote:
>>> >>>>>>>>>>
>>> >>>>>>>>>>> I added classname rewrite valeus in contex.xml file .
>>> >>>>>>>>>>>
>>> >>>>>>>>>>> <!-- REWRITE VALVE -->
>>> >>>>>>>>>>> <Valve
>>> >>>>>>>>>>>
>>> >>>>>>>>>> className="org.apache.catalina.valves.rewrite.RewriteValve"
>>> >>>>>>>>
>>> >>>>>>>>> />
>>> >>>>>>>>>>
>>> >>>>>>>>>>> <!-- // -->
>>> >>>>>>>>>>>
>>> >>>>>>>>>>> created rewrite.config so both of them is located under conf
>>> >>>>>>>>>>> under
>>> >>>>>>>>>>> apache-tomcat.
>>> >>>>>>>>>>>
>>> >>>>>>>>>>>
>>> >>>>>>>>>>> <RewriteCond %{HTTP_HOST}
>>> example.com
>>> >>>>>>>>>>> [NC]
>>> >>>>>>>>>>> <RewriteRule ^/(.*)$
>>> >>>>>>>>>>> https://www.example.com:7777/example [R=301,L]
>>> >>>>>>>>>>>
>>> >>>>>>>>>>> So according to the documentaion they say context.xml should
>>> be
>>> >>>>>>>>>>>
>>> >>>>>>>>>> placed
>>> >>>>>>
>>> >>>>>>> under webapps and rewrite.config file should be put in WEB-INF
>>> >>>>>>>>>>>
>>> >>>>>>>>>> folder
>>> >>>>
>>> >>>>> of
>>> >>>>>>>>
>>> >>>>>>>>> apache-tomcat . I placed and restarted tomcat webserver but
>>> still
>>> >>>>>>>>>>>
>>> >>>>>>>>>> it
>>> >>>>
>>> >>>>> doesnot redirect.
>>> >>>>>>>>>>>
>>> >>>>>>>>>>
>>> >>>>>>>>>> Can you give full paths to both server.xml and rewrite.config,
>>> >>>>>>>>>>
>>> >>>>>>>>> re-post
>>> >>>>
>>> >>>>> your current server.xml <Context> element, and the complete
>>> contents
>>> >>>>>>>>>>
>>> >>>>>>>>> of
>>> >>>>>>
>>> >>>>>>> rewrite.config?
>>> >>>>>>>>>>
>>> >>>>>>>>>> Have you looked at the log files after start?
>>> >>>>>>>>>>
>>> >>>>>>>>>> -chris
>>> >>>>>>>>>>
>>> >>>>>>>>>> On Thu, Apr 18, 2024 at 1:36 PM lavanya tech <
>>> >>>>>>>>>>>
>>> >>>>>>>>>> lavanyatech440@gmail.com
>>> >>>>>>
>>> >>>>>>>
>>> >>>>>>>>> wrote:
>>> >>>>>>>>>>>
>>> >>>>>>>>>>> Hi Thomas,
>>> >>>>>>>>>>>>
>>> >>>>>>>>>>>> Thanks for the fast response.
>>> >>>>>>>>>>>>
>>> >>>>>>>>>>>> I added classname rewrite valeus in contex.xml file .
>>> >>>>>>>>>>>>
>>> >>>>>>>>>>>> <!-- REWRITE VALVE -->
>>> >>>>>>>>>>>> <Valve
>>> >>>>>>>>>>>>
>>> >>>>>>>>>>> className="org.apache.catalina.valves.rewrite.RewriteValve"
>>> >>>>>>>>
>>> >>>>>>>>> />
>>> >>>>>>>>>>
>>> >>>>>>>>>>> <!-- // -->
>>> >>>>>>>>>>>>
>>> >>>>>>>>>>>> created rewrite.config so both of them is located under
>>> conf
>>> >>>>>>>>>>>>
>>> >>>>>>>>>>> under
>>> >>>>
>>> >>>>> apache-tomcat.
>>> >>>>>>>>>>>>
>>> >>>>>>>>>>>> So according to the documentaion they say context.xml
>>> should be
>>> >>>>>>>>>>>>
>>> >>>>>>>>>>> placed
>>> >>>>>>
>>> >>>>>>> under webapps and rewrite.config file should be put in WEB-INF
>>> >>>>>>>>>>>>
>>> >>>>>>>>>>> folder
>>> >>>>>>
>>> >>>>>>> of
>>> >>>>>>>>
>>> >>>>>>>>> apache-tomcat
>>> >>>>>>>>>>>>
>>> >>>>>>>>>>>> Thnks,
>>> >>>>>>>>>>>> Ammu
>>> >>>>>>>>>>>>
>>> >>>>>>>>>>>>
>>> >>>>>>>>>>>>
>>> >>>>>>>>>>>> On Thu, Apr 18, 2024 at 1:22 PM Mark Thomas <
>>> markt@apache.org>
>>> >>>>>>>>>>>>
>>> >>>>>>>>>>> wrote:
>>> >>>>>>
>>> >>>>>>>
>>> >>>>>>>>>>>> On 18/04/2024 12:05, lavanya tech wrote:
>>> >>>>>>>>>>>>>
>>> >>>>>>>>>>>>>> Hi Team,
>>> >>>>>>>>>>>>>>
>>> >>>>>>>>>>>>>> I am using "Tomcat 10.1" in our environment and I wanted
>>> to
>>> >>>>>>>>>>>>>>
>>> >>>>>>>>>>>>> redirect
>>> >>>>>>
>>> >>>>>>> url
>>> >>>>>>>>>>
>>> >>>>>>>>>>> from https://example.com to https://www.servercom:7777 and
>>> for
>>> >>>>>>>>>>>>>>
>>> >>>>>>>>>>>>> this i
>>> >>>>>>>>
>>> >>>>>>>>> modified the server.xml as below in tomcat config, and the
>>> below
>>> >>>>>>>>>>>>>> configuration doesnot seems to work. Does anyone has
>>> ideas.
>>> >>>>>>>>>>>>>>
>>> >>>>>>>>>>>>> Please
>>> >>>>
>>> >>>>> suggest.
>>> >>>>>>>>>>>>>
>>> >>>>>>>>>>>>>> The url alone https://www.servercom:7777/ already works.
>>> But
>>> >>>>>>>>>>>>>>
>>> >>>>>>>>>>>>> just
>>> >>>>
>>> >>>>> redirection from the old to one doesnot.
>>> >>>>>>>>>>>>>>
>>> >>>>>>>>>>>>>> <Host name="example.com" appBase="app" unpackWARs="true"
>>> >>>>>>>>>>>>>>
>>> >>>>>>>>>>>>> autoDeploy="true">
>>> >>>>>>>>>>>>>
>>> >>>>>>>>>>>>>> <Context path="" docBase="example" />
>>> >>>>>>>>>>>>>> <Alias>example.com</Alias>
>>> >>>>>>>>>>>>>> <!-- Add RewriteValve and RewriteRule here -->
>>> >>>>>>>>>>>>>> <Valve
>>> >>>>>>>>>>>>>>
>>> >>>>>>>>>>>>>
>>> className="org.apache.catalina.valves.rewrite.RewriteValve"/>
>>> >>>>>>>>>>>>>
>>> >>>>>>>>>>>>>> <Engine name="Catalina"
>>> defaultHost="localhost">
>>> >>>>>>>>>>>>>> <Host name="example.com" appBase="app"
>>> >>>>>>>>>>>>>>
>>> >>>>>>>>>>>>> unpackWARs="true"
>>> >>>>>>
>>> >>>>>>> autoDeploy="true">
>>> >>>>>>>>>>>>>> <Context path="" docBase="example" />
>>> >>>>>>>>>>>>>> <Alias>example.com</Alias>
>>> >>>>>>>>>>>>>> <Valve
>>> >>>>>>>>>>>>>>
>>> >>>>>>>>>>>>>
>>> className="org.apache.catalina.valves.rewrite.RewriteValve"/>
>>> >>>>>>>>>>>>>
>>> >>>>>>>>>>>>>> <Engine name="Catalina"
>>> >>>>>>>>>>>>>>
>>> >>>>>>>>>>>>> defaultHost="localhost">
>>> >>>>
>>> >>>>> <Host name="example.com" appBase="app"
>>> >>>>>>>>>>>>>> unpackWARs="true" autoDeploy="true">
>>> >>>>>>>>>>>>>> <Context path=""
>>> docBase="example" />
>>> >>>>>>>>>>>>>> <Alias>example.com</Alias>
>>> >>>>>>>>>>>>>> <!-- Rewrite rule to redirect
>>> to
>>> >>>>>>>>>>>>>> www.servercom:8080/example -->
>>> >>>>>>>>>>>>>> <RewriteCond %{HTTP_HOST}
>>> >>>>>>>>>>>>>> example\.com
>>> >>>>>>>>>>>>>>
>>> >>>>>>>>>>>>> [NC]
>>> >>>>>>
>>> >>>>>>> <RewriteRule ^/(.*)$
>>> >>>>>>>>>>>>>> https://www.servercom:7777/example/$1 [R=301,L]
>>> >>>>>>>>>>>>>>
>>> >>>>>>>>>>>>>
>>> >>>>>>>>>>>>> 1. That isn't valid XML.
>>> >>>>>>>>>>>>>
>>> >>>>>>>>>>>>> 2. Where in the Tomcat docs does it say you can nest
>>> re-write
>>> >>>>>>>>>>>>>
>>> >>>>>>>>>>>> rules
>>> >>>>
>>> >>>>> in
>>> >>>>>>>>
>>> >>>>>>>>> a
>>> >>>>>>>>>>
>>> >>>>>>>>>>> Host element (or any other element)?
>>> >>>>>>>>>>>>>
>>> >>>>>>>>>>>>> </Host>
>>> >>>>>>>>>>>>>> </Engine>
>>> >>>>>>>>>>>>>> </Host>
>>> >>>>>>>>>>>>>> </Engine>
>>> >>>>>>>>>>>>>> </Host>
>>> >>>>>>>>>>>>>>
>>> >>>>>>>>>>>>>
>>> >>>>>>>>>>>>> You need to configure the RewriteValve.
>>> >>>>>>>>>>>>> https://tomcat.apache.org/tomcat-10.1-doc/rewrite.html
>>> >>>>>>>>>>>>>
>>> >>>>>>>>>>>>> Mark
>>> >>>>>>>>>>>>>
>>> >>>>>>>>>>>>>
>>> >>>>>>>>>>>>>
>>> ------------------------------------------------------------
>>> >>>>>> ---------
>>> >>>>>>
>>> >>>>>>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>>> >>>>>>>>>>>>> For additional commands, e-mail:
>>> users-help@tomcat.apache.org
>>> >>>>>>>>>>>>>
>>> >>>>>>>>>>>>>
>>> >>>>>>>>>>>>>
>>> >>>>>>>>>>>
>>> >>>>>>>>>>
>>> >>>>>>>>>> ------------------------------------------------------------
>>> >>>> ---------
>>> >>>>
>>> >>>>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>>> >>>>>>>>>> For additional commands, e-mail: users-help@tomcat.apache.org
>>> >>>>>>>>>>
>>> >>>>>>>>>>
>>> >>>>>>>>>>
>>> >>>>>>>>>
>>> >>>>>>>> ------------------------------------------------------------
>>> >>>>>>>> ---------
>>> >>>>>>>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>>> >>>>>>>> For additional commands, e-mail: users-help@tomcat.apache.org
>>> >>>>>>>>
>>> >>>>>>>>
>>> >>>>>>>>
>>> >>>>>>>
>>> >>>>>>
>>> ---------------------------------------------------------------------
>>> >>>>>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>>> >>>>>> For additional commands, e-mail: users-help@tomcat.apache.org
>>> >>>>>>
>>> >>>>>>
>>> >>>>>>
>>> >>>>>
>>> >>>>
>>> ---------------------------------------------------------------------
>>> >>>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>>> >>>> For additional commands, e-mail: users-help@tomcat.apache.org
>>> >>>>
>>> >>>>
>>> >>>>
>>> >>>
>>> >> ---------------------------------------------------------------------
>>> >> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>>> >> For additional commands, e-mail: users-help@tomcat.apache.org
>>> >>
>>> >>
>>> >
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>>> For additional commands, e-mail: users-help@tomcat.apache.org
>>>
>>>
Re: Regarding Tomcat url redirection
Posted by lavanya tech <la...@gmail.com>.
Hi Chris,
One question / doubt:
As I mentioned earlier, the below URLS already working in the browser
> https://server.lbg.com:8443/towl
> https://example.lbg.com:8443/towl -> redirect ( which means when I hit in
browser) it points to https://server.lbg.com:8443/towl ---> To be frank,
even I donot need redirect here, not sure why it redirects.
My question is why its working even though SAN is not registered with the
certificate ? It doesnot even throw warning in the browser.
Why https://server.lbg.com/towl or https://example.lbg.com/towl --> How it
should work with New SAN certificate ?
Thanks,
Lavanya
On Thu, Apr 25, 2024 at 10:16 AM lavanya tech <la...@gmail.com>
wrote:
> Hi Chris,
>
>
> Thanks I will request new certificate with SANs and I will try to fix the
> things from our end.
>
> Best Regards,
> Lavanya
>
> On Wed, Apr 24, 2024 at 11:12 PM Christopher Schultz <
> chris@christopherschultz.net> wrote:
>
>> Lavanya,
>>
>> On 4/24/24 15:39, lavanya tech wrote:
>> > Local host means the machine i am logged in to server.lbg.com
>> >
>> > You are right, example.lbg.com is CNAME record.
>>
>> Okay, thanks for clearing that up.
>>
>> > I dont have any SAN configured for the certificate. The certificate is
>> > requested for only server.lbg.com
>>
>> You will never be able to make a secure request to anything other than
>> server.lbg.com without seeing an error. I highly recommend adding the
>> other hostname as a SAN to your certificate if you really want to
>> support this.
>>
>> Even if you wanted https://example.lbg.com/whatever to return an HTTP
>> 302 redirect to https://server.lbg.com/whatever, the user would see a
>> certificate hostname mismatch error which is ugly. It's best to make it
>> work without users seeing ugly things.
>>
>> > So if i just request new certificate with SAN it should work ? If yes, I
>> > will request for it and follow your steps as below suggested.
>>
>> Yes, it should.
>>
>> > Should i use CName record or DNS? Does it make difference?
>>
>> CNAME *is* DNS.
>>
>> Whenever possible, use hostnames and not IP addresses as SANs. It's more
>> flexible that way, and users get to see hostnames instead of IP addresses.
>>
>> -chris
>>
>> > On Wednesday, April 24, 2024, Christopher Schultz <
>> > chris@christopherschultz.net> wrote:
>> >
>> >> Lavanya,
>> >>
>> >> On 4/24/24 07:37, lavanya tech wrote:
>> >>
>> >>> Sorry I understood wrongly here with regards to my environment, Let me
>> >>> start from the beginning. I donot want to use redirect at all. I
>> simply
>> >>> wanted to force apache tomcat to use both localhost and dns name of
>> the
>> >>> localhost via url.
>> >>>
>> >>
>> >> When you say "force" what do you mean?
>> >>
>> >> When you say "use both localhost and DNS name" what do you mean?
>> >>
>> >> When you say "localhost" do you mean 127.0.0.1 or "the machine I'm
>> >> logged-into right now"?
>> >>
>> >> I have DNS resollution as below.
>> >>>
>> >>> server.lbg.com --> localhost
>> >>>
>> >>
>> >> Is that a CNAME record?
>> >>
>> >> nslookup server.lbg.com (localhost)
>> >>> Name: server.lbg.com
>> >>> Address: 192.168.100.20
>> >>> alias: example.lbg.com
>> >>>
>> >>
>> >> That's a weird DNS response. The DNS name "localhost" should *always*
>> >> return 127.0.0.1 for IPv4 and ::1 for IPv6. It shouldn't return
>> >> 191.168.100.20.
>> >>
>> >> We have working the below urls working:
>> >>> https://server.lbg.com:8443/towl
>> >>> https://example.lbg.com:8443/towl --> redirects to
>> >>>
>> >>
>> >> What do you mean "redirect"? Does it return a 30x response that causes
>> the
>> >> browser to make a new request to \/
>> >>
>> >> https://server.lbg.com:8443/towl --> still works --> we have SSL
>> >>> configured for the same but this SSL certificate doesnot have
>> additional
>> >>> DNS setup.
>> >>>
>> >>
>> >> What SANs are in your certificate? How many certificates do you have?
>> >>
>> >> But I would need to somehow access https://example.lbg.com --> which
>> >>> means
>> >>> I would need to access via 443 here ?
>> >>>
>> >>
>> >> I'm so confused. What needs to access what?
>> >>
>> >> I tried to adding the below to server.xml as below, but that doesnot
>> seems
>> >>> to work.
>> >>>
>> >>> <Connector port="80"
>> >>> protocol="org.apache.coyote.http11.Http11NioProtocol"
>> >>> connectionTimeout="20000"
>> >>> redirectPort="443" />
>> >>>
>> >>
>> >> This will only redirect (HTTP 302) requests to
>> http://yourhost/anything
>> >> to https://yourhost/anything *if the application specifically requests
>> >> CONFIDENTIAL transport*. It doesn't just redirect everything by
>> default. If
>> >> you want it to redirect everything, you'll need to set that up e.g.
>> using
>> >> RewriteValve. There are other options, too.
>> >>
>> >> Do i need additional SSL certificate for the https://example.lbg.com
>> to
>> >>> make it work ?
>> >>>
>> >>
>> >> If you don't want your browser to complain, you will need at least one
>> TLS
>> >> certificate that contains every Subject Alternative Name (SAN) for
>> every
>> >> possible hostname you expect to use with this service. You ca do it
>> with
>> >> multiple certificates as well, but a single cert with multiple SANs is
>> less
>> >> work.
>> >>
>> >> Do i need to set up an additional web server for this like apache or
>> nginx
>> >>> for redirecting requests?
>> >>>
>> >>
>> >> No.
>> >>
>> >> Please stop saying "redirect" because it sounds like you almost never
>> mean
>> >> "HTTP 30x redirect" and that's confusing everything.
>> >>
>> >> I *think* you only need the following:
>> >>
>> >> 1. A TLS certificate with the following SANs:
>> >>
>> >> * server.lbg.com
>> >> * example.lbg.com
>> >> * localhost (you shouldn't do this)
>> >>
>> >> 2. DNS configured for all hostnames:
>> >>
>> >> * server.lbg.com -> A 192.168.100.20
>> >> * example.lgb.com -> A 192.168.100.20
>> >>
>> >> 3. Tomcat configured with a single <Host> which is the default virtual
>> >> host. Note that this is the *default Tomcat configuration* and doesn't
>> need
>> >> to be changed from the default.
>> >>
>> >> 4. Tomcat configured with your certificate like this:
>> >>
>> >> <Connector ...
>> >> SSLEnabled="true">
>> >> <SSLHostConfig>
>> >> <Certificate
>> >> certificateFile="/path/to/your/cert.crt"
>> >> certificateKeyFile="/path/to/your/key.pem" />
>> >> <!-- You may need certificateKeyPassword in <Certificate> -->
>> >> </SSLHostConfig>
>> >> </Connector>
>> >>
>> >> If your SANs are configured properly, this should allow you to connect
>> >> using any of these URLs:
>> >>
>> >> $ curl https://server.lbg.com/towl/login.jsp
>> >>
>> >> (returns login page)
>> >>
>> >> $ curl https://example.lbg.com/towl/login.jsp
>> >>
>> >> (returns login page)
>> >>
>> >> If your application's web.xml contains something like this:
>> >>
>> >> <security-constraint>
>> >> <web-resource-collection>
>> >> <web-resource-name>theapp</web-resource-name>
>> >> <url-pattern>/*</url-pattern>
>> >> </web-resource-collection>
>> >> <user-data-constraint>
>> >> <transport-guarantee>CONFIDENTIAL</transport-guarantee>
>> >> </user-data-constraint>
>> >> </security-constraint>
>> >>
>> >> ... then these URLs insecure HTTP URLs should redirect your clients:
>> >>
>> >> $ curl http://server.lbg.com/towl/login.jsp
>> >>
>> >> (returns HTTP 302 redirect to https://server.lbg.com/towl/login.jsp
>> )
>> >>
>> >> $ curl https://server.lbg.com/towl/login.jsp
>> >>
>> >> (returns HTTP 302 redirect to
>> https://example.lbg.com/towl/login.jsp)
>> >>
>> >> I don't think you need any use of the RewriteValve unless you want to
>> >> handle sending HTTP 302 redirect responses to insecure requests without
>> >> specifying the CONFIDENTIAL transport-guarantee in your application's
>> >> web.xml file. But I don't see any reason NOT to have that in there.
>> >>
>> >> -chris
>> >>
>> >> On Tue, Apr 23, 2024 at 10:52 PM Christopher Schultz <
>> >>> chris@christopherschultz.net> wrote:
>> >>>
>> >>> Lavanya,
>> >>>>
>> >>>> On 4/22/24 05:21, lavanya tech wrote:
>> >>>>
>> >>>>> Could you please explain, what you exactly mean ? So here redirect
>> is
>> >>>>>
>> >>>> not a
>> >>>>
>> >>>>> solution right ?
>> >>>>>
>> >>>>
>> >>>> Redirecting is fine.
>> >>>>
>> >>>> Perhaps you should take a step back and decide: what do you actually
>> >>>> want, here? You might be trying to solve problem X by applying
>> solution
>> >>>> Y, and you've already decided that solution Y is correct so you are
>> >>>> trying to get help with that.
>> >>>>
>> >>>> Perhaps ask for help with Problem X?
>> >>>>
>> >>>> For example, "I don't want users to have to type the name of my
>> >>>> application to reach it so I want example.com/ to go to my
>> application
>> >>>> instead of example.com/myapp/".
>> >>>>
>> >>>> Or, "I have multiple domains and I want all of them to redirect to
>> the
>> >>>> canonical domain example.com and to go to me web application /myapp
>> so
>> >>>> everything goes to example.com/myapp/".
>> >>>>
>> >>>> "You'd have to use a glob/regex if
>> >>>>> you wanted to check for [anything and maybe nothing.]example.com."
>> >>>>>
>> >>>>
>> >>>> There is nothing in your configuration or question that suggests that
>> >>>> the hostname in the request is relevant, but you are making it a
>> >>>> *requirement* that the request contains a specific Host header. IF
>> you
>> >>>> don't actually need that, why do you have it?
>> >>>>
>> >>>> -chris
>> >>>>
>> >>>> On Fri, Apr 19, 2024 at 3:03 PM Christopher Schultz <
>> >>>>> chris@christopherschultz.net> wrote:
>> >>>>>
>> >>>>> Ammu,
>> >>>>>>
>> >>>>>> On 4/19/24 08:32, lavanya tech wrote:
>> >>>>>>
>> >>>>>>> Thank you very much. I removed <Host> for example.com as well as
>> >>>>>>>
>> >>>>>> adding
>> >>>>
>> >>>>> an
>> >>>>>>
>> >>>>>>> <Alias> in server.xml
>> >>>>>>> I copied context.xml file
>> >>>>>>> /git/app/apache-tomcat-10.1.11/webapps/towl/META-INF/context.xml
>> >>>>>>> Removed < in rewrite.config files.
>> >>>>>>>
>> >>>>>>> But still I dont redirect the URL.
>> >>>>>>>
>> >>>>>>
>> >>>>>> If you have <Context> in server.xml and also your application in
>> the
>> >>>>>> webapps/ directory, then you will be double-deploying your
>> application.
>> >>>>>>
>> >>>>>> Re-name /git/app/apache-tomcat-10.1.11/webapps/towl/ to be
>> >>>>>> /git/app/apache-tomcat-10.1.11/webapps/ROOT (the capitals are
>> >>>>>> important)
>> >>>>>> and remove the <Context> element from your server.xml.
>> >>>>>>
>> >>>>>> Then start your server and read the logs.
>> >>>>>>
>> >>>>>> *nslookup alias.example.com <http://alias.example.com>
>> >>>>>>> gives-->Non-authoritative answer:Name: www.example.com
>> >>>>>>> <http://www.example.com>Address: 192.168.200.10Aliases:
>> >>>>>>>
>> >>>>>> alias.example.com
>> >>>>>>
>> >>>>>>> <http://alias.example.com>*
>> >>>>>>>
>> >>>>>>>
>> >>>>>>> Just to give some information here, *www.example.com
>> >>>>>>> <http://www.example.com>* has alias* "alias.example.com
>> >>>>>>> <http://alias.example.com>"*
>> >>>>>>> But https://www.example.com:7777/example --> works fine with out
>> >>>>>>>
>> >>>>>> issues
>> >>>>
>> >>>>> but
>> >>>>>>
>> >>>>>>> the alias doesnot works (https://alias.example.com)
>> >>>>>>> So i am not sure if the redirect url helps or if its correct
>> >>>>>>>
>> >>>>>>
>> >>>>>> Your rewrite configuration says that you have to be using host
>> >>>>>> "example.com" but your request goes to www.example.com. Your
>> >>>>>> configuration should only redirect a request such as:
>> >>>>>>
>> >>>>>> $ curl -v http://example.com:7777/something
>> >>>>>>
>> >>>>>> HTTP/1.1 301 Moved Permanently
>> >>>>>> ...
>> >>>>>> Location: https://www.example.com:7777/example
>> >>>>>>
>> >>>>>> If you make a request like:
>> >>>>>>
>> >>>>>> $ curl -v http://www.example.com:7777/something
>> >>>>>>
>> >>>>>> I wouldn't expect a redirect because of your "host" condition. The
>> >>>>>> "%{HTTP_HOST} example.com" looks at the entire Host header and not
>> >>>>>> just
>> >>>>>> anything that ends in "example.com". You'd have to use a
>> glob/regex if
>> >>>>>> you wanted to check for [anything and maybe nothing.]example.com.
>> >>>>>>
>> >>>>>> You'd also have to make sure that your application is serving
>> responses
>> >>>>>> to requests to / which is why I'm recommending you use the ROOT web
>> >>>>>> application name instead of "towl".
>> >>>>>>
>> >>>>>> -chris
>> >>>>>>
>> >>>>>> On Fri, Apr 19, 2024 at 1:21 PM Christopher Schultz <
>> >>>>>>> chris@christopherschultz.net> wrote:
>> >>>>>>>
>> >>>>>>> Ammu,
>> >>>>>>>>
>> >>>>>>>> On 4/18/24 09:34, lavanya tech wrote:
>> >>>>>>>>
>> >>>>>>>>> I am attaching server.xml and context.xml and rewrite.config
>> files.
>> >>>>>>>>> The paths are
>> >>>>>>>>>
>> >>>>>>>>> /git/app/apache-tomcat-10.1.11/webapps/towl/context.xml
>> >>>>>>>>> <Context>
>> >>>>>>>>> <Valve
>> >>>>>>>>>
>> >>>>>>>> className="org.apache.catalina.valves.rewrite.RewriteValve"
>> >>>>>>
>> >>>>>>> />
>> >>>>>>>>
>> >>>>>>>>> <!-- Other context configuration -->
>> >>>>>>>>> </Context>
>> >>>>>>>>>
>> >>>>>>>>
>> >>>>>>>> This file ^^^ is in the wrong place. It should be in
>> >>>>>>>> /git/app/apache-tomcat-10.1.11/webapps/towl/META-INF/context.xml
>> >>>>>>>>
>> >>>>>>>>
>> /git/app/apache-tomcat-10.1.11/webapps/towl/WEB-INF/rewrite.config
>> >>>>>>>>>
>> >>>>>>>>> <RewriteCond %{HTTP_HOST} example.com [NC]
>> >>>>>>>>> <RewriteRule ^/(.*)$ https://www.example.com:7777/example
>> [R=301,L]
>> >>>>>>>>>
>> >>>>>>>>
>> >>>>>>>> Why do you have < symbols at the beginning of these lines?
>> >>>>>>>>
>> >>>>>>>> server.xml
>> >>>>>>>>>
>> >>>>>>>>> > [...]
>> >>>>>>>>
>> >>>>>>>>>
>> >>>>>>>>> <Host name="example.com" appBase="webapps"
>> >>>>>>>>>
>> >>>>>>>> unpackWARs="true"
>> >>>>
>> >>>>> autoDeploy="true">
>> >>>>>>>>> <Context path="" docBase="towl" />
>> >>>>>>>>>
>> >>>>>>>>
>> >>>>>>>> It's best not to define any <Context> in server.xml. I would
>> remove
>> >>>>>>>>
>> >>>>>>> this
>> >>>>
>> >>>>> <Context> entirely and allow Tomcat to auto-reploy from your
>> >>>>>>>> webapps/towl directory. If you need this application to be
>> deployed
>> >>>>>>>> as
>> >>>>>>>> the ROOT context (on / and not /towl) then you should re-name
>> >>>>>>>> /git/app/apache-tomcat-10.1.11/webapps/towl to
>> >>>>>>>> /git/app/apache-tomcat-10.1.11/webapps/ROOT
>> >>>>>>>>
>> >>>>>>>> You also don't need a <Host> for example.com as well as adding
>> an
>> >>>>>>>> <Alias> for the same domain (though this is probably to
>> anonymize the
>> >>>>>>>> configuration). You can feel free to simply use the "localhost"
>> >>>>>>>> <Host>
>> >>>>>>>> as the default <Host> and deploy everything into it. This makes
>> your
>> >>>>>>>> configuration changes relative to a stock Tomcat less
>> significant and
>> >>>>>>>> easier to apply to new versions if/when necessary.
>> >>>>>>>>
>> >>>>>>>> -chris
>> >>>>>>>>
>> >>>>>>>> On Thu, Apr 18, 2024 at 2:17 PM Christopher Schultz <
>> >>>>>>>>> chris@christopherschultz.net> wrote:
>> >>>>>>>>>
>> >>>>>>>>> Ammu,
>> >>>>>>>>>>
>> >>>>>>>>>> On 4/18/24 07:45, lavanya tech wrote:
>> >>>>>>>>>>
>> >>>>>>>>>>> I added classname rewrite valeus in contex.xml file .
>> >>>>>>>>>>>
>> >>>>>>>>>>> <!-- REWRITE VALVE -->
>> >>>>>>>>>>> <Valve
>> >>>>>>>>>>>
>> >>>>>>>>>> className="org.apache.catalina.valves.rewrite.RewriteValve"
>> >>>>>>>>
>> >>>>>>>>> />
>> >>>>>>>>>>
>> >>>>>>>>>>> <!-- // -->
>> >>>>>>>>>>>
>> >>>>>>>>>>> created rewrite.config so both of them is located under conf
>> >>>>>>>>>>> under
>> >>>>>>>>>>> apache-tomcat.
>> >>>>>>>>>>>
>> >>>>>>>>>>>
>> >>>>>>>>>>> <RewriteCond %{HTTP_HOST}
>> example.com
>> >>>>>>>>>>> [NC]
>> >>>>>>>>>>> <RewriteRule ^/(.*)$
>> >>>>>>>>>>> https://www.example.com:7777/example [R=301,L]
>> >>>>>>>>>>>
>> >>>>>>>>>>> So according to the documentaion they say context.xml should
>> be
>> >>>>>>>>>>>
>> >>>>>>>>>> placed
>> >>>>>>
>> >>>>>>> under webapps and rewrite.config file should be put in WEB-INF
>> >>>>>>>>>>>
>> >>>>>>>>>> folder
>> >>>>
>> >>>>> of
>> >>>>>>>>
>> >>>>>>>>> apache-tomcat . I placed and restarted tomcat webserver but
>> still
>> >>>>>>>>>>>
>> >>>>>>>>>> it
>> >>>>
>> >>>>> doesnot redirect.
>> >>>>>>>>>>>
>> >>>>>>>>>>
>> >>>>>>>>>> Can you give full paths to both server.xml and rewrite.config,
>> >>>>>>>>>>
>> >>>>>>>>> re-post
>> >>>>
>> >>>>> your current server.xml <Context> element, and the complete contents
>> >>>>>>>>>>
>> >>>>>>>>> of
>> >>>>>>
>> >>>>>>> rewrite.config?
>> >>>>>>>>>>
>> >>>>>>>>>> Have you looked at the log files after start?
>> >>>>>>>>>>
>> >>>>>>>>>> -chris
>> >>>>>>>>>>
>> >>>>>>>>>> On Thu, Apr 18, 2024 at 1:36 PM lavanya tech <
>> >>>>>>>>>>>
>> >>>>>>>>>> lavanyatech440@gmail.com
>> >>>>>>
>> >>>>>>>
>> >>>>>>>>> wrote:
>> >>>>>>>>>>>
>> >>>>>>>>>>> Hi Thomas,
>> >>>>>>>>>>>>
>> >>>>>>>>>>>> Thanks for the fast response.
>> >>>>>>>>>>>>
>> >>>>>>>>>>>> I added classname rewrite valeus in contex.xml file .
>> >>>>>>>>>>>>
>> >>>>>>>>>>>> <!-- REWRITE VALVE -->
>> >>>>>>>>>>>> <Valve
>> >>>>>>>>>>>>
>> >>>>>>>>>>> className="org.apache.catalina.valves.rewrite.RewriteValve"
>> >>>>>>>>
>> >>>>>>>>> />
>> >>>>>>>>>>
>> >>>>>>>>>>> <!-- // -->
>> >>>>>>>>>>>>
>> >>>>>>>>>>>> created rewrite.config so both of them is located under conf
>> >>>>>>>>>>>>
>> >>>>>>>>>>> under
>> >>>>
>> >>>>> apache-tomcat.
>> >>>>>>>>>>>>
>> >>>>>>>>>>>> So according to the documentaion they say context.xml should
>> be
>> >>>>>>>>>>>>
>> >>>>>>>>>>> placed
>> >>>>>>
>> >>>>>>> under webapps and rewrite.config file should be put in WEB-INF
>> >>>>>>>>>>>>
>> >>>>>>>>>>> folder
>> >>>>>>
>> >>>>>>> of
>> >>>>>>>>
>> >>>>>>>>> apache-tomcat
>> >>>>>>>>>>>>
>> >>>>>>>>>>>> Thnks,
>> >>>>>>>>>>>> Ammu
>> >>>>>>>>>>>>
>> >>>>>>>>>>>>
>> >>>>>>>>>>>>
>> >>>>>>>>>>>> On Thu, Apr 18, 2024 at 1:22 PM Mark Thomas <
>> markt@apache.org>
>> >>>>>>>>>>>>
>> >>>>>>>>>>> wrote:
>> >>>>>>
>> >>>>>>>
>> >>>>>>>>>>>> On 18/04/2024 12:05, lavanya tech wrote:
>> >>>>>>>>>>>>>
>> >>>>>>>>>>>>>> Hi Team,
>> >>>>>>>>>>>>>>
>> >>>>>>>>>>>>>> I am using "Tomcat 10.1" in our environment and I wanted to
>> >>>>>>>>>>>>>>
>> >>>>>>>>>>>>> redirect
>> >>>>>>
>> >>>>>>> url
>> >>>>>>>>>>
>> >>>>>>>>>>> from https://example.com to https://www.servercom:7777 and
>> for
>> >>>>>>>>>>>>>>
>> >>>>>>>>>>>>> this i
>> >>>>>>>>
>> >>>>>>>>> modified the server.xml as below in tomcat config, and the below
>> >>>>>>>>>>>>>> configuration doesnot seems to work. Does anyone has ideas.
>> >>>>>>>>>>>>>>
>> >>>>>>>>>>>>> Please
>> >>>>
>> >>>>> suggest.
>> >>>>>>>>>>>>>
>> >>>>>>>>>>>>>> The url alone https://www.servercom:7777/ already works.
>> But
>> >>>>>>>>>>>>>>
>> >>>>>>>>>>>>> just
>> >>>>
>> >>>>> redirection from the old to one doesnot.
>> >>>>>>>>>>>>>>
>> >>>>>>>>>>>>>> <Host name="example.com" appBase="app" unpackWARs="true"
>> >>>>>>>>>>>>>>
>> >>>>>>>>>>>>> autoDeploy="true">
>> >>>>>>>>>>>>>
>> >>>>>>>>>>>>>> <Context path="" docBase="example" />
>> >>>>>>>>>>>>>> <Alias>example.com</Alias>
>> >>>>>>>>>>>>>> <!-- Add RewriteValve and RewriteRule here -->
>> >>>>>>>>>>>>>> <Valve
>> >>>>>>>>>>>>>>
>> >>>>>>>>>>>>>
>> className="org.apache.catalina.valves.rewrite.RewriteValve"/>
>> >>>>>>>>>>>>>
>> >>>>>>>>>>>>>> <Engine name="Catalina" defaultHost="localhost">
>> >>>>>>>>>>>>>> <Host name="example.com" appBase="app"
>> >>>>>>>>>>>>>>
>> >>>>>>>>>>>>> unpackWARs="true"
>> >>>>>>
>> >>>>>>> autoDeploy="true">
>> >>>>>>>>>>>>>> <Context path="" docBase="example" />
>> >>>>>>>>>>>>>> <Alias>example.com</Alias>
>> >>>>>>>>>>>>>> <Valve
>> >>>>>>>>>>>>>>
>> >>>>>>>>>>>>>
>> className="org.apache.catalina.valves.rewrite.RewriteValve"/>
>> >>>>>>>>>>>>>
>> >>>>>>>>>>>>>> <Engine name="Catalina"
>> >>>>>>>>>>>>>>
>> >>>>>>>>>>>>> defaultHost="localhost">
>> >>>>
>> >>>>> <Host name="example.com" appBase="app"
>> >>>>>>>>>>>>>> unpackWARs="true" autoDeploy="true">
>> >>>>>>>>>>>>>> <Context path=""
>> docBase="example" />
>> >>>>>>>>>>>>>> <Alias>example.com</Alias>
>> >>>>>>>>>>>>>> <!-- Rewrite rule to redirect to
>> >>>>>>>>>>>>>> www.servercom:8080/example -->
>> >>>>>>>>>>>>>> <RewriteCond %{HTTP_HOST}
>> >>>>>>>>>>>>>> example\.com
>> >>>>>>>>>>>>>>
>> >>>>>>>>>>>>> [NC]
>> >>>>>>
>> >>>>>>> <RewriteRule ^/(.*)$
>> >>>>>>>>>>>>>> https://www.servercom:7777/example/$1 [R=301,L]
>> >>>>>>>>>>>>>>
>> >>>>>>>>>>>>>
>> >>>>>>>>>>>>> 1. That isn't valid XML.
>> >>>>>>>>>>>>>
>> >>>>>>>>>>>>> 2. Where in the Tomcat docs does it say you can nest
>> re-write
>> >>>>>>>>>>>>>
>> >>>>>>>>>>>> rules
>> >>>>
>> >>>>> in
>> >>>>>>>>
>> >>>>>>>>> a
>> >>>>>>>>>>
>> >>>>>>>>>>> Host element (or any other element)?
>> >>>>>>>>>>>>>
>> >>>>>>>>>>>>> </Host>
>> >>>>>>>>>>>>>> </Engine>
>> >>>>>>>>>>>>>> </Host>
>> >>>>>>>>>>>>>> </Engine>
>> >>>>>>>>>>>>>> </Host>
>> >>>>>>>>>>>>>>
>> >>>>>>>>>>>>>
>> >>>>>>>>>>>>> You need to configure the RewriteValve.
>> >>>>>>>>>>>>> https://tomcat.apache.org/tomcat-10.1-doc/rewrite.html
>> >>>>>>>>>>>>>
>> >>>>>>>>>>>>> Mark
>> >>>>>>>>>>>>>
>> >>>>>>>>>>>>>
>> >>>>>>>>>>>>> ------------------------------------------------------------
>> >>>>>> ---------
>> >>>>>>
>> >>>>>>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>> >>>>>>>>>>>>> For additional commands, e-mail:
>> users-help@tomcat.apache.org
>> >>>>>>>>>>>>>
>> >>>>>>>>>>>>>
>> >>>>>>>>>>>>>
>> >>>>>>>>>>>
>> >>>>>>>>>>
>> >>>>>>>>>> ------------------------------------------------------------
>> >>>> ---------
>> >>>>
>> >>>>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>> >>>>>>>>>> For additional commands, e-mail: users-help@tomcat.apache.org
>> >>>>>>>>>>
>> >>>>>>>>>>
>> >>>>>>>>>>
>> >>>>>>>>>
>> >>>>>>>> ------------------------------------------------------------
>> >>>>>>>> ---------
>> >>>>>>>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>> >>>>>>>> For additional commands, e-mail: users-help@tomcat.apache.org
>> >>>>>>>>
>> >>>>>>>>
>> >>>>>>>>
>> >>>>>>>
>> >>>>>>
>> ---------------------------------------------------------------------
>> >>>>>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>> >>>>>> For additional commands, e-mail: users-help@tomcat.apache.org
>> >>>>>>
>> >>>>>>
>> >>>>>>
>> >>>>>
>> >>>> ---------------------------------------------------------------------
>> >>>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>> >>>> For additional commands, e-mail: users-help@tomcat.apache.org
>> >>>>
>> >>>>
>> >>>>
>> >>>
>> >> ---------------------------------------------------------------------
>> >> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>> >> For additional commands, e-mail: users-help@tomcat.apache.org
>> >>
>> >>
>> >
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>> For additional commands, e-mail: users-help@tomcat.apache.org
>>
>>
Re: Regarding Tomcat url redirection
Posted by lavanya tech <la...@gmail.com>.
Hi Chris,
Thanks I will request new certificate with SANs and I will try to fix the
things from our end.
Best Regards,
Lavanya
On Wed, Apr 24, 2024 at 11:12 PM Christopher Schultz <
chris@christopherschultz.net> wrote:
> Lavanya,
>
> On 4/24/24 15:39, lavanya tech wrote:
> > Local host means the machine i am logged in to server.lbg.com
> >
> > You are right, example.lbg.com is CNAME record.
>
> Okay, thanks for clearing that up.
>
> > I dont have any SAN configured for the certificate. The certificate is
> > requested for only server.lbg.com
>
> You will never be able to make a secure request to anything other than
> server.lbg.com without seeing an error. I highly recommend adding the
> other hostname as a SAN to your certificate if you really want to
> support this.
>
> Even if you wanted https://example.lbg.com/whatever to return an HTTP
> 302 redirect to https://server.lbg.com/whatever, the user would see a
> certificate hostname mismatch error which is ugly. It's best to make it
> work without users seeing ugly things.
>
> > So if i just request new certificate with SAN it should work ? If yes, I
> > will request for it and follow your steps as below suggested.
>
> Yes, it should.
>
> > Should i use CName record or DNS? Does it make difference?
>
> CNAME *is* DNS.
>
> Whenever possible, use hostnames and not IP addresses as SANs. It's more
> flexible that way, and users get to see hostnames instead of IP addresses.
>
> -chris
>
> > On Wednesday, April 24, 2024, Christopher Schultz <
> > chris@christopherschultz.net> wrote:
> >
> >> Lavanya,
> >>
> >> On 4/24/24 07:37, lavanya tech wrote:
> >>
> >>> Sorry I understood wrongly here with regards to my environment, Let me
> >>> start from the beginning. I donot want to use redirect at all. I simply
> >>> wanted to force apache tomcat to use both localhost and dns name of the
> >>> localhost via url.
> >>>
> >>
> >> When you say "force" what do you mean?
> >>
> >> When you say "use both localhost and DNS name" what do you mean?
> >>
> >> When you say "localhost" do you mean 127.0.0.1 or "the machine I'm
> >> logged-into right now"?
> >>
> >> I have DNS resollution as below.
> >>>
> >>> server.lbg.com --> localhost
> >>>
> >>
> >> Is that a CNAME record?
> >>
> >> nslookup server.lbg.com (localhost)
> >>> Name: server.lbg.com
> >>> Address: 192.168.100.20
> >>> alias: example.lbg.com
> >>>
> >>
> >> That's a weird DNS response. The DNS name "localhost" should *always*
> >> return 127.0.0.1 for IPv4 and ::1 for IPv6. It shouldn't return
> >> 191.168.100.20.
> >>
> >> We have working the below urls working:
> >>> https://server.lbg.com:8443/towl
> >>> https://example.lbg.com:8443/towl --> redirects to
> >>>
> >>
> >> What do you mean "redirect"? Does it return a 30x response that causes
> the
> >> browser to make a new request to \/
> >>
> >> https://server.lbg.com:8443/towl --> still works --> we have SSL
> >>> configured for the same but this SSL certificate doesnot have
> additional
> >>> DNS setup.
> >>>
> >>
> >> What SANs are in your certificate? How many certificates do you have?
> >>
> >> But I would need to somehow access https://example.lbg.com --> which
> >>> means
> >>> I would need to access via 443 here ?
> >>>
> >>
> >> I'm so confused. What needs to access what?
> >>
> >> I tried to adding the below to server.xml as below, but that doesnot
> seems
> >>> to work.
> >>>
> >>> <Connector port="80"
> >>> protocol="org.apache.coyote.http11.Http11NioProtocol"
> >>> connectionTimeout="20000"
> >>> redirectPort="443" />
> >>>
> >>
> >> This will only redirect (HTTP 302) requests to http://yourhost/anything
> >> to https://yourhost/anything *if the application specifically requests
> >> CONFIDENTIAL transport*. It doesn't just redirect everything by
> default. If
> >> you want it to redirect everything, you'll need to set that up e.g.
> using
> >> RewriteValve. There are other options, too.
> >>
> >> Do i need additional SSL certificate for the https://example.lbg.com
> to
> >>> make it work ?
> >>>
> >>
> >> If you don't want your browser to complain, you will need at least one
> TLS
> >> certificate that contains every Subject Alternative Name (SAN) for every
> >> possible hostname you expect to use with this service. You ca do it with
> >> multiple certificates as well, but a single cert with multiple SANs is
> less
> >> work.
> >>
> >> Do i need to set up an additional web server for this like apache or
> nginx
> >>> for redirecting requests?
> >>>
> >>
> >> No.
> >>
> >> Please stop saying "redirect" because it sounds like you almost never
> mean
> >> "HTTP 30x redirect" and that's confusing everything.
> >>
> >> I *think* you only need the following:
> >>
> >> 1. A TLS certificate with the following SANs:
> >>
> >> * server.lbg.com
> >> * example.lbg.com
> >> * localhost (you shouldn't do this)
> >>
> >> 2. DNS configured for all hostnames:
> >>
> >> * server.lbg.com -> A 192.168.100.20
> >> * example.lgb.com -> A 192.168.100.20
> >>
> >> 3. Tomcat configured with a single <Host> which is the default virtual
> >> host. Note that this is the *default Tomcat configuration* and doesn't
> need
> >> to be changed from the default.
> >>
> >> 4. Tomcat configured with your certificate like this:
> >>
> >> <Connector ...
> >> SSLEnabled="true">
> >> <SSLHostConfig>
> >> <Certificate
> >> certificateFile="/path/to/your/cert.crt"
> >> certificateKeyFile="/path/to/your/key.pem" />
> >> <!-- You may need certificateKeyPassword in <Certificate> -->
> >> </SSLHostConfig>
> >> </Connector>
> >>
> >> If your SANs are configured properly, this should allow you to connect
> >> using any of these URLs:
> >>
> >> $ curl https://server.lbg.com/towl/login.jsp
> >>
> >> (returns login page)
> >>
> >> $ curl https://example.lbg.com/towl/login.jsp
> >>
> >> (returns login page)
> >>
> >> If your application's web.xml contains something like this:
> >>
> >> <security-constraint>
> >> <web-resource-collection>
> >> <web-resource-name>theapp</web-resource-name>
> >> <url-pattern>/*</url-pattern>
> >> </web-resource-collection>
> >> <user-data-constraint>
> >> <transport-guarantee>CONFIDENTIAL</transport-guarantee>
> >> </user-data-constraint>
> >> </security-constraint>
> >>
> >> ... then these URLs insecure HTTP URLs should redirect your clients:
> >>
> >> $ curl http://server.lbg.com/towl/login.jsp
> >>
> >> (returns HTTP 302 redirect to https://server.lbg.com/towl/login.jsp)
> >>
> >> $ curl https://server.lbg.com/towl/login.jsp
> >>
> >> (returns HTTP 302 redirect to https://example.lbg.com/towl/login.jsp
> )
> >>
> >> I don't think you need any use of the RewriteValve unless you want to
> >> handle sending HTTP 302 redirect responses to insecure requests without
> >> specifying the CONFIDENTIAL transport-guarantee in your application's
> >> web.xml file. But I don't see any reason NOT to have that in there.
> >>
> >> -chris
> >>
> >> On Tue, Apr 23, 2024 at 10:52 PM Christopher Schultz <
> >>> chris@christopherschultz.net> wrote:
> >>>
> >>> Lavanya,
> >>>>
> >>>> On 4/22/24 05:21, lavanya tech wrote:
> >>>>
> >>>>> Could you please explain, what you exactly mean ? So here redirect is
> >>>>>
> >>>> not a
> >>>>
> >>>>> solution right ?
> >>>>>
> >>>>
> >>>> Redirecting is fine.
> >>>>
> >>>> Perhaps you should take a step back and decide: what do you actually
> >>>> want, here? You might be trying to solve problem X by applying
> solution
> >>>> Y, and you've already decided that solution Y is correct so you are
> >>>> trying to get help with that.
> >>>>
> >>>> Perhaps ask for help with Problem X?
> >>>>
> >>>> For example, "I don't want users to have to type the name of my
> >>>> application to reach it so I want example.com/ to go to my
> application
> >>>> instead of example.com/myapp/".
> >>>>
> >>>> Or, "I have multiple domains and I want all of them to redirect to the
> >>>> canonical domain example.com and to go to me web application /myapp
> so
> >>>> everything goes to example.com/myapp/".
> >>>>
> >>>> "You'd have to use a glob/regex if
> >>>>> you wanted to check for [anything and maybe nothing.]example.com."
> >>>>>
> >>>>
> >>>> There is nothing in your configuration or question that suggests that
> >>>> the hostname in the request is relevant, but you are making it a
> >>>> *requirement* that the request contains a specific Host header. IF you
> >>>> don't actually need that, why do you have it?
> >>>>
> >>>> -chris
> >>>>
> >>>> On Fri, Apr 19, 2024 at 3:03 PM Christopher Schultz <
> >>>>> chris@christopherschultz.net> wrote:
> >>>>>
> >>>>> Ammu,
> >>>>>>
> >>>>>> On 4/19/24 08:32, lavanya tech wrote:
> >>>>>>
> >>>>>>> Thank you very much. I removed <Host> for example.com as well as
> >>>>>>>
> >>>>>> adding
> >>>>
> >>>>> an
> >>>>>>
> >>>>>>> <Alias> in server.xml
> >>>>>>> I copied context.xml file
> >>>>>>> /git/app/apache-tomcat-10.1.11/webapps/towl/META-INF/context.xml
> >>>>>>> Removed < in rewrite.config files.
> >>>>>>>
> >>>>>>> But still I dont redirect the URL.
> >>>>>>>
> >>>>>>
> >>>>>> If you have <Context> in server.xml and also your application in the
> >>>>>> webapps/ directory, then you will be double-deploying your
> application.
> >>>>>>
> >>>>>> Re-name /git/app/apache-tomcat-10.1.11/webapps/towl/ to be
> >>>>>> /git/app/apache-tomcat-10.1.11/webapps/ROOT (the capitals are
> >>>>>> important)
> >>>>>> and remove the <Context> element from your server.xml.
> >>>>>>
> >>>>>> Then start your server and read the logs.
> >>>>>>
> >>>>>> *nslookup alias.example.com <http://alias.example.com>
> >>>>>>> gives-->Non-authoritative answer:Name: www.example.com
> >>>>>>> <http://www.example.com>Address: 192.168.200.10Aliases:
> >>>>>>>
> >>>>>> alias.example.com
> >>>>>>
> >>>>>>> <http://alias.example.com>*
> >>>>>>>
> >>>>>>>
> >>>>>>> Just to give some information here, *www.example.com
> >>>>>>> <http://www.example.com>* has alias* "alias.example.com
> >>>>>>> <http://alias.example.com>"*
> >>>>>>> But https://www.example.com:7777/example --> works fine with out
> >>>>>>>
> >>>>>> issues
> >>>>
> >>>>> but
> >>>>>>
> >>>>>>> the alias doesnot works (https://alias.example.com)
> >>>>>>> So i am not sure if the redirect url helps or if its correct
> >>>>>>>
> >>>>>>
> >>>>>> Your rewrite configuration says that you have to be using host
> >>>>>> "example.com" but your request goes to www.example.com. Your
> >>>>>> configuration should only redirect a request such as:
> >>>>>>
> >>>>>> $ curl -v http://example.com:7777/something
> >>>>>>
> >>>>>> HTTP/1.1 301 Moved Permanently
> >>>>>> ...
> >>>>>> Location: https://www.example.com:7777/example
> >>>>>>
> >>>>>> If you make a request like:
> >>>>>>
> >>>>>> $ curl -v http://www.example.com:7777/something
> >>>>>>
> >>>>>> I wouldn't expect a redirect because of your "host" condition. The
> >>>>>> "%{HTTP_HOST} example.com" looks at the entire Host header and not
> >>>>>> just
> >>>>>> anything that ends in "example.com". You'd have to use a
> glob/regex if
> >>>>>> you wanted to check for [anything and maybe nothing.]example.com.
> >>>>>>
> >>>>>> You'd also have to make sure that your application is serving
> responses
> >>>>>> to requests to / which is why I'm recommending you use the ROOT web
> >>>>>> application name instead of "towl".
> >>>>>>
> >>>>>> -chris
> >>>>>>
> >>>>>> On Fri, Apr 19, 2024 at 1:21 PM Christopher Schultz <
> >>>>>>> chris@christopherschultz.net> wrote:
> >>>>>>>
> >>>>>>> Ammu,
> >>>>>>>>
> >>>>>>>> On 4/18/24 09:34, lavanya tech wrote:
> >>>>>>>>
> >>>>>>>>> I am attaching server.xml and context.xml and rewrite.config
> files.
> >>>>>>>>> The paths are
> >>>>>>>>>
> >>>>>>>>> /git/app/apache-tomcat-10.1.11/webapps/towl/context.xml
> >>>>>>>>> <Context>
> >>>>>>>>> <Valve
> >>>>>>>>>
> >>>>>>>> className="org.apache.catalina.valves.rewrite.RewriteValve"
> >>>>>>
> >>>>>>> />
> >>>>>>>>
> >>>>>>>>> <!-- Other context configuration -->
> >>>>>>>>> </Context>
> >>>>>>>>>
> >>>>>>>>
> >>>>>>>> This file ^^^ is in the wrong place. It should be in
> >>>>>>>> /git/app/apache-tomcat-10.1.11/webapps/towl/META-INF/context.xml
> >>>>>>>>
> >>>>>>>> /git/app/apache-tomcat-10.1.11/webapps/towl/WEB-INF/rewrite.config
> >>>>>>>>>
> >>>>>>>>> <RewriteCond %{HTTP_HOST} example.com [NC]
> >>>>>>>>> <RewriteRule ^/(.*)$ https://www.example.com:7777/example
> [R=301,L]
> >>>>>>>>>
> >>>>>>>>
> >>>>>>>> Why do you have < symbols at the beginning of these lines?
> >>>>>>>>
> >>>>>>>> server.xml
> >>>>>>>>>
> >>>>>>>>> > [...]
> >>>>>>>>
> >>>>>>>>>
> >>>>>>>>> <Host name="example.com" appBase="webapps"
> >>>>>>>>>
> >>>>>>>> unpackWARs="true"
> >>>>
> >>>>> autoDeploy="true">
> >>>>>>>>> <Context path="" docBase="towl" />
> >>>>>>>>>
> >>>>>>>>
> >>>>>>>> It's best not to define any <Context> in server.xml. I would
> remove
> >>>>>>>>
> >>>>>>> this
> >>>>
> >>>>> <Context> entirely and allow Tomcat to auto-reploy from your
> >>>>>>>> webapps/towl directory. If you need this application to be
> deployed
> >>>>>>>> as
> >>>>>>>> the ROOT context (on / and not /towl) then you should re-name
> >>>>>>>> /git/app/apache-tomcat-10.1.11/webapps/towl to
> >>>>>>>> /git/app/apache-tomcat-10.1.11/webapps/ROOT
> >>>>>>>>
> >>>>>>>> You also don't need a <Host> for example.com as well as adding an
> >>>>>>>> <Alias> for the same domain (though this is probably to anonymize
> the
> >>>>>>>> configuration). You can feel free to simply use the "localhost"
> >>>>>>>> <Host>
> >>>>>>>> as the default <Host> and deploy everything into it. This makes
> your
> >>>>>>>> configuration changes relative to a stock Tomcat less significant
> and
> >>>>>>>> easier to apply to new versions if/when necessary.
> >>>>>>>>
> >>>>>>>> -chris
> >>>>>>>>
> >>>>>>>> On Thu, Apr 18, 2024 at 2:17 PM Christopher Schultz <
> >>>>>>>>> chris@christopherschultz.net> wrote:
> >>>>>>>>>
> >>>>>>>>> Ammu,
> >>>>>>>>>>
> >>>>>>>>>> On 4/18/24 07:45, lavanya tech wrote:
> >>>>>>>>>>
> >>>>>>>>>>> I added classname rewrite valeus in contex.xml file .
> >>>>>>>>>>>
> >>>>>>>>>>> <!-- REWRITE VALVE -->
> >>>>>>>>>>> <Valve
> >>>>>>>>>>>
> >>>>>>>>>> className="org.apache.catalina.valves.rewrite.RewriteValve"
> >>>>>>>>
> >>>>>>>>> />
> >>>>>>>>>>
> >>>>>>>>>>> <!-- // -->
> >>>>>>>>>>>
> >>>>>>>>>>> created rewrite.config so both of them is located under conf
> >>>>>>>>>>> under
> >>>>>>>>>>> apache-tomcat.
> >>>>>>>>>>>
> >>>>>>>>>>>
> >>>>>>>>>>> <RewriteCond %{HTTP_HOST}
> example.com
> >>>>>>>>>>> [NC]
> >>>>>>>>>>> <RewriteRule ^/(.*)$
> >>>>>>>>>>> https://www.example.com:7777/example [R=301,L]
> >>>>>>>>>>>
> >>>>>>>>>>> So according to the documentaion they say context.xml should be
> >>>>>>>>>>>
> >>>>>>>>>> placed
> >>>>>>
> >>>>>>> under webapps and rewrite.config file should be put in WEB-INF
> >>>>>>>>>>>
> >>>>>>>>>> folder
> >>>>
> >>>>> of
> >>>>>>>>
> >>>>>>>>> apache-tomcat . I placed and restarted tomcat webserver but still
> >>>>>>>>>>>
> >>>>>>>>>> it
> >>>>
> >>>>> doesnot redirect.
> >>>>>>>>>>>
> >>>>>>>>>>
> >>>>>>>>>> Can you give full paths to both server.xml and rewrite.config,
> >>>>>>>>>>
> >>>>>>>>> re-post
> >>>>
> >>>>> your current server.xml <Context> element, and the complete contents
> >>>>>>>>>>
> >>>>>>>>> of
> >>>>>>
> >>>>>>> rewrite.config?
> >>>>>>>>>>
> >>>>>>>>>> Have you looked at the log files after start?
> >>>>>>>>>>
> >>>>>>>>>> -chris
> >>>>>>>>>>
> >>>>>>>>>> On Thu, Apr 18, 2024 at 1:36 PM lavanya tech <
> >>>>>>>>>>>
> >>>>>>>>>> lavanyatech440@gmail.com
> >>>>>>
> >>>>>>>
> >>>>>>>>> wrote:
> >>>>>>>>>>>
> >>>>>>>>>>> Hi Thomas,
> >>>>>>>>>>>>
> >>>>>>>>>>>> Thanks for the fast response.
> >>>>>>>>>>>>
> >>>>>>>>>>>> I added classname rewrite valeus in contex.xml file .
> >>>>>>>>>>>>
> >>>>>>>>>>>> <!-- REWRITE VALVE -->
> >>>>>>>>>>>> <Valve
> >>>>>>>>>>>>
> >>>>>>>>>>> className="org.apache.catalina.valves.rewrite.RewriteValve"
> >>>>>>>>
> >>>>>>>>> />
> >>>>>>>>>>
> >>>>>>>>>>> <!-- // -->
> >>>>>>>>>>>>
> >>>>>>>>>>>> created rewrite.config so both of them is located under conf
> >>>>>>>>>>>>
> >>>>>>>>>>> under
> >>>>
> >>>>> apache-tomcat.
> >>>>>>>>>>>>
> >>>>>>>>>>>> So according to the documentaion they say context.xml should
> be
> >>>>>>>>>>>>
> >>>>>>>>>>> placed
> >>>>>>
> >>>>>>> under webapps and rewrite.config file should be put in WEB-INF
> >>>>>>>>>>>>
> >>>>>>>>>>> folder
> >>>>>>
> >>>>>>> of
> >>>>>>>>
> >>>>>>>>> apache-tomcat
> >>>>>>>>>>>>
> >>>>>>>>>>>> Thnks,
> >>>>>>>>>>>> Ammu
> >>>>>>>>>>>>
> >>>>>>>>>>>>
> >>>>>>>>>>>>
> >>>>>>>>>>>> On Thu, Apr 18, 2024 at 1:22 PM Mark Thomas <markt@apache.org
> >
> >>>>>>>>>>>>
> >>>>>>>>>>> wrote:
> >>>>>>
> >>>>>>>
> >>>>>>>>>>>> On 18/04/2024 12:05, lavanya tech wrote:
> >>>>>>>>>>>>>
> >>>>>>>>>>>>>> Hi Team,
> >>>>>>>>>>>>>>
> >>>>>>>>>>>>>> I am using "Tomcat 10.1" in our environment and I wanted to
> >>>>>>>>>>>>>>
> >>>>>>>>>>>>> redirect
> >>>>>>
> >>>>>>> url
> >>>>>>>>>>
> >>>>>>>>>>> from https://example.com to https://www.servercom:7777 and for
> >>>>>>>>>>>>>>
> >>>>>>>>>>>>> this i
> >>>>>>>>
> >>>>>>>>> modified the server.xml as below in tomcat config, and the below
> >>>>>>>>>>>>>> configuration doesnot seems to work. Does anyone has ideas.
> >>>>>>>>>>>>>>
> >>>>>>>>>>>>> Please
> >>>>
> >>>>> suggest.
> >>>>>>>>>>>>>
> >>>>>>>>>>>>>> The url alone https://www.servercom:7777/ already works.
> But
> >>>>>>>>>>>>>>
> >>>>>>>>>>>>> just
> >>>>
> >>>>> redirection from the old to one doesnot.
> >>>>>>>>>>>>>>
> >>>>>>>>>>>>>> <Host name="example.com" appBase="app" unpackWARs="true"
> >>>>>>>>>>>>>>
> >>>>>>>>>>>>> autoDeploy="true">
> >>>>>>>>>>>>>
> >>>>>>>>>>>>>> <Context path="" docBase="example" />
> >>>>>>>>>>>>>> <Alias>example.com</Alias>
> >>>>>>>>>>>>>> <!-- Add RewriteValve and RewriteRule here -->
> >>>>>>>>>>>>>> <Valve
> >>>>>>>>>>>>>>
> >>>>>>>>>>>>> className="org.apache.catalina.valves.rewrite.RewriteValve"/>
> >>>>>>>>>>>>>
> >>>>>>>>>>>>>> <Engine name="Catalina" defaultHost="localhost">
> >>>>>>>>>>>>>> <Host name="example.com" appBase="app"
> >>>>>>>>>>>>>>
> >>>>>>>>>>>>> unpackWARs="true"
> >>>>>>
> >>>>>>> autoDeploy="true">
> >>>>>>>>>>>>>> <Context path="" docBase="example" />
> >>>>>>>>>>>>>> <Alias>example.com</Alias>
> >>>>>>>>>>>>>> <Valve
> >>>>>>>>>>>>>>
> >>>>>>>>>>>>> className="org.apache.catalina.valves.rewrite.RewriteValve"/>
> >>>>>>>>>>>>>
> >>>>>>>>>>>>>> <Engine name="Catalina"
> >>>>>>>>>>>>>>
> >>>>>>>>>>>>> defaultHost="localhost">
> >>>>
> >>>>> <Host name="example.com" appBase="app"
> >>>>>>>>>>>>>> unpackWARs="true" autoDeploy="true">
> >>>>>>>>>>>>>> <Context path=""
> docBase="example" />
> >>>>>>>>>>>>>> <Alias>example.com</Alias>
> >>>>>>>>>>>>>> <!-- Rewrite rule to redirect to
> >>>>>>>>>>>>>> www.servercom:8080/example -->
> >>>>>>>>>>>>>> <RewriteCond %{HTTP_HOST}
> >>>>>>>>>>>>>> example\.com
> >>>>>>>>>>>>>>
> >>>>>>>>>>>>> [NC]
> >>>>>>
> >>>>>>> <RewriteRule ^/(.*)$
> >>>>>>>>>>>>>> https://www.servercom:7777/example/$1 [R=301,L]
> >>>>>>>>>>>>>>
> >>>>>>>>>>>>>
> >>>>>>>>>>>>> 1. That isn't valid XML.
> >>>>>>>>>>>>>
> >>>>>>>>>>>>> 2. Where in the Tomcat docs does it say you can nest re-write
> >>>>>>>>>>>>>
> >>>>>>>>>>>> rules
> >>>>
> >>>>> in
> >>>>>>>>
> >>>>>>>>> a
> >>>>>>>>>>
> >>>>>>>>>>> Host element (or any other element)?
> >>>>>>>>>>>>>
> >>>>>>>>>>>>> </Host>
> >>>>>>>>>>>>>> </Engine>
> >>>>>>>>>>>>>> </Host>
> >>>>>>>>>>>>>> </Engine>
> >>>>>>>>>>>>>> </Host>
> >>>>>>>>>>>>>>
> >>>>>>>>>>>>>
> >>>>>>>>>>>>> You need to configure the RewriteValve.
> >>>>>>>>>>>>> https://tomcat.apache.org/tomcat-10.1-doc/rewrite.html
> >>>>>>>>>>>>>
> >>>>>>>>>>>>> Mark
> >>>>>>>>>>>>>
> >>>>>>>>>>>>>
> >>>>>>>>>>>>> ------------------------------------------------------------
> >>>>>> ---------
> >>>>>>
> >>>>>>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> >>>>>>>>>>>>> For additional commands, e-mail:
> users-help@tomcat.apache.org
> >>>>>>>>>>>>>
> >>>>>>>>>>>>>
> >>>>>>>>>>>>>
> >>>>>>>>>>>
> >>>>>>>>>>
> >>>>>>>>>> ------------------------------------------------------------
> >>>> ---------
> >>>>
> >>>>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> >>>>>>>>>> For additional commands, e-mail: users-help@tomcat.apache.org
> >>>>>>>>>>
> >>>>>>>>>>
> >>>>>>>>>>
> >>>>>>>>>
> >>>>>>>> ------------------------------------------------------------
> >>>>>>>> ---------
> >>>>>>>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> >>>>>>>> For additional commands, e-mail: users-help@tomcat.apache.org
> >>>>>>>>
> >>>>>>>>
> >>>>>>>>
> >>>>>>>
> >>>>>>
> ---------------------------------------------------------------------
> >>>>>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> >>>>>> For additional commands, e-mail: users-help@tomcat.apache.org
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>
> >>>> ---------------------------------------------------------------------
> >>>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> >>>> For additional commands, e-mail: users-help@tomcat.apache.org
> >>>>
> >>>>
> >>>>
> >>>
> >> ---------------------------------------------------------------------
> >> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> >> For additional commands, e-mail: users-help@tomcat.apache.org
> >>
> >>
> >
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>
Re: Regarding Tomcat url redirection
Posted by Christopher Schultz <ch...@christopherschultz.net>.
Lavanya,
On 4/24/24 15:39, lavanya tech wrote:
> Local host means the machine i am logged in to server.lbg.com
>
> You are right, example.lbg.com is CNAME record.
Okay, thanks for clearing that up.
> I dont have any SAN configured for the certificate. The certificate is
> requested for only server.lbg.com
You will never be able to make a secure request to anything other than
server.lbg.com without seeing an error. I highly recommend adding the
other hostname as a SAN to your certificate if you really want to
support this.
Even if you wanted https://example.lbg.com/whatever to return an HTTP
302 redirect to https://server.lbg.com/whatever, the user would see a
certificate hostname mismatch error which is ugly. It's best to make it
work without users seeing ugly things.
> So if i just request new certificate with SAN it should work ? If yes, I
> will request for it and follow your steps as below suggested.
Yes, it should.
> Should i use CName record or DNS? Does it make difference?
CNAME *is* DNS.
Whenever possible, use hostnames and not IP addresses as SANs. It's more
flexible that way, and users get to see hostnames instead of IP addresses.
-chris
> On Wednesday, April 24, 2024, Christopher Schultz <
> chris@christopherschultz.net> wrote:
>
>> Lavanya,
>>
>> On 4/24/24 07:37, lavanya tech wrote:
>>
>>> Sorry I understood wrongly here with regards to my environment, Let me
>>> start from the beginning. I donot want to use redirect at all. I simply
>>> wanted to force apache tomcat to use both localhost and dns name of the
>>> localhost via url.
>>>
>>
>> When you say "force" what do you mean?
>>
>> When you say "use both localhost and DNS name" what do you mean?
>>
>> When you say "localhost" do you mean 127.0.0.1 or "the machine I'm
>> logged-into right now"?
>>
>> I have DNS resollution as below.
>>>
>>> server.lbg.com --> localhost
>>>
>>
>> Is that a CNAME record?
>>
>> nslookup server.lbg.com (localhost)
>>> Name: server.lbg.com
>>> Address: 192.168.100.20
>>> alias: example.lbg.com
>>>
>>
>> That's a weird DNS response. The DNS name "localhost" should *always*
>> return 127.0.0.1 for IPv4 and ::1 for IPv6. It shouldn't return
>> 191.168.100.20.
>>
>> We have working the below urls working:
>>> https://server.lbg.com:8443/towl
>>> https://example.lbg.com:8443/towl --> redirects to
>>>
>>
>> What do you mean "redirect"? Does it return a 30x response that causes the
>> browser to make a new request to \/
>>
>> https://server.lbg.com:8443/towl --> still works --> we have SSL
>>> configured for the same but this SSL certificate doesnot have additional
>>> DNS setup.
>>>
>>
>> What SANs are in your certificate? How many certificates do you have?
>>
>> But I would need to somehow access https://example.lbg.com --> which
>>> means
>>> I would need to access via 443 here ?
>>>
>>
>> I'm so confused. What needs to access what?
>>
>> I tried to adding the below to server.xml as below, but that doesnot seems
>>> to work.
>>>
>>> <Connector port="80"
>>> protocol="org.apache.coyote.http11.Http11NioProtocol"
>>> connectionTimeout="20000"
>>> redirectPort="443" />
>>>
>>
>> This will only redirect (HTTP 302) requests to http://yourhost/anything
>> to https://yourhost/anything *if the application specifically requests
>> CONFIDENTIAL transport*. It doesn't just redirect everything by default. If
>> you want it to redirect everything, you'll need to set that up e.g. using
>> RewriteValve. There are other options, too.
>>
>> Do i need additional SSL certificate for the https://example.lbg.com to
>>> make it work ?
>>>
>>
>> If you don't want your browser to complain, you will need at least one TLS
>> certificate that contains every Subject Alternative Name (SAN) for every
>> possible hostname you expect to use with this service. You ca do it with
>> multiple certificates as well, but a single cert with multiple SANs is less
>> work.
>>
>> Do i need to set up an additional web server for this like apache or nginx
>>> for redirecting requests?
>>>
>>
>> No.
>>
>> Please stop saying "redirect" because it sounds like you almost never mean
>> "HTTP 30x redirect" and that's confusing everything.
>>
>> I *think* you only need the following:
>>
>> 1. A TLS certificate with the following SANs:
>>
>> * server.lbg.com
>> * example.lbg.com
>> * localhost (you shouldn't do this)
>>
>> 2. DNS configured for all hostnames:
>>
>> * server.lbg.com -> A 192.168.100.20
>> * example.lgb.com -> A 192.168.100.20
>>
>> 3. Tomcat configured with a single <Host> which is the default virtual
>> host. Note that this is the *default Tomcat configuration* and doesn't need
>> to be changed from the default.
>>
>> 4. Tomcat configured with your certificate like this:
>>
>> <Connector ...
>> SSLEnabled="true">
>> <SSLHostConfig>
>> <Certificate
>> certificateFile="/path/to/your/cert.crt"
>> certificateKeyFile="/path/to/your/key.pem" />
>> <!-- You may need certificateKeyPassword in <Certificate> -->
>> </SSLHostConfig>
>> </Connector>
>>
>> If your SANs are configured properly, this should allow you to connect
>> using any of these URLs:
>>
>> $ curl https://server.lbg.com/towl/login.jsp
>>
>> (returns login page)
>>
>> $ curl https://example.lbg.com/towl/login.jsp
>>
>> (returns login page)
>>
>> If your application's web.xml contains something like this:
>>
>> <security-constraint>
>> <web-resource-collection>
>> <web-resource-name>theapp</web-resource-name>
>> <url-pattern>/*</url-pattern>
>> </web-resource-collection>
>> <user-data-constraint>
>> <transport-guarantee>CONFIDENTIAL</transport-guarantee>
>> </user-data-constraint>
>> </security-constraint>
>>
>> ... then these URLs insecure HTTP URLs should redirect your clients:
>>
>> $ curl http://server.lbg.com/towl/login.jsp
>>
>> (returns HTTP 302 redirect to https://server.lbg.com/towl/login.jsp)
>>
>> $ curl https://server.lbg.com/towl/login.jsp
>>
>> (returns HTTP 302 redirect to https://example.lbg.com/towl/login.jsp)
>>
>> I don't think you need any use of the RewriteValve unless you want to
>> handle sending HTTP 302 redirect responses to insecure requests without
>> specifying the CONFIDENTIAL transport-guarantee in your application's
>> web.xml file. But I don't see any reason NOT to have that in there.
>>
>> -chris
>>
>> On Tue, Apr 23, 2024 at 10:52 PM Christopher Schultz <
>>> chris@christopherschultz.net> wrote:
>>>
>>> Lavanya,
>>>>
>>>> On 4/22/24 05:21, lavanya tech wrote:
>>>>
>>>>> Could you please explain, what you exactly mean ? So here redirect is
>>>>>
>>>> not a
>>>>
>>>>> solution right ?
>>>>>
>>>>
>>>> Redirecting is fine.
>>>>
>>>> Perhaps you should take a step back and decide: what do you actually
>>>> want, here? You might be trying to solve problem X by applying solution
>>>> Y, and you've already decided that solution Y is correct so you are
>>>> trying to get help with that.
>>>>
>>>> Perhaps ask for help with Problem X?
>>>>
>>>> For example, "I don't want users to have to type the name of my
>>>> application to reach it so I want example.com/ to go to my application
>>>> instead of example.com/myapp/".
>>>>
>>>> Or, "I have multiple domains and I want all of them to redirect to the
>>>> canonical domain example.com and to go to me web application /myapp so
>>>> everything goes to example.com/myapp/".
>>>>
>>>> "You'd have to use a glob/regex if
>>>>> you wanted to check for [anything and maybe nothing.]example.com."
>>>>>
>>>>
>>>> There is nothing in your configuration or question that suggests that
>>>> the hostname in the request is relevant, but you are making it a
>>>> *requirement* that the request contains a specific Host header. IF you
>>>> don't actually need that, why do you have it?
>>>>
>>>> -chris
>>>>
>>>> On Fri, Apr 19, 2024 at 3:03 PM Christopher Schultz <
>>>>> chris@christopherschultz.net> wrote:
>>>>>
>>>>> Ammu,
>>>>>>
>>>>>> On 4/19/24 08:32, lavanya tech wrote:
>>>>>>
>>>>>>> Thank you very much. I removed <Host> for example.com as well as
>>>>>>>
>>>>>> adding
>>>>
>>>>> an
>>>>>>
>>>>>>> <Alias> in server.xml
>>>>>>> I copied context.xml file
>>>>>>> /git/app/apache-tomcat-10.1.11/webapps/towl/META-INF/context.xml
>>>>>>> Removed < in rewrite.config files.
>>>>>>>
>>>>>>> But still I dont redirect the URL.
>>>>>>>
>>>>>>
>>>>>> If you have <Context> in server.xml and also your application in the
>>>>>> webapps/ directory, then you will be double-deploying your application.
>>>>>>
>>>>>> Re-name /git/app/apache-tomcat-10.1.11/webapps/towl/ to be
>>>>>> /git/app/apache-tomcat-10.1.11/webapps/ROOT (the capitals are
>>>>>> important)
>>>>>> and remove the <Context> element from your server.xml.
>>>>>>
>>>>>> Then start your server and read the logs.
>>>>>>
>>>>>> *nslookup alias.example.com <http://alias.example.com>
>>>>>>> gives-->Non-authoritative answer:Name: www.example.com
>>>>>>> <http://www.example.com>Address: 192.168.200.10Aliases:
>>>>>>>
>>>>>> alias.example.com
>>>>>>
>>>>>>> <http://alias.example.com>*
>>>>>>>
>>>>>>>
>>>>>>> Just to give some information here, *www.example.com
>>>>>>> <http://www.example.com>* has alias* "alias.example.com
>>>>>>> <http://alias.example.com>"*
>>>>>>> But https://www.example.com:7777/example --> works fine with out
>>>>>>>
>>>>>> issues
>>>>
>>>>> but
>>>>>>
>>>>>>> the alias doesnot works (https://alias.example.com)
>>>>>>> So i am not sure if the redirect url helps or if its correct
>>>>>>>
>>>>>>
>>>>>> Your rewrite configuration says that you have to be using host
>>>>>> "example.com" but your request goes to www.example.com. Your
>>>>>> configuration should only redirect a request such as:
>>>>>>
>>>>>> $ curl -v http://example.com:7777/something
>>>>>>
>>>>>> HTTP/1.1 301 Moved Permanently
>>>>>> ...
>>>>>> Location: https://www.example.com:7777/example
>>>>>>
>>>>>> If you make a request like:
>>>>>>
>>>>>> $ curl -v http://www.example.com:7777/something
>>>>>>
>>>>>> I wouldn't expect a redirect because of your "host" condition. The
>>>>>> "%{HTTP_HOST} example.com" looks at the entire Host header and not
>>>>>> just
>>>>>> anything that ends in "example.com". You'd have to use a glob/regex if
>>>>>> you wanted to check for [anything and maybe nothing.]example.com.
>>>>>>
>>>>>> You'd also have to make sure that your application is serving responses
>>>>>> to requests to / which is why I'm recommending you use the ROOT web
>>>>>> application name instead of "towl".
>>>>>>
>>>>>> -chris
>>>>>>
>>>>>> On Fri, Apr 19, 2024 at 1:21 PM Christopher Schultz <
>>>>>>> chris@christopherschultz.net> wrote:
>>>>>>>
>>>>>>> Ammu,
>>>>>>>>
>>>>>>>> On 4/18/24 09:34, lavanya tech wrote:
>>>>>>>>
>>>>>>>>> I am attaching server.xml and context.xml and rewrite.config files.
>>>>>>>>> The paths are
>>>>>>>>>
>>>>>>>>> /git/app/apache-tomcat-10.1.11/webapps/towl/context.xml
>>>>>>>>> <Context>
>>>>>>>>> <Valve
>>>>>>>>>
>>>>>>>> className="org.apache.catalina.valves.rewrite.RewriteValve"
>>>>>>
>>>>>>> />
>>>>>>>>
>>>>>>>>> <!-- Other context configuration -->
>>>>>>>>> </Context>
>>>>>>>>>
>>>>>>>>
>>>>>>>> This file ^^^ is in the wrong place. It should be in
>>>>>>>> /git/app/apache-tomcat-10.1.11/webapps/towl/META-INF/context.xml
>>>>>>>>
>>>>>>>> /git/app/apache-tomcat-10.1.11/webapps/towl/WEB-INF/rewrite.config
>>>>>>>>>
>>>>>>>>> <RewriteCond %{HTTP_HOST} example.com [NC]
>>>>>>>>> <RewriteRule ^/(.*)$ https://www.example.com:7777/example [R=301,L]
>>>>>>>>>
>>>>>>>>
>>>>>>>> Why do you have < symbols at the beginning of these lines?
>>>>>>>>
>>>>>>>> server.xml
>>>>>>>>>
>>>>>>>>> > [...]
>>>>>>>>
>>>>>>>>>
>>>>>>>>> <Host name="example.com" appBase="webapps"
>>>>>>>>>
>>>>>>>> unpackWARs="true"
>>>>
>>>>> autoDeploy="true">
>>>>>>>>> <Context path="" docBase="towl" />
>>>>>>>>>
>>>>>>>>
>>>>>>>> It's best not to define any <Context> in server.xml. I would remove
>>>>>>>>
>>>>>>> this
>>>>
>>>>> <Context> entirely and allow Tomcat to auto-reploy from your
>>>>>>>> webapps/towl directory. If you need this application to be deployed
>>>>>>>> as
>>>>>>>> the ROOT context (on / and not /towl) then you should re-name
>>>>>>>> /git/app/apache-tomcat-10.1.11/webapps/towl to
>>>>>>>> /git/app/apache-tomcat-10.1.11/webapps/ROOT
>>>>>>>>
>>>>>>>> You also don't need a <Host> for example.com as well as adding an
>>>>>>>> <Alias> for the same domain (though this is probably to anonymize the
>>>>>>>> configuration). You can feel free to simply use the "localhost"
>>>>>>>> <Host>
>>>>>>>> as the default <Host> and deploy everything into it. This makes your
>>>>>>>> configuration changes relative to a stock Tomcat less significant and
>>>>>>>> easier to apply to new versions if/when necessary.
>>>>>>>>
>>>>>>>> -chris
>>>>>>>>
>>>>>>>> On Thu, Apr 18, 2024 at 2:17 PM Christopher Schultz <
>>>>>>>>> chris@christopherschultz.net> wrote:
>>>>>>>>>
>>>>>>>>> Ammu,
>>>>>>>>>>
>>>>>>>>>> On 4/18/24 07:45, lavanya tech wrote:
>>>>>>>>>>
>>>>>>>>>>> I added classname rewrite valeus in contex.xml file .
>>>>>>>>>>>
>>>>>>>>>>> <!-- REWRITE VALVE -->
>>>>>>>>>>> <Valve
>>>>>>>>>>>
>>>>>>>>>> className="org.apache.catalina.valves.rewrite.RewriteValve"
>>>>>>>>
>>>>>>>>> />
>>>>>>>>>>
>>>>>>>>>>> <!-- // -->
>>>>>>>>>>>
>>>>>>>>>>> created rewrite.config so both of them is located under conf
>>>>>>>>>>> under
>>>>>>>>>>> apache-tomcat.
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> <RewriteCond %{HTTP_HOST} example.com
>>>>>>>>>>> [NC]
>>>>>>>>>>> <RewriteRule ^/(.*)$
>>>>>>>>>>> https://www.example.com:7777/example [R=301,L]
>>>>>>>>>>>
>>>>>>>>>>> So according to the documentaion they say context.xml should be
>>>>>>>>>>>
>>>>>>>>>> placed
>>>>>>
>>>>>>> under webapps and rewrite.config file should be put in WEB-INF
>>>>>>>>>>>
>>>>>>>>>> folder
>>>>
>>>>> of
>>>>>>>>
>>>>>>>>> apache-tomcat . I placed and restarted tomcat webserver but still
>>>>>>>>>>>
>>>>>>>>>> it
>>>>
>>>>> doesnot redirect.
>>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> Can you give full paths to both server.xml and rewrite.config,
>>>>>>>>>>
>>>>>>>>> re-post
>>>>
>>>>> your current server.xml <Context> element, and the complete contents
>>>>>>>>>>
>>>>>>>>> of
>>>>>>
>>>>>>> rewrite.config?
>>>>>>>>>>
>>>>>>>>>> Have you looked at the log files after start?
>>>>>>>>>>
>>>>>>>>>> -chris
>>>>>>>>>>
>>>>>>>>>> On Thu, Apr 18, 2024 at 1:36 PM lavanya tech <
>>>>>>>>>>>
>>>>>>>>>> lavanyatech440@gmail.com
>>>>>>
>>>>>>>
>>>>>>>>> wrote:
>>>>>>>>>>>
>>>>>>>>>>> Hi Thomas,
>>>>>>>>>>>>
>>>>>>>>>>>> Thanks for the fast response.
>>>>>>>>>>>>
>>>>>>>>>>>> I added classname rewrite valeus in contex.xml file .
>>>>>>>>>>>>
>>>>>>>>>>>> <!-- REWRITE VALVE -->
>>>>>>>>>>>> <Valve
>>>>>>>>>>>>
>>>>>>>>>>> className="org.apache.catalina.valves.rewrite.RewriteValve"
>>>>>>>>
>>>>>>>>> />
>>>>>>>>>>
>>>>>>>>>>> <!-- // -->
>>>>>>>>>>>>
>>>>>>>>>>>> created rewrite.config so both of them is located under conf
>>>>>>>>>>>>
>>>>>>>>>>> under
>>>>
>>>>> apache-tomcat.
>>>>>>>>>>>>
>>>>>>>>>>>> So according to the documentaion they say context.xml should be
>>>>>>>>>>>>
>>>>>>>>>>> placed
>>>>>>
>>>>>>> under webapps and rewrite.config file should be put in WEB-INF
>>>>>>>>>>>>
>>>>>>>>>>> folder
>>>>>>
>>>>>>> of
>>>>>>>>
>>>>>>>>> apache-tomcat
>>>>>>>>>>>>
>>>>>>>>>>>> Thnks,
>>>>>>>>>>>> Ammu
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>> On Thu, Apr 18, 2024 at 1:22 PM Mark Thomas <ma...@apache.org>
>>>>>>>>>>>>
>>>>>>>>>>> wrote:
>>>>>>
>>>>>>>
>>>>>>>>>>>> On 18/04/2024 12:05, lavanya tech wrote:
>>>>>>>>>>>>>
>>>>>>>>>>>>>> Hi Team,
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> I am using "Tomcat 10.1" in our environment and I wanted to
>>>>>>>>>>>>>>
>>>>>>>>>>>>> redirect
>>>>>>
>>>>>>> url
>>>>>>>>>>
>>>>>>>>>>> from https://example.com to https://www.servercom:7777 and for
>>>>>>>>>>>>>>
>>>>>>>>>>>>> this i
>>>>>>>>
>>>>>>>>> modified the server.xml as below in tomcat config, and the below
>>>>>>>>>>>>>> configuration doesnot seems to work. Does anyone has ideas.
>>>>>>>>>>>>>>
>>>>>>>>>>>>> Please
>>>>
>>>>> suggest.
>>>>>>>>>>>>>
>>>>>>>>>>>>>> The url alone https://www.servercom:7777/ already works. But
>>>>>>>>>>>>>>
>>>>>>>>>>>>> just
>>>>
>>>>> redirection from the old to one doesnot.
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> <Host name="example.com" appBase="app" unpackWARs="true"
>>>>>>>>>>>>>>
>>>>>>>>>>>>> autoDeploy="true">
>>>>>>>>>>>>>
>>>>>>>>>>>>>> <Context path="" docBase="example" />
>>>>>>>>>>>>>> <Alias>example.com</Alias>
>>>>>>>>>>>>>> <!-- Add RewriteValve and RewriteRule here -->
>>>>>>>>>>>>>> <Valve
>>>>>>>>>>>>>>
>>>>>>>>>>>>> className="org.apache.catalina.valves.rewrite.RewriteValve"/>
>>>>>>>>>>>>>
>>>>>>>>>>>>>> <Engine name="Catalina" defaultHost="localhost">
>>>>>>>>>>>>>> <Host name="example.com" appBase="app"
>>>>>>>>>>>>>>
>>>>>>>>>>>>> unpackWARs="true"
>>>>>>
>>>>>>> autoDeploy="true">
>>>>>>>>>>>>>> <Context path="" docBase="example" />
>>>>>>>>>>>>>> <Alias>example.com</Alias>
>>>>>>>>>>>>>> <Valve
>>>>>>>>>>>>>>
>>>>>>>>>>>>> className="org.apache.catalina.valves.rewrite.RewriteValve"/>
>>>>>>>>>>>>>
>>>>>>>>>>>>>> <Engine name="Catalina"
>>>>>>>>>>>>>>
>>>>>>>>>>>>> defaultHost="localhost">
>>>>
>>>>> <Host name="example.com" appBase="app"
>>>>>>>>>>>>>> unpackWARs="true" autoDeploy="true">
>>>>>>>>>>>>>> <Context path="" docBase="example" />
>>>>>>>>>>>>>> <Alias>example.com</Alias>
>>>>>>>>>>>>>> <!-- Rewrite rule to redirect to
>>>>>>>>>>>>>> www.servercom:8080/example -->
>>>>>>>>>>>>>> <RewriteCond %{HTTP_HOST}
>>>>>>>>>>>>>> example\.com
>>>>>>>>>>>>>>
>>>>>>>>>>>>> [NC]
>>>>>>
>>>>>>> <RewriteRule ^/(.*)$
>>>>>>>>>>>>>> https://www.servercom:7777/example/$1 [R=301,L]
>>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>> 1. That isn't valid XML.
>>>>>>>>>>>>>
>>>>>>>>>>>>> 2. Where in the Tomcat docs does it say you can nest re-write
>>>>>>>>>>>>>
>>>>>>>>>>>> rules
>>>>
>>>>> in
>>>>>>>>
>>>>>>>>> a
>>>>>>>>>>
>>>>>>>>>>> Host element (or any other element)?
>>>>>>>>>>>>>
>>>>>>>>>>>>> </Host>
>>>>>>>>>>>>>> </Engine>
>>>>>>>>>>>>>> </Host>
>>>>>>>>>>>>>> </Engine>
>>>>>>>>>>>>>> </Host>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>> You need to configure the RewriteValve.
>>>>>>>>>>>>> https://tomcat.apache.org/tomcat-10.1-doc/rewrite.html
>>>>>>>>>>>>>
>>>>>>>>>>>>> Mark
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>> ------------------------------------------------------------
>>>>>> ---------
>>>>>>
>>>>>>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>>>>>>>>>>>>> For additional commands, e-mail: users-help@tomcat.apache.org
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> ------------------------------------------------------------
>>>> ---------
>>>>
>>>>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>>>>>>>>>> For additional commands, e-mail: users-help@tomcat.apache.org
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>
>>>>>>>> ------------------------------------------------------------
>>>>>>>> ---------
>>>>>>>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>>>>>>>> For additional commands, e-mail: users-help@tomcat.apache.org
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>> ---------------------------------------------------------------------
>>>>>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>>>>>> For additional commands, e-mail: users-help@tomcat.apache.org
>>>>>>
>>>>>>
>>>>>>
>>>>>
>>>> ---------------------------------------------------------------------
>>>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>>>> For additional commands, e-mail: users-help@tomcat.apache.org
>>>>
>>>>
>>>>
>>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>> For additional commands, e-mail: users-help@tomcat.apache.org
>>
>>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Regarding Tomcat url redirection
Posted by lavanya tech <la...@gmail.com>.
Hi Chris,
Thanks for the reply.
Local host means the machine i am logged in to server.lbg.com
You are right, example.lbg.com is CNAME record.
I dont have any SAN configured for the certificate. The certificate is
requested for only server.lbg.com
So if i just request new certificate with SAN it should work ? If yes, I
will request for it and follow your steps as below suggested.
Should i use CName record or DNS? Does it make difference?
Thanks,
Lavanya
On Wednesday, April 24, 2024, Christopher Schultz <
chris@christopherschultz.net> wrote:
> Lavanya,
>
> On 4/24/24 07:37, lavanya tech wrote:
>
>> Sorry I understood wrongly here with regards to my environment, Let me
>> start from the beginning. I donot want to use redirect at all. I simply
>> wanted to force apache tomcat to use both localhost and dns name of the
>> localhost via url.
>>
>
> When you say "force" what do you mean?
>
> When you say "use both localhost and DNS name" what do you mean?
>
> When you say "localhost" do you mean 127.0.0.1 or "the machine I'm
> logged-into right now"?
>
> I have DNS resollution as below.
>>
>> server.lbg.com --> localhost
>>
>
> Is that a CNAME record?
>
> nslookup server.lbg.com (localhost)
>> Name: server.lbg.com
>> Address: 192.168.100.20
>> alias: example.lbg.com
>>
>
> That's a weird DNS response. The DNS name "localhost" should *always*
> return 127.0.0.1 for IPv4 and ::1 for IPv6. It shouldn't return
> 191.168.100.20.
>
> We have working the below urls working:
>> https://server.lbg.com:8443/towl
>> https://example.lbg.com:8443/towl --> redirects to
>>
>
> What do you mean "redirect"? Does it return a 30x response that causes the
> browser to make a new request to \/
>
> https://server.lbg.com:8443/towl --> still works --> we have SSL
>> configured for the same but this SSL certificate doesnot have additional
>> DNS setup.
>>
>
> What SANs are in your certificate? How many certificates do you have?
>
> But I would need to somehow access https://example.lbg.com --> which
>> means
>> I would need to access via 443 here ?
>>
>
> I'm so confused. What needs to access what?
>
> I tried to adding the below to server.xml as below, but that doesnot seems
>> to work.
>>
>> <Connector port="80"
>> protocol="org.apache.coyote.http11.Http11NioProtocol"
>> connectionTimeout="20000"
>> redirectPort="443" />
>>
>
> This will only redirect (HTTP 302) requests to http://yourhost/anything
> to https://yourhost/anything *if the application specifically requests
> CONFIDENTIAL transport*. It doesn't just redirect everything by default. If
> you want it to redirect everything, you'll need to set that up e.g. using
> RewriteValve. There are other options, too.
>
> Do i need additional SSL certificate for the https://example.lbg.com to
>> make it work ?
>>
>
> If you don't want your browser to complain, you will need at least one TLS
> certificate that contains every Subject Alternative Name (SAN) for every
> possible hostname you expect to use with this service. You ca do it with
> multiple certificates as well, but a single cert with multiple SANs is less
> work.
>
> Do i need to set up an additional web server for this like apache or nginx
>> for redirecting requests?
>>
>
> No.
>
> Please stop saying "redirect" because it sounds like you almost never mean
> "HTTP 30x redirect" and that's confusing everything.
>
> I *think* you only need the following:
>
> 1. A TLS certificate with the following SANs:
>
> * server.lbg.com
> * example.lbg.com
> * localhost (you shouldn't do this)
>
> 2. DNS configured for all hostnames:
>
> * server.lbg.com -> A 192.168.100.20
> * example.lgb.com -> A 192.168.100.20
>
> 3. Tomcat configured with a single <Host> which is the default virtual
> host. Note that this is the *default Tomcat configuration* and doesn't need
> to be changed from the default.
>
> 4. Tomcat configured with your certificate like this:
>
> <Connector ...
> SSLEnabled="true">
> <SSLHostConfig>
> <Certificate
> certificateFile="/path/to/your/cert.crt"
> certificateKeyFile="/path/to/your/key.pem" />
> <!-- You may need certificateKeyPassword in <Certificate> -->
> </SSLHostConfig>
> </Connector>
>
> If your SANs are configured properly, this should allow you to connect
> using any of these URLs:
>
> $ curl https://server.lbg.com/towl/login.jsp
>
> (returns login page)
>
> $ curl https://example.lbg.com/towl/login.jsp
>
> (returns login page)
>
> If your application's web.xml contains something like this:
>
> <security-constraint>
> <web-resource-collection>
> <web-resource-name>theapp</web-resource-name>
> <url-pattern>/*</url-pattern>
> </web-resource-collection>
> <user-data-constraint>
> <transport-guarantee>CONFIDENTIAL</transport-guarantee>
> </user-data-constraint>
> </security-constraint>
>
> ... then these URLs insecure HTTP URLs should redirect your clients:
>
> $ curl http://server.lbg.com/towl/login.jsp
>
> (returns HTTP 302 redirect to https://server.lbg.com/towl/login.jsp)
>
> $ curl https://server.lbg.com/towl/login.jsp
>
> (returns HTTP 302 redirect to https://example.lbg.com/towl/login.jsp)
>
> I don't think you need any use of the RewriteValve unless you want to
> handle sending HTTP 302 redirect responses to insecure requests without
> specifying the CONFIDENTIAL transport-guarantee in your application's
> web.xml file. But I don't see any reason NOT to have that in there.
>
> -chris
>
> On Tue, Apr 23, 2024 at 10:52 PM Christopher Schultz <
>> chris@christopherschultz.net> wrote:
>>
>> Lavanya,
>>>
>>> On 4/22/24 05:21, lavanya tech wrote:
>>>
>>>> Could you please explain, what you exactly mean ? So here redirect is
>>>>
>>> not a
>>>
>>>> solution right ?
>>>>
>>>
>>> Redirecting is fine.
>>>
>>> Perhaps you should take a step back and decide: what do you actually
>>> want, here? You might be trying to solve problem X by applying solution
>>> Y, and you've already decided that solution Y is correct so you are
>>> trying to get help with that.
>>>
>>> Perhaps ask for help with Problem X?
>>>
>>> For example, "I don't want users to have to type the name of my
>>> application to reach it so I want example.com/ to go to my application
>>> instead of example.com/myapp/".
>>>
>>> Or, "I have multiple domains and I want all of them to redirect to the
>>> canonical domain example.com and to go to me web application /myapp so
>>> everything goes to example.com/myapp/".
>>>
>>> "You'd have to use a glob/regex if
>>>> you wanted to check for [anything and maybe nothing.]example.com."
>>>>
>>>
>>> There is nothing in your configuration or question that suggests that
>>> the hostname in the request is relevant, but you are making it a
>>> *requirement* that the request contains a specific Host header. IF you
>>> don't actually need that, why do you have it?
>>>
>>> -chris
>>>
>>> On Fri, Apr 19, 2024 at 3:03 PM Christopher Schultz <
>>>> chris@christopherschultz.net> wrote:
>>>>
>>>> Ammu,
>>>>>
>>>>> On 4/19/24 08:32, lavanya tech wrote:
>>>>>
>>>>>> Thank you very much. I removed <Host> for example.com as well as
>>>>>>
>>>>> adding
>>>
>>>> an
>>>>>
>>>>>> <Alias> in server.xml
>>>>>> I copied context.xml file
>>>>>> /git/app/apache-tomcat-10.1.11/webapps/towl/META-INF/context.xml
>>>>>> Removed < in rewrite.config files.
>>>>>>
>>>>>> But still I dont redirect the URL.
>>>>>>
>>>>>
>>>>> If you have <Context> in server.xml and also your application in the
>>>>> webapps/ directory, then you will be double-deploying your application.
>>>>>
>>>>> Re-name /git/app/apache-tomcat-10.1.11/webapps/towl/ to be
>>>>> /git/app/apache-tomcat-10.1.11/webapps/ROOT (the capitals are
>>>>> important)
>>>>> and remove the <Context> element from your server.xml.
>>>>>
>>>>> Then start your server and read the logs.
>>>>>
>>>>> *nslookup alias.example.com <http://alias.example.com>
>>>>>> gives-->Non-authoritative answer:Name: www.example.com
>>>>>> <http://www.example.com>Address: 192.168.200.10Aliases:
>>>>>>
>>>>> alias.example.com
>>>>>
>>>>>> <http://alias.example.com>*
>>>>>>
>>>>>>
>>>>>> Just to give some information here, *www.example.com
>>>>>> <http://www.example.com>* has alias* "alias.example.com
>>>>>> <http://alias.example.com>"*
>>>>>> But https://www.example.com:7777/example --> works fine with out
>>>>>>
>>>>> issues
>>>
>>>> but
>>>>>
>>>>>> the alias doesnot works (https://alias.example.com)
>>>>>> So i am not sure if the redirect url helps or if its correct
>>>>>>
>>>>>
>>>>> Your rewrite configuration says that you have to be using host
>>>>> "example.com" but your request goes to www.example.com. Your
>>>>> configuration should only redirect a request such as:
>>>>>
>>>>> $ curl -v http://example.com:7777/something
>>>>>
>>>>> HTTP/1.1 301 Moved Permanently
>>>>> ...
>>>>> Location: https://www.example.com:7777/example
>>>>>
>>>>> If you make a request like:
>>>>>
>>>>> $ curl -v http://www.example.com:7777/something
>>>>>
>>>>> I wouldn't expect a redirect because of your "host" condition. The
>>>>> "%{HTTP_HOST} example.com" looks at the entire Host header and not
>>>>> just
>>>>> anything that ends in "example.com". You'd have to use a glob/regex if
>>>>> you wanted to check for [anything and maybe nothing.]example.com.
>>>>>
>>>>> You'd also have to make sure that your application is serving responses
>>>>> to requests to / which is why I'm recommending you use the ROOT web
>>>>> application name instead of "towl".
>>>>>
>>>>> -chris
>>>>>
>>>>> On Fri, Apr 19, 2024 at 1:21 PM Christopher Schultz <
>>>>>> chris@christopherschultz.net> wrote:
>>>>>>
>>>>>> Ammu,
>>>>>>>
>>>>>>> On 4/18/24 09:34, lavanya tech wrote:
>>>>>>>
>>>>>>>> I am attaching server.xml and context.xml and rewrite.config files.
>>>>>>>> The paths are
>>>>>>>>
>>>>>>>> /git/app/apache-tomcat-10.1.11/webapps/towl/context.xml
>>>>>>>> <Context>
>>>>>>>> <Valve
>>>>>>>>
>>>>>>> className="org.apache.catalina.valves.rewrite.RewriteValve"
>>>>>
>>>>>> />
>>>>>>>
>>>>>>>> <!-- Other context configuration -->
>>>>>>>> </Context>
>>>>>>>>
>>>>>>>
>>>>>>> This file ^^^ is in the wrong place. It should be in
>>>>>>> /git/app/apache-tomcat-10.1.11/webapps/towl/META-INF/context.xml
>>>>>>>
>>>>>>> /git/app/apache-tomcat-10.1.11/webapps/towl/WEB-INF/rewrite.config
>>>>>>>>
>>>>>>>> <RewriteCond %{HTTP_HOST} example.com [NC]
>>>>>>>> <RewriteRule ^/(.*)$ https://www.example.com:7777/example [R=301,L]
>>>>>>>>
>>>>>>>
>>>>>>> Why do you have < symbols at the beginning of these lines?
>>>>>>>
>>>>>>> server.xml
>>>>>>>>
>>>>>>>> > [...]
>>>>>>>
>>>>>>>>
>>>>>>>> <Host name="example.com" appBase="webapps"
>>>>>>>>
>>>>>>> unpackWARs="true"
>>>
>>>> autoDeploy="true">
>>>>>>>> <Context path="" docBase="towl" />
>>>>>>>>
>>>>>>>
>>>>>>> It's best not to define any <Context> in server.xml. I would remove
>>>>>>>
>>>>>> this
>>>
>>>> <Context> entirely and allow Tomcat to auto-reploy from your
>>>>>>> webapps/towl directory. If you need this application to be deployed
>>>>>>> as
>>>>>>> the ROOT context (on / and not /towl) then you should re-name
>>>>>>> /git/app/apache-tomcat-10.1.11/webapps/towl to
>>>>>>> /git/app/apache-tomcat-10.1.11/webapps/ROOT
>>>>>>>
>>>>>>> You also don't need a <Host> for example.com as well as adding an
>>>>>>> <Alias> for the same domain (though this is probably to anonymize the
>>>>>>> configuration). You can feel free to simply use the "localhost"
>>>>>>> <Host>
>>>>>>> as the default <Host> and deploy everything into it. This makes your
>>>>>>> configuration changes relative to a stock Tomcat less significant and
>>>>>>> easier to apply to new versions if/when necessary.
>>>>>>>
>>>>>>> -chris
>>>>>>>
>>>>>>> On Thu, Apr 18, 2024 at 2:17 PM Christopher Schultz <
>>>>>>>> chris@christopherschultz.net> wrote:
>>>>>>>>
>>>>>>>> Ammu,
>>>>>>>>>
>>>>>>>>> On 4/18/24 07:45, lavanya tech wrote:
>>>>>>>>>
>>>>>>>>>> I added classname rewrite valeus in contex.xml file .
>>>>>>>>>>
>>>>>>>>>> <!-- REWRITE VALVE -->
>>>>>>>>>> <Valve
>>>>>>>>>>
>>>>>>>>> className="org.apache.catalina.valves.rewrite.RewriteValve"
>>>>>>>
>>>>>>>> />
>>>>>>>>>
>>>>>>>>>> <!-- // -->
>>>>>>>>>>
>>>>>>>>>> created rewrite.config so both of them is located under conf
>>>>>>>>>> under
>>>>>>>>>> apache-tomcat.
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> <RewriteCond %{HTTP_HOST} example.com
>>>>>>>>>> [NC]
>>>>>>>>>> <RewriteRule ^/(.*)$
>>>>>>>>>> https://www.example.com:7777/example [R=301,L]
>>>>>>>>>>
>>>>>>>>>> So according to the documentaion they say context.xml should be
>>>>>>>>>>
>>>>>>>>> placed
>>>>>
>>>>>> under webapps and rewrite.config file should be put in WEB-INF
>>>>>>>>>>
>>>>>>>>> folder
>>>
>>>> of
>>>>>>>
>>>>>>>> apache-tomcat . I placed and restarted tomcat webserver but still
>>>>>>>>>>
>>>>>>>>> it
>>>
>>>> doesnot redirect.
>>>>>>>>>>
>>>>>>>>>
>>>>>>>>> Can you give full paths to both server.xml and rewrite.config,
>>>>>>>>>
>>>>>>>> re-post
>>>
>>>> your current server.xml <Context> element, and the complete contents
>>>>>>>>>
>>>>>>>> of
>>>>>
>>>>>> rewrite.config?
>>>>>>>>>
>>>>>>>>> Have you looked at the log files after start?
>>>>>>>>>
>>>>>>>>> -chris
>>>>>>>>>
>>>>>>>>> On Thu, Apr 18, 2024 at 1:36 PM lavanya tech <
>>>>>>>>>>
>>>>>>>>> lavanyatech440@gmail.com
>>>>>
>>>>>>
>>>>>>>> wrote:
>>>>>>>>>>
>>>>>>>>>> Hi Thomas,
>>>>>>>>>>>
>>>>>>>>>>> Thanks for the fast response.
>>>>>>>>>>>
>>>>>>>>>>> I added classname rewrite valeus in contex.xml file .
>>>>>>>>>>>
>>>>>>>>>>> <!-- REWRITE VALVE -->
>>>>>>>>>>> <Valve
>>>>>>>>>>>
>>>>>>>>>> className="org.apache.catalina.valves.rewrite.RewriteValve"
>>>>>>>
>>>>>>>> />
>>>>>>>>>
>>>>>>>>>> <!-- // -->
>>>>>>>>>>>
>>>>>>>>>>> created rewrite.config so both of them is located under conf
>>>>>>>>>>>
>>>>>>>>>> under
>>>
>>>> apache-tomcat.
>>>>>>>>>>>
>>>>>>>>>>> So according to the documentaion they say context.xml should be
>>>>>>>>>>>
>>>>>>>>>> placed
>>>>>
>>>>>> under webapps and rewrite.config file should be put in WEB-INF
>>>>>>>>>>>
>>>>>>>>>> folder
>>>>>
>>>>>> of
>>>>>>>
>>>>>>>> apache-tomcat
>>>>>>>>>>>
>>>>>>>>>>> Thnks,
>>>>>>>>>>> Ammu
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> On Thu, Apr 18, 2024 at 1:22 PM Mark Thomas <ma...@apache.org>
>>>>>>>>>>>
>>>>>>>>>> wrote:
>>>>>
>>>>>>
>>>>>>>>>>> On 18/04/2024 12:05, lavanya tech wrote:
>>>>>>>>>>>>
>>>>>>>>>>>>> Hi Team,
>>>>>>>>>>>>>
>>>>>>>>>>>>> I am using "Tomcat 10.1" in our environment and I wanted to
>>>>>>>>>>>>>
>>>>>>>>>>>> redirect
>>>>>
>>>>>> url
>>>>>>>>>
>>>>>>>>>> from https://example.com to https://www.servercom:7777 and for
>>>>>>>>>>>>>
>>>>>>>>>>>> this i
>>>>>>>
>>>>>>>> modified the server.xml as below in tomcat config, and the below
>>>>>>>>>>>>> configuration doesnot seems to work. Does anyone has ideas.
>>>>>>>>>>>>>
>>>>>>>>>>>> Please
>>>
>>>> suggest.
>>>>>>>>>>>>
>>>>>>>>>>>>> The url alone https://www.servercom:7777/ already works. But
>>>>>>>>>>>>>
>>>>>>>>>>>> just
>>>
>>>> redirection from the old to one doesnot.
>>>>>>>>>>>>>
>>>>>>>>>>>>> <Host name="example.com" appBase="app" unpackWARs="true"
>>>>>>>>>>>>>
>>>>>>>>>>>> autoDeploy="true">
>>>>>>>>>>>>
>>>>>>>>>>>>> <Context path="" docBase="example" />
>>>>>>>>>>>>> <Alias>example.com</Alias>
>>>>>>>>>>>>> <!-- Add RewriteValve and RewriteRule here -->
>>>>>>>>>>>>> <Valve
>>>>>>>>>>>>>
>>>>>>>>>>>> className="org.apache.catalina.valves.rewrite.RewriteValve"/>
>>>>>>>>>>>>
>>>>>>>>>>>>> <Engine name="Catalina" defaultHost="localhost">
>>>>>>>>>>>>> <Host name="example.com" appBase="app"
>>>>>>>>>>>>>
>>>>>>>>>>>> unpackWARs="true"
>>>>>
>>>>>> autoDeploy="true">
>>>>>>>>>>>>> <Context path="" docBase="example" />
>>>>>>>>>>>>> <Alias>example.com</Alias>
>>>>>>>>>>>>> <Valve
>>>>>>>>>>>>>
>>>>>>>>>>>> className="org.apache.catalina.valves.rewrite.RewriteValve"/>
>>>>>>>>>>>>
>>>>>>>>>>>>> <Engine name="Catalina"
>>>>>>>>>>>>>
>>>>>>>>>>>> defaultHost="localhost">
>>>
>>>> <Host name="example.com" appBase="app"
>>>>>>>>>>>>> unpackWARs="true" autoDeploy="true">
>>>>>>>>>>>>> <Context path="" docBase="example" />
>>>>>>>>>>>>> <Alias>example.com</Alias>
>>>>>>>>>>>>> <!-- Rewrite rule to redirect to
>>>>>>>>>>>>> www.servercom:8080/example -->
>>>>>>>>>>>>> <RewriteCond %{HTTP_HOST}
>>>>>>>>>>>>> example\.com
>>>>>>>>>>>>>
>>>>>>>>>>>> [NC]
>>>>>
>>>>>> <RewriteRule ^/(.*)$
>>>>>>>>>>>>> https://www.servercom:7777/example/$1 [R=301,L]
>>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>> 1. That isn't valid XML.
>>>>>>>>>>>>
>>>>>>>>>>>> 2. Where in the Tomcat docs does it say you can nest re-write
>>>>>>>>>>>>
>>>>>>>>>>> rules
>>>
>>>> in
>>>>>>>
>>>>>>>> a
>>>>>>>>>
>>>>>>>>>> Host element (or any other element)?
>>>>>>>>>>>>
>>>>>>>>>>>> </Host>
>>>>>>>>>>>>> </Engine>
>>>>>>>>>>>>> </Host>
>>>>>>>>>>>>> </Engine>
>>>>>>>>>>>>> </Host>
>>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>> You need to configure the RewriteValve.
>>>>>>>>>>>> https://tomcat.apache.org/tomcat-10.1-doc/rewrite.html
>>>>>>>>>>>>
>>>>>>>>>>>> Mark
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>> ------------------------------------------------------------
>>>>> ---------
>>>>>
>>>>>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>>>>>>>>>>>> For additional commands, e-mail: users-help@tomcat.apache.org
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>
>>>>>>>>> ------------------------------------------------------------
>>> ---------
>>>
>>>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>>>>>>>>> For additional commands, e-mail: users-help@tomcat.apache.org
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>
>>>>>>> ------------------------------------------------------------
>>>>>>> ---------
>>>>>>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>>>>>>> For additional commands, e-mail: users-help@tomcat.apache.org
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>
>>>>> ---------------------------------------------------------------------
>>>>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>>>>> For additional commands, e-mail: users-help@tomcat.apache.org
>>>>>
>>>>>
>>>>>
>>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>>> For additional commands, e-mail: users-help@tomcat.apache.org
>>>
>>>
>>>
>>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>
Re: Regarding Tomcat url redirection
Posted by Christopher Schultz <ch...@christopherschultz.net>.
Lavanya,
On 4/24/24 07:37, lavanya tech wrote:
> Sorry I understood wrongly here with regards to my environment, Let me
> start from the beginning. I donot want to use redirect at all. I simply
> wanted to force apache tomcat to use both localhost and dns name of the
> localhost via url.
When you say "force" what do you mean?
When you say "use both localhost and DNS name" what do you mean?
When you say "localhost" do you mean 127.0.0.1 or "the machine I'm
logged-into right now"?
> I have DNS resollution as below.
>
> server.lbg.com --> localhost
Is that a CNAME record?
> nslookup server.lbg.com (localhost)
> Name: server.lbg.com
> Address: 192.168.100.20
> alias: example.lbg.com
That's a weird DNS response. The DNS name "localhost" should *always*
return 127.0.0.1 for IPv4 and ::1 for IPv6. It shouldn't return
191.168.100.20.
> We have working the below urls working:
> https://server.lbg.com:8443/towl
> https://example.lbg.com:8443/towl --> redirects to
What do you mean "redirect"? Does it return a 30x response that causes
the browser to make a new request to \/
> https://server.lbg.com:8443/towl --> still works --> we have SSL
> configured for the same but this SSL certificate doesnot have additional
> DNS setup.
What SANs are in your certificate? How many certificates do you have?
> But I would need to somehow access https://example.lbg.com --> which means
> I would need to access via 443 here ?
I'm so confused. What needs to access what?
> I tried to adding the below to server.xml as below, but that doesnot seems
> to work.
>
> <Connector port="80"
> protocol="org.apache.coyote.http11.Http11NioProtocol"
> connectionTimeout="20000"
> redirectPort="443" />
This will only redirect (HTTP 302) requests to http://yourhost/anything
to https://yourhost/anything *if the application specifically requests
CONFIDENTIAL transport*. It doesn't just redirect everything by default.
If you want it to redirect everything, you'll need to set that up e.g.
using RewriteValve. There are other options, too.
> Do i need additional SSL certificate for the https://example.lbg.com to
> make it work ?
If you don't want your browser to complain, you will need at least one
TLS certificate that contains every Subject Alternative Name (SAN) for
every possible hostname you expect to use with this service. You ca do
it with multiple certificates as well, but a single cert with multiple
SANs is less work.
> Do i need to set up an additional web server for this like apache or nginx
> for redirecting requests?
No.
Please stop saying "redirect" because it sounds like you almost never
mean "HTTP 30x redirect" and that's confusing everything.
I *think* you only need the following:
1. A TLS certificate with the following SANs:
* server.lbg.com
* example.lbg.com
* localhost (you shouldn't do this)
2. DNS configured for all hostnames:
* server.lbg.com -> A 192.168.100.20
* example.lgb.com -> A 192.168.100.20
3. Tomcat configured with a single <Host> which is the default virtual
host. Note that this is the *default Tomcat configuration* and doesn't
need to be changed from the default.
4. Tomcat configured with your certificate like this:
<Connector ...
SSLEnabled="true">
<SSLHostConfig>
<Certificate
certificateFile="/path/to/your/cert.crt"
certificateKeyFile="/path/to/your/key.pem" />
<!-- You may need certificateKeyPassword in <Certificate> -->
</SSLHostConfig>
</Connector>
If your SANs are configured properly, this should allow you to connect
using any of these URLs:
$ curl https://server.lbg.com/towl/login.jsp
(returns login page)
$ curl https://example.lbg.com/towl/login.jsp
(returns login page)
If your application's web.xml contains something like this:
<security-constraint>
<web-resource-collection>
<web-resource-name>theapp</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
... then these URLs insecure HTTP URLs should redirect your clients:
$ curl http://server.lbg.com/towl/login.jsp
(returns HTTP 302 redirect to https://server.lbg.com/towl/login.jsp)
$ curl https://server.lbg.com/towl/login.jsp
(returns HTTP 302 redirect to https://example.lbg.com/towl/login.jsp)
I don't think you need any use of the RewriteValve unless you want to
handle sending HTTP 302 redirect responses to insecure requests without
specifying the CONFIDENTIAL transport-guarantee in your application's
web.xml file. But I don't see any reason NOT to have that in there.
-chris
> On Tue, Apr 23, 2024 at 10:52 PM Christopher Schultz <
> chris@christopherschultz.net> wrote:
>
>> Lavanya,
>>
>> On 4/22/24 05:21, lavanya tech wrote:
>>> Could you please explain, what you exactly mean ? So here redirect is
>> not a
>>> solution right ?
>>
>> Redirecting is fine.
>>
>> Perhaps you should take a step back and decide: what do you actually
>> want, here? You might be trying to solve problem X by applying solution
>> Y, and you've already decided that solution Y is correct so you are
>> trying to get help with that.
>>
>> Perhaps ask for help with Problem X?
>>
>> For example, "I don't want users to have to type the name of my
>> application to reach it so I want example.com/ to go to my application
>> instead of example.com/myapp/".
>>
>> Or, "I have multiple domains and I want all of them to redirect to the
>> canonical domain example.com and to go to me web application /myapp so
>> everything goes to example.com/myapp/".
>>
>>> "You'd have to use a glob/regex if
>>> you wanted to check for [anything and maybe nothing.]example.com."
>>
>> There is nothing in your configuration or question that suggests that
>> the hostname in the request is relevant, but you are making it a
>> *requirement* that the request contains a specific Host header. IF you
>> don't actually need that, why do you have it?
>>
>> -chris
>>
>>> On Fri, Apr 19, 2024 at 3:03 PM Christopher Schultz <
>>> chris@christopherschultz.net> wrote:
>>>
>>>> Ammu,
>>>>
>>>> On 4/19/24 08:32, lavanya tech wrote:
>>>>> Thank you very much. I removed <Host> for example.com as well as
>> adding
>>>> an
>>>>> <Alias> in server.xml
>>>>> I copied context.xml file
>>>>> /git/app/apache-tomcat-10.1.11/webapps/towl/META-INF/context.xml
>>>>> Removed < in rewrite.config files.
>>>>>
>>>>> But still I dont redirect the URL.
>>>>
>>>> If you have <Context> in server.xml and also your application in the
>>>> webapps/ directory, then you will be double-deploying your application.
>>>>
>>>> Re-name /git/app/apache-tomcat-10.1.11/webapps/towl/ to be
>>>> /git/app/apache-tomcat-10.1.11/webapps/ROOT (the capitals are important)
>>>> and remove the <Context> element from your server.xml.
>>>>
>>>> Then start your server and read the logs.
>>>>
>>>>> *nslookup alias.example.com <http://alias.example.com>
>>>>> gives-->Non-authoritative answer:Name: www.example.com
>>>>> <http://www.example.com>Address: 192.168.200.10Aliases:
>>>> alias.example.com
>>>>> <http://alias.example.com>*
>>>>>
>>>>>
>>>>> Just to give some information here, *www.example.com
>>>>> <http://www.example.com>* has alias* "alias.example.com
>>>>> <http://alias.example.com>"*
>>>>> But https://www.example.com:7777/example --> works fine with out
>> issues
>>>> but
>>>>> the alias doesnot works (https://alias.example.com)
>>>>> So i am not sure if the redirect url helps or if its correct
>>>>
>>>> Your rewrite configuration says that you have to be using host
>>>> "example.com" but your request goes to www.example.com. Your
>>>> configuration should only redirect a request such as:
>>>>
>>>> $ curl -v http://example.com:7777/something
>>>>
>>>> HTTP/1.1 301 Moved Permanently
>>>> ...
>>>> Location: https://www.example.com:7777/example
>>>>
>>>> If you make a request like:
>>>>
>>>> $ curl -v http://www.example.com:7777/something
>>>>
>>>> I wouldn't expect a redirect because of your "host" condition. The
>>>> "%{HTTP_HOST} example.com" looks at the entire Host header and not just
>>>> anything that ends in "example.com". You'd have to use a glob/regex if
>>>> you wanted to check for [anything and maybe nothing.]example.com.
>>>>
>>>> You'd also have to make sure that your application is serving responses
>>>> to requests to / which is why I'm recommending you use the ROOT web
>>>> application name instead of "towl".
>>>>
>>>> -chris
>>>>
>>>>> On Fri, Apr 19, 2024 at 1:21 PM Christopher Schultz <
>>>>> chris@christopherschultz.net> wrote:
>>>>>
>>>>>> Ammu,
>>>>>>
>>>>>> On 4/18/24 09:34, lavanya tech wrote:
>>>>>>> I am attaching server.xml and context.xml and rewrite.config files.
>>>>>>> The paths are
>>>>>>>
>>>>>>> /git/app/apache-tomcat-10.1.11/webapps/towl/context.xml
>>>>>>> <Context>
>>>>>>> <Valve
>>>> className="org.apache.catalina.valves.rewrite.RewriteValve"
>>>>>> />
>>>>>>> <!-- Other context configuration -->
>>>>>>> </Context>
>>>>>>
>>>>>> This file ^^^ is in the wrong place. It should be in
>>>>>> /git/app/apache-tomcat-10.1.11/webapps/towl/META-INF/context.xml
>>>>>>
>>>>>>> /git/app/apache-tomcat-10.1.11/webapps/towl/WEB-INF/rewrite.config
>>>>>>>
>>>>>>> <RewriteCond %{HTTP_HOST} example.com [NC]
>>>>>>> <RewriteRule ^/(.*)$ https://www.example.com:7777/example [R=301,L]
>>>>>>
>>>>>> Why do you have < symbols at the beginning of these lines?
>>>>>>
>>>>>>> server.xml
>>>>>>>
>>>>>> > [...]
>>>>>>>
>>>>>>> <Host name="example.com" appBase="webapps"
>> unpackWARs="true"
>>>>>>> autoDeploy="true">
>>>>>>> <Context path="" docBase="towl" />
>>>>>>
>>>>>> It's best not to define any <Context> in server.xml. I would remove
>> this
>>>>>> <Context> entirely and allow Tomcat to auto-reploy from your
>>>>>> webapps/towl directory. If you need this application to be deployed as
>>>>>> the ROOT context (on / and not /towl) then you should re-name
>>>>>> /git/app/apache-tomcat-10.1.11/webapps/towl to
>>>>>> /git/app/apache-tomcat-10.1.11/webapps/ROOT
>>>>>>
>>>>>> You also don't need a <Host> for example.com as well as adding an
>>>>>> <Alias> for the same domain (though this is probably to anonymize the
>>>>>> configuration). You can feel free to simply use the "localhost" <Host>
>>>>>> as the default <Host> and deploy everything into it. This makes your
>>>>>> configuration changes relative to a stock Tomcat less significant and
>>>>>> easier to apply to new versions if/when necessary.
>>>>>>
>>>>>> -chris
>>>>>>
>>>>>>> On Thu, Apr 18, 2024 at 2:17 PM Christopher Schultz <
>>>>>>> chris@christopherschultz.net> wrote:
>>>>>>>
>>>>>>>> Ammu,
>>>>>>>>
>>>>>>>> On 4/18/24 07:45, lavanya tech wrote:
>>>>>>>>> I added classname rewrite valeus in contex.xml file .
>>>>>>>>>
>>>>>>>>> <!-- REWRITE VALVE -->
>>>>>>>>> <Valve
>>>>>> className="org.apache.catalina.valves.rewrite.RewriteValve"
>>>>>>>> />
>>>>>>>>> <!-- // -->
>>>>>>>>>
>>>>>>>>> created rewrite.config so both of them is located under conf under
>>>>>>>>> apache-tomcat.
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> <RewriteCond %{HTTP_HOST} example.com [NC]
>>>>>>>>> <RewriteRule ^/(.*)$
>>>>>>>>> https://www.example.com:7777/example [R=301,L]
>>>>>>>>>
>>>>>>>>> So according to the documentaion they say context.xml should be
>>>> placed
>>>>>>>>> under webapps and rewrite.config file should be put in WEB-INF
>> folder
>>>>>> of
>>>>>>>>> apache-tomcat . I placed and restarted tomcat webserver but still
>> it
>>>>>>>>> doesnot redirect.
>>>>>>>>
>>>>>>>> Can you give full paths to both server.xml and rewrite.config,
>> re-post
>>>>>>>> your current server.xml <Context> element, and the complete contents
>>>> of
>>>>>>>> rewrite.config?
>>>>>>>>
>>>>>>>> Have you looked at the log files after start?
>>>>>>>>
>>>>>>>> -chris
>>>>>>>>
>>>>>>>>> On Thu, Apr 18, 2024 at 1:36 PM lavanya tech <
>>>> lavanyatech440@gmail.com
>>>>>>>
>>>>>>>>> wrote:
>>>>>>>>>
>>>>>>>>>> Hi Thomas,
>>>>>>>>>>
>>>>>>>>>> Thanks for the fast response.
>>>>>>>>>>
>>>>>>>>>> I added classname rewrite valeus in contex.xml file .
>>>>>>>>>>
>>>>>>>>>> <!-- REWRITE VALVE -->
>>>>>>>>>> <Valve
>>>>>> className="org.apache.catalina.valves.rewrite.RewriteValve"
>>>>>>>> />
>>>>>>>>>> <!-- // -->
>>>>>>>>>>
>>>>>>>>>> created rewrite.config so both of them is located under conf
>> under
>>>>>>>>>> apache-tomcat.
>>>>>>>>>>
>>>>>>>>>> So according to the documentaion they say context.xml should be
>>>> placed
>>>>>>>>>> under webapps and rewrite.config file should be put in WEB-INF
>>>> folder
>>>>>> of
>>>>>>>>>> apache-tomcat
>>>>>>>>>>
>>>>>>>>>> Thnks,
>>>>>>>>>> Ammu
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> On Thu, Apr 18, 2024 at 1:22 PM Mark Thomas <ma...@apache.org>
>>>> wrote:
>>>>>>>>>>
>>>>>>>>>>> On 18/04/2024 12:05, lavanya tech wrote:
>>>>>>>>>>>> Hi Team,
>>>>>>>>>>>>
>>>>>>>>>>>> I am using "Tomcat 10.1" in our environment and I wanted to
>>>> redirect
>>>>>>>> url
>>>>>>>>>>>> from https://example.com to https://www.servercom:7777 and for
>>>>>> this i
>>>>>>>>>>>> modified the server.xml as below in tomcat config, and the below
>>>>>>>>>>>> configuration doesnot seems to work. Does anyone has ideas.
>> Please
>>>>>>>>>>> suggest.
>>>>>>>>>>>> The url alone https://www.servercom:7777/ already works. But
>> just
>>>>>>>>>>>> redirection from the old to one doesnot.
>>>>>>>>>>>>
>>>>>>>>>>>> <Host name="example.com" appBase="app" unpackWARs="true"
>>>>>>>>>>> autoDeploy="true">
>>>>>>>>>>>> <Context path="" docBase="example" />
>>>>>>>>>>>> <Alias>example.com</Alias>
>>>>>>>>>>>> <!-- Add RewriteValve and RewriteRule here -->
>>>>>>>>>>>> <Valve
>>>>>>>>>>> className="org.apache.catalina.valves.rewrite.RewriteValve"/>
>>>>>>>>>>>> <Engine name="Catalina" defaultHost="localhost">
>>>>>>>>>>>> <Host name="example.com" appBase="app"
>>>> unpackWARs="true"
>>>>>>>>>>>> autoDeploy="true">
>>>>>>>>>>>> <Context path="" docBase="example" />
>>>>>>>>>>>> <Alias>example.com</Alias>
>>>>>>>>>>>> <Valve
>>>>>>>>>>> className="org.apache.catalina.valves.rewrite.RewriteValve"/>
>>>>>>>>>>>> <Engine name="Catalina"
>> defaultHost="localhost">
>>>>>>>>>>>> <Host name="example.com" appBase="app"
>>>>>>>>>>>> unpackWARs="true" autoDeploy="true">
>>>>>>>>>>>> <Context path="" docBase="example" />
>>>>>>>>>>>> <Alias>example.com</Alias>
>>>>>>>>>>>> <!-- Rewrite rule to redirect to
>>>>>>>>>>>> www.servercom:8080/example -->
>>>>>>>>>>>> <RewriteCond %{HTTP_HOST} example\.com
>>>> [NC]
>>>>>>>>>>>> <RewriteRule ^/(.*)$
>>>>>>>>>>>> https://www.servercom:7777/example/$1 [R=301,L]
>>>>>>>>>>>
>>>>>>>>>>> 1. That isn't valid XML.
>>>>>>>>>>>
>>>>>>>>>>> 2. Where in the Tomcat docs does it say you can nest re-write
>> rules
>>>>>> in
>>>>>>>> a
>>>>>>>>>>> Host element (or any other element)?
>>>>>>>>>>>
>>>>>>>>>>>> </Host>
>>>>>>>>>>>> </Engine>
>>>>>>>>>>>> </Host>
>>>>>>>>>>>> </Engine>
>>>>>>>>>>>> </Host>
>>>>>>>>>>>
>>>>>>>>>>> You need to configure the RewriteValve.
>>>>>>>>>>> https://tomcat.apache.org/tomcat-10.1-doc/rewrite.html
>>>>>>>>>>>
>>>>>>>>>>> Mark
>>>>>>>>>>>
>>>>>>>>>>>
>>>> ---------------------------------------------------------------------
>>>>>>>>>>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>>>>>>>>>>> For additional commands, e-mail: users-help@tomcat.apache.org
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>
>>>>>>>>
>>>>>>>>
>> ---------------------------------------------------------------------
>>>>>>>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>>>>>>>> For additional commands, e-mail: users-help@tomcat.apache.org
>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>
>>>>>> ---------------------------------------------------------------------
>>>>>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>>>>>> For additional commands, e-mail: users-help@tomcat.apache.org
>>>>>>
>>>>>>
>>>>>
>>>>
>>>> ---------------------------------------------------------------------
>>>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>>>> For additional commands, e-mail: users-help@tomcat.apache.org
>>>>
>>>>
>>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>> For additional commands, e-mail: users-help@tomcat.apache.org
>>
>>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Regarding Tomcat url redirection
Posted by lavanya tech <la...@gmail.com>.
Hi Chris,
Sorry I understood wrongly here with regards to my environment, Let me
start from the beginning. I donot want to use redirect at all. I simply
wanted to force apache tomcat to use both localhost and dns name of the
localhost via url.
I have DNS resollution as below.
server.lbg.com --> localhost
nslookup server.lbg.com (localhost)
Name: server.lbg.com
Address: 192.168.100.20
alias: example.lbg.com
We have working the below urls working:
https://server.lbg.com:8443/towl
https://example.lbg.com:8443/towl --> redirects to
https://server.lbg.com:8443/towl --> still works --> we have SSL
configured for the same but this SSL certificate doesnot have additional
DNS setup.
But I would need to somehow access https://example.lbg.com --> which means
I would need to access via 443 here ?
I tried to adding the below to server.xml as below, but that doesnot seems
to work.
<Connector port="80"
protocol="org.apache.coyote.http11.Http11NioProtocol"
connectionTimeout="20000"
redirectPort="443" />
-->
Do i need additional SSL certificate for the https://example.lbg.com to
make it work ?
Do i need to set up an additional web server for this like apache or nginx
for redirecting requests?
I look forward to your feedback.
Thanks and Best Regards,
Lavanya
On Tue, Apr 23, 2024 at 10:52 PM Christopher Schultz <
chris@christopherschultz.net> wrote:
> Lavanya,
>
> On 4/22/24 05:21, lavanya tech wrote:
> > Could you please explain, what you exactly mean ? So here redirect is
> not a
> > solution right ?
>
> Redirecting is fine.
>
> Perhaps you should take a step back and decide: what do you actually
> want, here? You might be trying to solve problem X by applying solution
> Y, and you've already decided that solution Y is correct so you are
> trying to get help with that.
>
> Perhaps ask for help with Problem X?
>
> For example, "I don't want users to have to type the name of my
> application to reach it so I want example.com/ to go to my application
> instead of example.com/myapp/".
>
> Or, "I have multiple domains and I want all of them to redirect to the
> canonical domain example.com and to go to me web application /myapp so
> everything goes to example.com/myapp/".
>
> > "You'd have to use a glob/regex if
> > you wanted to check for [anything and maybe nothing.]example.com."
>
> There is nothing in your configuration or question that suggests that
> the hostname in the request is relevant, but you are making it a
> *requirement* that the request contains a specific Host header. IF you
> don't actually need that, why do you have it?
>
> -chris
>
> > On Fri, Apr 19, 2024 at 3:03 PM Christopher Schultz <
> > chris@christopherschultz.net> wrote:
> >
> >> Ammu,
> >>
> >> On 4/19/24 08:32, lavanya tech wrote:
> >>> Thank you very much. I removed <Host> for example.com as well as
> adding
> >> an
> >>> <Alias> in server.xml
> >>> I copied context.xml file
> >>> /git/app/apache-tomcat-10.1.11/webapps/towl/META-INF/context.xml
> >>> Removed < in rewrite.config files.
> >>>
> >>> But still I dont redirect the URL.
> >>
> >> If you have <Context> in server.xml and also your application in the
> >> webapps/ directory, then you will be double-deploying your application.
> >>
> >> Re-name /git/app/apache-tomcat-10.1.11/webapps/towl/ to be
> >> /git/app/apache-tomcat-10.1.11/webapps/ROOT (the capitals are important)
> >> and remove the <Context> element from your server.xml.
> >>
> >> Then start your server and read the logs.
> >>
> >>> *nslookup alias.example.com <http://alias.example.com>
> >>> gives-->Non-authoritative answer:Name: www.example.com
> >>> <http://www.example.com>Address: 192.168.200.10Aliases:
> >> alias.example.com
> >>> <http://alias.example.com>*
> >>>
> >>>
> >>> Just to give some information here, *www.example.com
> >>> <http://www.example.com>* has alias* "alias.example.com
> >>> <http://alias.example.com>"*
> >>> But https://www.example.com:7777/example --> works fine with out
> issues
> >> but
> >>> the alias doesnot works (https://alias.example.com)
> >>> So i am not sure if the redirect url helps or if its correct
> >>
> >> Your rewrite configuration says that you have to be using host
> >> "example.com" but your request goes to www.example.com. Your
> >> configuration should only redirect a request such as:
> >>
> >> $ curl -v http://example.com:7777/something
> >>
> >> HTTP/1.1 301 Moved Permanently
> >> ...
> >> Location: https://www.example.com:7777/example
> >>
> >> If you make a request like:
> >>
> >> $ curl -v http://www.example.com:7777/something
> >>
> >> I wouldn't expect a redirect because of your "host" condition. The
> >> "%{HTTP_HOST} example.com" looks at the entire Host header and not just
> >> anything that ends in "example.com". You'd have to use a glob/regex if
> >> you wanted to check for [anything and maybe nothing.]example.com.
> >>
> >> You'd also have to make sure that your application is serving responses
> >> to requests to / which is why I'm recommending you use the ROOT web
> >> application name instead of "towl".
> >>
> >> -chris
> >>
> >>> On Fri, Apr 19, 2024 at 1:21 PM Christopher Schultz <
> >>> chris@christopherschultz.net> wrote:
> >>>
> >>>> Ammu,
> >>>>
> >>>> On 4/18/24 09:34, lavanya tech wrote:
> >>>>> I am attaching server.xml and context.xml and rewrite.config files.
> >>>>> The paths are
> >>>>>
> >>>>> /git/app/apache-tomcat-10.1.11/webapps/towl/context.xml
> >>>>> <Context>
> >>>>> <Valve
> >> className="org.apache.catalina.valves.rewrite.RewriteValve"
> >>>> />
> >>>>> <!-- Other context configuration -->
> >>>>> </Context>
> >>>>
> >>>> This file ^^^ is in the wrong place. It should be in
> >>>> /git/app/apache-tomcat-10.1.11/webapps/towl/META-INF/context.xml
> >>>>
> >>>>> /git/app/apache-tomcat-10.1.11/webapps/towl/WEB-INF/rewrite.config
> >>>>>
> >>>>> <RewriteCond %{HTTP_HOST} example.com [NC]
> >>>>> <RewriteRule ^/(.*)$ https://www.example.com:7777/example [R=301,L]
> >>>>
> >>>> Why do you have < symbols at the beginning of these lines?
> >>>>
> >>>>> server.xml
> >>>>>
> >>>> > [...]
> >>>>>
> >>>>> <Host name="example.com" appBase="webapps"
> unpackWARs="true"
> >>>>> autoDeploy="true">
> >>>>> <Context path="" docBase="towl" />
> >>>>
> >>>> It's best not to define any <Context> in server.xml. I would remove
> this
> >>>> <Context> entirely and allow Tomcat to auto-reploy from your
> >>>> webapps/towl directory. If you need this application to be deployed as
> >>>> the ROOT context (on / and not /towl) then you should re-name
> >>>> /git/app/apache-tomcat-10.1.11/webapps/towl to
> >>>> /git/app/apache-tomcat-10.1.11/webapps/ROOT
> >>>>
> >>>> You also don't need a <Host> for example.com as well as adding an
> >>>> <Alias> for the same domain (though this is probably to anonymize the
> >>>> configuration). You can feel free to simply use the "localhost" <Host>
> >>>> as the default <Host> and deploy everything into it. This makes your
> >>>> configuration changes relative to a stock Tomcat less significant and
> >>>> easier to apply to new versions if/when necessary.
> >>>>
> >>>> -chris
> >>>>
> >>>>> On Thu, Apr 18, 2024 at 2:17 PM Christopher Schultz <
> >>>>> chris@christopherschultz.net> wrote:
> >>>>>
> >>>>>> Ammu,
> >>>>>>
> >>>>>> On 4/18/24 07:45, lavanya tech wrote:
> >>>>>>> I added classname rewrite valeus in contex.xml file .
> >>>>>>>
> >>>>>>> <!-- REWRITE VALVE -->
> >>>>>>> <Valve
> >>>> className="org.apache.catalina.valves.rewrite.RewriteValve"
> >>>>>> />
> >>>>>>> <!-- // -->
> >>>>>>>
> >>>>>>> created rewrite.config so both of them is located under conf under
> >>>>>>> apache-tomcat.
> >>>>>>>
> >>>>>>>
> >>>>>>> <RewriteCond %{HTTP_HOST} example.com [NC]
> >>>>>>> <RewriteRule ^/(.*)$
> >>>>>>> https://www.example.com:7777/example [R=301,L]
> >>>>>>>
> >>>>>>> So according to the documentaion they say context.xml should be
> >> placed
> >>>>>>> under webapps and rewrite.config file should be put in WEB-INF
> folder
> >>>> of
> >>>>>>> apache-tomcat . I placed and restarted tomcat webserver but still
> it
> >>>>>>> doesnot redirect.
> >>>>>>
> >>>>>> Can you give full paths to both server.xml and rewrite.config,
> re-post
> >>>>>> your current server.xml <Context> element, and the complete contents
> >> of
> >>>>>> rewrite.config?
> >>>>>>
> >>>>>> Have you looked at the log files after start?
> >>>>>>
> >>>>>> -chris
> >>>>>>
> >>>>>>> On Thu, Apr 18, 2024 at 1:36 PM lavanya tech <
> >> lavanyatech440@gmail.com
> >>>>>
> >>>>>>> wrote:
> >>>>>>>
> >>>>>>>> Hi Thomas,
> >>>>>>>>
> >>>>>>>> Thanks for the fast response.
> >>>>>>>>
> >>>>>>>> I added classname rewrite valeus in contex.xml file .
> >>>>>>>>
> >>>>>>>> <!-- REWRITE VALVE -->
> >>>>>>>> <Valve
> >>>> className="org.apache.catalina.valves.rewrite.RewriteValve"
> >>>>>> />
> >>>>>>>> <!-- // -->
> >>>>>>>>
> >>>>>>>> created rewrite.config so both of them is located under conf
> under
> >>>>>>>> apache-tomcat.
> >>>>>>>>
> >>>>>>>> So according to the documentaion they say context.xml should be
> >> placed
> >>>>>>>> under webapps and rewrite.config file should be put in WEB-INF
> >> folder
> >>>> of
> >>>>>>>> apache-tomcat
> >>>>>>>>
> >>>>>>>> Thnks,
> >>>>>>>> Ammu
> >>>>>>>>
> >>>>>>>>
> >>>>>>>>
> >>>>>>>> On Thu, Apr 18, 2024 at 1:22 PM Mark Thomas <ma...@apache.org>
> >> wrote:
> >>>>>>>>
> >>>>>>>>> On 18/04/2024 12:05, lavanya tech wrote:
> >>>>>>>>>> Hi Team,
> >>>>>>>>>>
> >>>>>>>>>> I am using "Tomcat 10.1" in our environment and I wanted to
> >> redirect
> >>>>>> url
> >>>>>>>>>> from https://example.com to https://www.servercom:7777 and for
> >>>> this i
> >>>>>>>>>> modified the server.xml as below in tomcat config, and the below
> >>>>>>>>>> configuration doesnot seems to work. Does anyone has ideas.
> Please
> >>>>>>>>> suggest.
> >>>>>>>>>> The url alone https://www.servercom:7777/ already works. But
> just
> >>>>>>>>>> redirection from the old to one doesnot.
> >>>>>>>>>>
> >>>>>>>>>> <Host name="example.com" appBase="app" unpackWARs="true"
> >>>>>>>>> autoDeploy="true">
> >>>>>>>>>> <Context path="" docBase="example" />
> >>>>>>>>>> <Alias>example.com</Alias>
> >>>>>>>>>> <!-- Add RewriteValve and RewriteRule here -->
> >>>>>>>>>> <Valve
> >>>>>>>>> className="org.apache.catalina.valves.rewrite.RewriteValve"/>
> >>>>>>>>>> <Engine name="Catalina" defaultHost="localhost">
> >>>>>>>>>> <Host name="example.com" appBase="app"
> >> unpackWARs="true"
> >>>>>>>>>> autoDeploy="true">
> >>>>>>>>>> <Context path="" docBase="example" />
> >>>>>>>>>> <Alias>example.com</Alias>
> >>>>>>>>>> <Valve
> >>>>>>>>> className="org.apache.catalina.valves.rewrite.RewriteValve"/>
> >>>>>>>>>> <Engine name="Catalina"
> defaultHost="localhost">
> >>>>>>>>>> <Host name="example.com" appBase="app"
> >>>>>>>>>> unpackWARs="true" autoDeploy="true">
> >>>>>>>>>> <Context path="" docBase="example" />
> >>>>>>>>>> <Alias>example.com</Alias>
> >>>>>>>>>> <!-- Rewrite rule to redirect to
> >>>>>>>>>> www.servercom:8080/example -->
> >>>>>>>>>> <RewriteCond %{HTTP_HOST} example\.com
> >> [NC]
> >>>>>>>>>> <RewriteRule ^/(.*)$
> >>>>>>>>>> https://www.servercom:7777/example/$1 [R=301,L]
> >>>>>>>>>
> >>>>>>>>> 1. That isn't valid XML.
> >>>>>>>>>
> >>>>>>>>> 2. Where in the Tomcat docs does it say you can nest re-write
> rules
> >>>> in
> >>>>>> a
> >>>>>>>>> Host element (or any other element)?
> >>>>>>>>>
> >>>>>>>>>> </Host>
> >>>>>>>>>> </Engine>
> >>>>>>>>>> </Host>
> >>>>>>>>>> </Engine>
> >>>>>>>>>> </Host>
> >>>>>>>>>
> >>>>>>>>> You need to configure the RewriteValve.
> >>>>>>>>> https://tomcat.apache.org/tomcat-10.1-doc/rewrite.html
> >>>>>>>>>
> >>>>>>>>> Mark
> >>>>>>>>>
> >>>>>>>>>
> >> ---------------------------------------------------------------------
> >>>>>>>>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> >>>>>>>>> For additional commands, e-mail: users-help@tomcat.apache.org
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>
> >>>>>>
> >>>>>>
> ---------------------------------------------------------------------
> >>>>>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> >>>>>> For additional commands, e-mail: users-help@tomcat.apache.org
> >>>>>>
> >>>>>>
> >>>>>
> >>>>
> >>>> ---------------------------------------------------------------------
> >>>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> >>>> For additional commands, e-mail: users-help@tomcat.apache.org
> >>>>
> >>>>
> >>>
> >>
> >> ---------------------------------------------------------------------
> >> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> >> For additional commands, e-mail: users-help@tomcat.apache.org
> >>
> >>
> >
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>
Re: Regarding Tomcat url redirection
Posted by Christopher Schultz <ch...@christopherschultz.net>.
Lavanya,
On 4/22/24 05:21, lavanya tech wrote:
> Could you please explain, what you exactly mean ? So here redirect is not a
> solution right ?
Redirecting is fine.
Perhaps you should take a step back and decide: what do you actually
want, here? You might be trying to solve problem X by applying solution
Y, and you've already decided that solution Y is correct so you are
trying to get help with that.
Perhaps ask for help with Problem X?
For example, "I don't want users to have to type the name of my
application to reach it so I want example.com/ to go to my application
instead of example.com/myapp/".
Or, "I have multiple domains and I want all of them to redirect to the
canonical domain example.com and to go to me web application /myapp so
everything goes to example.com/myapp/".
> "You'd have to use a glob/regex if
> you wanted to check for [anything and maybe nothing.]example.com."
There is nothing in your configuration or question that suggests that
the hostname in the request is relevant, but you are making it a
*requirement* that the request contains a specific Host header. IF you
don't actually need that, why do you have it?
-chris
> On Fri, Apr 19, 2024 at 3:03 PM Christopher Schultz <
> chris@christopherschultz.net> wrote:
>
>> Ammu,
>>
>> On 4/19/24 08:32, lavanya tech wrote:
>>> Thank you very much. I removed <Host> for example.com as well as adding
>> an
>>> <Alias> in server.xml
>>> I copied context.xml file
>>> /git/app/apache-tomcat-10.1.11/webapps/towl/META-INF/context.xml
>>> Removed < in rewrite.config files.
>>>
>>> But still I dont redirect the URL.
>>
>> If you have <Context> in server.xml and also your application in the
>> webapps/ directory, then you will be double-deploying your application.
>>
>> Re-name /git/app/apache-tomcat-10.1.11/webapps/towl/ to be
>> /git/app/apache-tomcat-10.1.11/webapps/ROOT (the capitals are important)
>> and remove the <Context> element from your server.xml.
>>
>> Then start your server and read the logs.
>>
>>> *nslookup alias.example.com <http://alias.example.com>
>>> gives-->Non-authoritative answer:Name: www.example.com
>>> <http://www.example.com>Address: 192.168.200.10Aliases:
>> alias.example.com
>>> <http://alias.example.com>*
>>>
>>>
>>> Just to give some information here, *www.example.com
>>> <http://www.example.com>* has alias* "alias.example.com
>>> <http://alias.example.com>"*
>>> But https://www.example.com:7777/example --> works fine with out issues
>> but
>>> the alias doesnot works (https://alias.example.com)
>>> So i am not sure if the redirect url helps or if its correct
>>
>> Your rewrite configuration says that you have to be using host
>> "example.com" but your request goes to www.example.com. Your
>> configuration should only redirect a request such as:
>>
>> $ curl -v http://example.com:7777/something
>>
>> HTTP/1.1 301 Moved Permanently
>> ...
>> Location: https://www.example.com:7777/example
>>
>> If you make a request like:
>>
>> $ curl -v http://www.example.com:7777/something
>>
>> I wouldn't expect a redirect because of your "host" condition. The
>> "%{HTTP_HOST} example.com" looks at the entire Host header and not just
>> anything that ends in "example.com". You'd have to use a glob/regex if
>> you wanted to check for [anything and maybe nothing.]example.com.
>>
>> You'd also have to make sure that your application is serving responses
>> to requests to / which is why I'm recommending you use the ROOT web
>> application name instead of "towl".
>>
>> -chris
>>
>>> On Fri, Apr 19, 2024 at 1:21 PM Christopher Schultz <
>>> chris@christopherschultz.net> wrote:
>>>
>>>> Ammu,
>>>>
>>>> On 4/18/24 09:34, lavanya tech wrote:
>>>>> I am attaching server.xml and context.xml and rewrite.config files.
>>>>> The paths are
>>>>>
>>>>> /git/app/apache-tomcat-10.1.11/webapps/towl/context.xml
>>>>> <Context>
>>>>> <Valve
>> className="org.apache.catalina.valves.rewrite.RewriteValve"
>>>> />
>>>>> <!-- Other context configuration -->
>>>>> </Context>
>>>>
>>>> This file ^^^ is in the wrong place. It should be in
>>>> /git/app/apache-tomcat-10.1.11/webapps/towl/META-INF/context.xml
>>>>
>>>>> /git/app/apache-tomcat-10.1.11/webapps/towl/WEB-INF/rewrite.config
>>>>>
>>>>> <RewriteCond %{HTTP_HOST} example.com [NC]
>>>>> <RewriteRule ^/(.*)$ https://www.example.com:7777/example [R=301,L]
>>>>
>>>> Why do you have < symbols at the beginning of these lines?
>>>>
>>>>> server.xml
>>>>>
>>>> > [...]
>>>>>
>>>>> <Host name="example.com" appBase="webapps" unpackWARs="true"
>>>>> autoDeploy="true">
>>>>> <Context path="" docBase="towl" />
>>>>
>>>> It's best not to define any <Context> in server.xml. I would remove this
>>>> <Context> entirely and allow Tomcat to auto-reploy from your
>>>> webapps/towl directory. If you need this application to be deployed as
>>>> the ROOT context (on / and not /towl) then you should re-name
>>>> /git/app/apache-tomcat-10.1.11/webapps/towl to
>>>> /git/app/apache-tomcat-10.1.11/webapps/ROOT
>>>>
>>>> You also don't need a <Host> for example.com as well as adding an
>>>> <Alias> for the same domain (though this is probably to anonymize the
>>>> configuration). You can feel free to simply use the "localhost" <Host>
>>>> as the default <Host> and deploy everything into it. This makes your
>>>> configuration changes relative to a stock Tomcat less significant and
>>>> easier to apply to new versions if/when necessary.
>>>>
>>>> -chris
>>>>
>>>>> On Thu, Apr 18, 2024 at 2:17 PM Christopher Schultz <
>>>>> chris@christopherschultz.net> wrote:
>>>>>
>>>>>> Ammu,
>>>>>>
>>>>>> On 4/18/24 07:45, lavanya tech wrote:
>>>>>>> I added classname rewrite valeus in contex.xml file .
>>>>>>>
>>>>>>> <!-- REWRITE VALVE -->
>>>>>>> <Valve
>>>> className="org.apache.catalina.valves.rewrite.RewriteValve"
>>>>>> />
>>>>>>> <!-- // -->
>>>>>>>
>>>>>>> created rewrite.config so both of them is located under conf under
>>>>>>> apache-tomcat.
>>>>>>>
>>>>>>>
>>>>>>> <RewriteCond %{HTTP_HOST} example.com [NC]
>>>>>>> <RewriteRule ^/(.*)$
>>>>>>> https://www.example.com:7777/example [R=301,L]
>>>>>>>
>>>>>>> So according to the documentaion they say context.xml should be
>> placed
>>>>>>> under webapps and rewrite.config file should be put in WEB-INF folder
>>>> of
>>>>>>> apache-tomcat . I placed and restarted tomcat webserver but still it
>>>>>>> doesnot redirect.
>>>>>>
>>>>>> Can you give full paths to both server.xml and rewrite.config, re-post
>>>>>> your current server.xml <Context> element, and the complete contents
>> of
>>>>>> rewrite.config?
>>>>>>
>>>>>> Have you looked at the log files after start?
>>>>>>
>>>>>> -chris
>>>>>>
>>>>>>> On Thu, Apr 18, 2024 at 1:36 PM lavanya tech <
>> lavanyatech440@gmail.com
>>>>>
>>>>>>> wrote:
>>>>>>>
>>>>>>>> Hi Thomas,
>>>>>>>>
>>>>>>>> Thanks for the fast response.
>>>>>>>>
>>>>>>>> I added classname rewrite valeus in contex.xml file .
>>>>>>>>
>>>>>>>> <!-- REWRITE VALVE -->
>>>>>>>> <Valve
>>>> className="org.apache.catalina.valves.rewrite.RewriteValve"
>>>>>> />
>>>>>>>> <!-- // -->
>>>>>>>>
>>>>>>>> created rewrite.config so both of them is located under conf under
>>>>>>>> apache-tomcat.
>>>>>>>>
>>>>>>>> So according to the documentaion they say context.xml should be
>> placed
>>>>>>>> under webapps and rewrite.config file should be put in WEB-INF
>> folder
>>>> of
>>>>>>>> apache-tomcat
>>>>>>>>
>>>>>>>> Thnks,
>>>>>>>> Ammu
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> On Thu, Apr 18, 2024 at 1:22 PM Mark Thomas <ma...@apache.org>
>> wrote:
>>>>>>>>
>>>>>>>>> On 18/04/2024 12:05, lavanya tech wrote:
>>>>>>>>>> Hi Team,
>>>>>>>>>>
>>>>>>>>>> I am using "Tomcat 10.1" in our environment and I wanted to
>> redirect
>>>>>> url
>>>>>>>>>> from https://example.com to https://www.servercom:7777 and for
>>>> this i
>>>>>>>>>> modified the server.xml as below in tomcat config, and the below
>>>>>>>>>> configuration doesnot seems to work. Does anyone has ideas. Please
>>>>>>>>> suggest.
>>>>>>>>>> The url alone https://www.servercom:7777/ already works. But just
>>>>>>>>>> redirection from the old to one doesnot.
>>>>>>>>>>
>>>>>>>>>> <Host name="example.com" appBase="app" unpackWARs="true"
>>>>>>>>> autoDeploy="true">
>>>>>>>>>> <Context path="" docBase="example" />
>>>>>>>>>> <Alias>example.com</Alias>
>>>>>>>>>> <!-- Add RewriteValve and RewriteRule here -->
>>>>>>>>>> <Valve
>>>>>>>>> className="org.apache.catalina.valves.rewrite.RewriteValve"/>
>>>>>>>>>> <Engine name="Catalina" defaultHost="localhost">
>>>>>>>>>> <Host name="example.com" appBase="app"
>> unpackWARs="true"
>>>>>>>>>> autoDeploy="true">
>>>>>>>>>> <Context path="" docBase="example" />
>>>>>>>>>> <Alias>example.com</Alias>
>>>>>>>>>> <Valve
>>>>>>>>> className="org.apache.catalina.valves.rewrite.RewriteValve"/>
>>>>>>>>>> <Engine name="Catalina" defaultHost="localhost">
>>>>>>>>>> <Host name="example.com" appBase="app"
>>>>>>>>>> unpackWARs="true" autoDeploy="true">
>>>>>>>>>> <Context path="" docBase="example" />
>>>>>>>>>> <Alias>example.com</Alias>
>>>>>>>>>> <!-- Rewrite rule to redirect to
>>>>>>>>>> www.servercom:8080/example -->
>>>>>>>>>> <RewriteCond %{HTTP_HOST} example\.com
>> [NC]
>>>>>>>>>> <RewriteRule ^/(.*)$
>>>>>>>>>> https://www.servercom:7777/example/$1 [R=301,L]
>>>>>>>>>
>>>>>>>>> 1. That isn't valid XML.
>>>>>>>>>
>>>>>>>>> 2. Where in the Tomcat docs does it say you can nest re-write rules
>>>> in
>>>>>> a
>>>>>>>>> Host element (or any other element)?
>>>>>>>>>
>>>>>>>>>> </Host>
>>>>>>>>>> </Engine>
>>>>>>>>>> </Host>
>>>>>>>>>> </Engine>
>>>>>>>>>> </Host>
>>>>>>>>>
>>>>>>>>> You need to configure the RewriteValve.
>>>>>>>>> https://tomcat.apache.org/tomcat-10.1-doc/rewrite.html
>>>>>>>>>
>>>>>>>>> Mark
>>>>>>>>>
>>>>>>>>>
>> ---------------------------------------------------------------------
>>>>>>>>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>>>>>>>>> For additional commands, e-mail: users-help@tomcat.apache.org
>>>>>>>>>
>>>>>>>>>
>>>>>>>
>>>>>>
>>>>>> ---------------------------------------------------------------------
>>>>>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>>>>>> For additional commands, e-mail: users-help@tomcat.apache.org
>>>>>>
>>>>>>
>>>>>
>>>>
>>>> ---------------------------------------------------------------------
>>>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>>>> For additional commands, e-mail: users-help@tomcat.apache.org
>>>>
>>>>
>>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>> For additional commands, e-mail: users-help@tomcat.apache.org
>>
>>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Regarding Tomcat url redirection
Posted by lavanya tech <la...@gmail.com>.
Hi Chris,
Could you please explain, what you exactly mean ? So here redirect is not a
solution right ?
"You'd have to use a glob/regex if
you wanted to check for [anything and maybe nothing.]example.com."
Thanks,
ammu
On Fri, Apr 19, 2024 at 3:03 PM Christopher Schultz <
chris@christopherschultz.net> wrote:
> Ammu,
>
> On 4/19/24 08:32, lavanya tech wrote:
> > Thank you very much. I removed <Host> for example.com as well as adding
> an
> > <Alias> in server.xml
> > I copied context.xml file
> > /git/app/apache-tomcat-10.1.11/webapps/towl/META-INF/context.xml
> > Removed < in rewrite.config files.
> >
> > But still I dont redirect the URL.
>
> If you have <Context> in server.xml and also your application in the
> webapps/ directory, then you will be double-deploying your application.
>
> Re-name /git/app/apache-tomcat-10.1.11/webapps/towl/ to be
> /git/app/apache-tomcat-10.1.11/webapps/ROOT (the capitals are important)
> and remove the <Context> element from your server.xml.
>
> Then start your server and read the logs.
>
> > *nslookup alias.example.com <http://alias.example.com>
> > gives-->Non-authoritative answer:Name: www.example.com
> > <http://www.example.com>Address: 192.168.200.10Aliases:
> alias.example.com
> > <http://alias.example.com>*
> >
> >
> > Just to give some information here, *www.example.com
> > <http://www.example.com>* has alias* "alias.example.com
> > <http://alias.example.com>"*
> > But https://www.example.com:7777/example --> works fine with out issues
> but
> > the alias doesnot works (https://alias.example.com)
> > So i am not sure if the redirect url helps or if its correct
>
> Your rewrite configuration says that you have to be using host
> "example.com" but your request goes to www.example.com. Your
> configuration should only redirect a request such as:
>
> $ curl -v http://example.com:7777/something
>
> HTTP/1.1 301 Moved Permanently
> ...
> Location: https://www.example.com:7777/example
>
> If you make a request like:
>
> $ curl -v http://www.example.com:7777/something
>
> I wouldn't expect a redirect because of your "host" condition. The
> "%{HTTP_HOST} example.com" looks at the entire Host header and not just
> anything that ends in "example.com". You'd have to use a glob/regex if
> you wanted to check for [anything and maybe nothing.]example.com.
>
> You'd also have to make sure that your application is serving responses
> to requests to / which is why I'm recommending you use the ROOT web
> application name instead of "towl".
>
> -chris
>
> > On Fri, Apr 19, 2024 at 1:21 PM Christopher Schultz <
> > chris@christopherschultz.net> wrote:
> >
> >> Ammu,
> >>
> >> On 4/18/24 09:34, lavanya tech wrote:
> >>> I am attaching server.xml and context.xml and rewrite.config files.
> >>> The paths are
> >>>
> >>> /git/app/apache-tomcat-10.1.11/webapps/towl/context.xml
> >>> <Context>
> >>> <Valve
> className="org.apache.catalina.valves.rewrite.RewriteValve"
> >> />
> >>> <!-- Other context configuration -->
> >>> </Context>
> >>
> >> This file ^^^ is in the wrong place. It should be in
> >> /git/app/apache-tomcat-10.1.11/webapps/towl/META-INF/context.xml
> >>
> >>> /git/app/apache-tomcat-10.1.11/webapps/towl/WEB-INF/rewrite.config
> >>>
> >>> <RewriteCond %{HTTP_HOST} example.com [NC]
> >>> <RewriteRule ^/(.*)$ https://www.example.com:7777/example [R=301,L]
> >>
> >> Why do you have < symbols at the beginning of these lines?
> >>
> >>> server.xml
> >>>
> >> > [...]
> >>>
> >>> <Host name="example.com" appBase="webapps" unpackWARs="true"
> >>> autoDeploy="true">
> >>> <Context path="" docBase="towl" />
> >>
> >> It's best not to define any <Context> in server.xml. I would remove this
> >> <Context> entirely and allow Tomcat to auto-reploy from your
> >> webapps/towl directory. If you need this application to be deployed as
> >> the ROOT context (on / and not /towl) then you should re-name
> >> /git/app/apache-tomcat-10.1.11/webapps/towl to
> >> /git/app/apache-tomcat-10.1.11/webapps/ROOT
> >>
> >> You also don't need a <Host> for example.com as well as adding an
> >> <Alias> for the same domain (though this is probably to anonymize the
> >> configuration). You can feel free to simply use the "localhost" <Host>
> >> as the default <Host> and deploy everything into it. This makes your
> >> configuration changes relative to a stock Tomcat less significant and
> >> easier to apply to new versions if/when necessary.
> >>
> >> -chris
> >>
> >>> On Thu, Apr 18, 2024 at 2:17 PM Christopher Schultz <
> >>> chris@christopherschultz.net> wrote:
> >>>
> >>>> Ammu,
> >>>>
> >>>> On 4/18/24 07:45, lavanya tech wrote:
> >>>>> I added classname rewrite valeus in contex.xml file .
> >>>>>
> >>>>> <!-- REWRITE VALVE -->
> >>>>> <Valve
> >> className="org.apache.catalina.valves.rewrite.RewriteValve"
> >>>> />
> >>>>> <!-- // -->
> >>>>>
> >>>>> created rewrite.config so both of them is located under conf under
> >>>>> apache-tomcat.
> >>>>>
> >>>>>
> >>>>> <RewriteCond %{HTTP_HOST} example.com [NC]
> >>>>> <RewriteRule ^/(.*)$
> >>>>> https://www.example.com:7777/example [R=301,L]
> >>>>>
> >>>>> So according to the documentaion they say context.xml should be
> placed
> >>>>> under webapps and rewrite.config file should be put in WEB-INF folder
> >> of
> >>>>> apache-tomcat . I placed and restarted tomcat webserver but still it
> >>>>> doesnot redirect.
> >>>>
> >>>> Can you give full paths to both server.xml and rewrite.config, re-post
> >>>> your current server.xml <Context> element, and the complete contents
> of
> >>>> rewrite.config?
> >>>>
> >>>> Have you looked at the log files after start?
> >>>>
> >>>> -chris
> >>>>
> >>>>> On Thu, Apr 18, 2024 at 1:36 PM lavanya tech <
> lavanyatech440@gmail.com
> >>>
> >>>>> wrote:
> >>>>>
> >>>>>> Hi Thomas,
> >>>>>>
> >>>>>> Thanks for the fast response.
> >>>>>>
> >>>>>> I added classname rewrite valeus in contex.xml file .
> >>>>>>
> >>>>>> <!-- REWRITE VALVE -->
> >>>>>> <Valve
> >> className="org.apache.catalina.valves.rewrite.RewriteValve"
> >>>> />
> >>>>>> <!-- // -->
> >>>>>>
> >>>>>> created rewrite.config so both of them is located under conf under
> >>>>>> apache-tomcat.
> >>>>>>
> >>>>>> So according to the documentaion they say context.xml should be
> placed
> >>>>>> under webapps and rewrite.config file should be put in WEB-INF
> folder
> >> of
> >>>>>> apache-tomcat
> >>>>>>
> >>>>>> Thnks,
> >>>>>> Ammu
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>> On Thu, Apr 18, 2024 at 1:22 PM Mark Thomas <ma...@apache.org>
> wrote:
> >>>>>>
> >>>>>>> On 18/04/2024 12:05, lavanya tech wrote:
> >>>>>>>> Hi Team,
> >>>>>>>>
> >>>>>>>> I am using "Tomcat 10.1" in our environment and I wanted to
> redirect
> >>>> url
> >>>>>>>> from https://example.com to https://www.servercom:7777 and for
> >> this i
> >>>>>>>> modified the server.xml as below in tomcat config, and the below
> >>>>>>>> configuration doesnot seems to work. Does anyone has ideas. Please
> >>>>>>> suggest.
> >>>>>>>> The url alone https://www.servercom:7777/ already works. But just
> >>>>>>>> redirection from the old to one doesnot.
> >>>>>>>>
> >>>>>>>> <Host name="example.com" appBase="app" unpackWARs="true"
> >>>>>>> autoDeploy="true">
> >>>>>>>> <Context path="" docBase="example" />
> >>>>>>>> <Alias>example.com</Alias>
> >>>>>>>> <!-- Add RewriteValve and RewriteRule here -->
> >>>>>>>> <Valve
> >>>>>>> className="org.apache.catalina.valves.rewrite.RewriteValve"/>
> >>>>>>>> <Engine name="Catalina" defaultHost="localhost">
> >>>>>>>> <Host name="example.com" appBase="app"
> unpackWARs="true"
> >>>>>>>> autoDeploy="true">
> >>>>>>>> <Context path="" docBase="example" />
> >>>>>>>> <Alias>example.com</Alias>
> >>>>>>>> <Valve
> >>>>>>> className="org.apache.catalina.valves.rewrite.RewriteValve"/>
> >>>>>>>> <Engine name="Catalina" defaultHost="localhost">
> >>>>>>>> <Host name="example.com" appBase="app"
> >>>>>>>> unpackWARs="true" autoDeploy="true">
> >>>>>>>> <Context path="" docBase="example" />
> >>>>>>>> <Alias>example.com</Alias>
> >>>>>>>> <!-- Rewrite rule to redirect to
> >>>>>>>> www.servercom:8080/example -->
> >>>>>>>> <RewriteCond %{HTTP_HOST} example\.com
> [NC]
> >>>>>>>> <RewriteRule ^/(.*)$
> >>>>>>>> https://www.servercom:7777/example/$1 [R=301,L]
> >>>>>>>
> >>>>>>> 1. That isn't valid XML.
> >>>>>>>
> >>>>>>> 2. Where in the Tomcat docs does it say you can nest re-write rules
> >> in
> >>>> a
> >>>>>>> Host element (or any other element)?
> >>>>>>>
> >>>>>>>> </Host>
> >>>>>>>> </Engine>
> >>>>>>>> </Host>
> >>>>>>>> </Engine>
> >>>>>>>> </Host>
> >>>>>>>
> >>>>>>> You need to configure the RewriteValve.
> >>>>>>> https://tomcat.apache.org/tomcat-10.1-doc/rewrite.html
> >>>>>>>
> >>>>>>> Mark
> >>>>>>>
> >>>>>>>
> ---------------------------------------------------------------------
> >>>>>>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> >>>>>>> For additional commands, e-mail: users-help@tomcat.apache.org
> >>>>>>>
> >>>>>>>
> >>>>>
> >>>>
> >>>> ---------------------------------------------------------------------
> >>>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> >>>> For additional commands, e-mail: users-help@tomcat.apache.org
> >>>>
> >>>>
> >>>
> >>
> >> ---------------------------------------------------------------------
> >> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> >> For additional commands, e-mail: users-help@tomcat.apache.org
> >>
> >>
> >
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>
Re: Regarding Tomcat url redirection
Posted by Christopher Schultz <ch...@christopherschultz.net>.
Ammu,
On 4/19/24 08:32, lavanya tech wrote:
> Thank you very much. I removed <Host> for example.com as well as adding an
> <Alias> in server.xml
> I copied context.xml file
> /git/app/apache-tomcat-10.1.11/webapps/towl/META-INF/context.xml
> Removed < in rewrite.config files.
>
> But still I dont redirect the URL.
If you have <Context> in server.xml and also your application in the
webapps/ directory, then you will be double-deploying your application.
Re-name /git/app/apache-tomcat-10.1.11/webapps/towl/ to be
/git/app/apache-tomcat-10.1.11/webapps/ROOT (the capitals are important)
and remove the <Context> element from your server.xml.
Then start your server and read the logs.
> *nslookup alias.example.com <http://alias.example.com>
> gives-->Non-authoritative answer:Name: www.example.com
> <http://www.example.com>Address: 192.168.200.10Aliases: alias.example.com
> <http://alias.example.com>*
>
>
> Just to give some information here, *www.example.com
> <http://www.example.com>* has alias* "alias.example.com
> <http://alias.example.com>"*
> But https://www.example.com:7777/example --> works fine with out issues but
> the alias doesnot works (https://alias.example.com)
> So i am not sure if the redirect url helps or if its correct
Your rewrite configuration says that you have to be using host
"example.com" but your request goes to www.example.com. Your
configuration should only redirect a request such as:
$ curl -v http://example.com:7777/something
HTTP/1.1 301 Moved Permanently
...
Location: https://www.example.com:7777/example
If you make a request like:
$ curl -v http://www.example.com:7777/something
I wouldn't expect a redirect because of your "host" condition. The
"%{HTTP_HOST} example.com" looks at the entire Host header and not just
anything that ends in "example.com". You'd have to use a glob/regex if
you wanted to check for [anything and maybe nothing.]example.com.
You'd also have to make sure that your application is serving responses
to requests to / which is why I'm recommending you use the ROOT web
application name instead of "towl".
-chris
> On Fri, Apr 19, 2024 at 1:21 PM Christopher Schultz <
> chris@christopherschultz.net> wrote:
>
>> Ammu,
>>
>> On 4/18/24 09:34, lavanya tech wrote:
>>> I am attaching server.xml and context.xml and rewrite.config files.
>>> The paths are
>>>
>>> /git/app/apache-tomcat-10.1.11/webapps/towl/context.xml
>>> <Context>
>>> <Valve className="org.apache.catalina.valves.rewrite.RewriteValve"
>> />
>>> <!-- Other context configuration -->
>>> </Context>
>>
>> This file ^^^ is in the wrong place. It should be in
>> /git/app/apache-tomcat-10.1.11/webapps/towl/META-INF/context.xml
>>
>>> /git/app/apache-tomcat-10.1.11/webapps/towl/WEB-INF/rewrite.config
>>>
>>> <RewriteCond %{HTTP_HOST} example.com [NC]
>>> <RewriteRule ^/(.*)$ https://www.example.com:7777/example [R=301,L]
>>
>> Why do you have < symbols at the beginning of these lines?
>>
>>> server.xml
>>>
>> > [...]
>>>
>>> <Host name="example.com" appBase="webapps" unpackWARs="true"
>>> autoDeploy="true">
>>> <Context path="" docBase="towl" />
>>
>> It's best not to define any <Context> in server.xml. I would remove this
>> <Context> entirely and allow Tomcat to auto-reploy from your
>> webapps/towl directory. If you need this application to be deployed as
>> the ROOT context (on / and not /towl) then you should re-name
>> /git/app/apache-tomcat-10.1.11/webapps/towl to
>> /git/app/apache-tomcat-10.1.11/webapps/ROOT
>>
>> You also don't need a <Host> for example.com as well as adding an
>> <Alias> for the same domain (though this is probably to anonymize the
>> configuration). You can feel free to simply use the "localhost" <Host>
>> as the default <Host> and deploy everything into it. This makes your
>> configuration changes relative to a stock Tomcat less significant and
>> easier to apply to new versions if/when necessary.
>>
>> -chris
>>
>>> On Thu, Apr 18, 2024 at 2:17 PM Christopher Schultz <
>>> chris@christopherschultz.net> wrote:
>>>
>>>> Ammu,
>>>>
>>>> On 4/18/24 07:45, lavanya tech wrote:
>>>>> I added classname rewrite valeus in contex.xml file .
>>>>>
>>>>> <!-- REWRITE VALVE -->
>>>>> <Valve
>> className="org.apache.catalina.valves.rewrite.RewriteValve"
>>>> />
>>>>> <!-- // -->
>>>>>
>>>>> created rewrite.config so both of them is located under conf under
>>>>> apache-tomcat.
>>>>>
>>>>>
>>>>> <RewriteCond %{HTTP_HOST} example.com [NC]
>>>>> <RewriteRule ^/(.*)$
>>>>> https://www.example.com:7777/example [R=301,L]
>>>>>
>>>>> So according to the documentaion they say context.xml should be placed
>>>>> under webapps and rewrite.config file should be put in WEB-INF folder
>> of
>>>>> apache-tomcat . I placed and restarted tomcat webserver but still it
>>>>> doesnot redirect.
>>>>
>>>> Can you give full paths to both server.xml and rewrite.config, re-post
>>>> your current server.xml <Context> element, and the complete contents of
>>>> rewrite.config?
>>>>
>>>> Have you looked at the log files after start?
>>>>
>>>> -chris
>>>>
>>>>> On Thu, Apr 18, 2024 at 1:36 PM lavanya tech <lavanyatech440@gmail.com
>>>
>>>>> wrote:
>>>>>
>>>>>> Hi Thomas,
>>>>>>
>>>>>> Thanks for the fast response.
>>>>>>
>>>>>> I added classname rewrite valeus in contex.xml file .
>>>>>>
>>>>>> <!-- REWRITE VALVE -->
>>>>>> <Valve
>> className="org.apache.catalina.valves.rewrite.RewriteValve"
>>>> />
>>>>>> <!-- // -->
>>>>>>
>>>>>> created rewrite.config so both of them is located under conf under
>>>>>> apache-tomcat.
>>>>>>
>>>>>> So according to the documentaion they say context.xml should be placed
>>>>>> under webapps and rewrite.config file should be put in WEB-INF folder
>> of
>>>>>> apache-tomcat
>>>>>>
>>>>>> Thnks,
>>>>>> Ammu
>>>>>>
>>>>>>
>>>>>>
>>>>>> On Thu, Apr 18, 2024 at 1:22 PM Mark Thomas <ma...@apache.org> wrote:
>>>>>>
>>>>>>> On 18/04/2024 12:05, lavanya tech wrote:
>>>>>>>> Hi Team,
>>>>>>>>
>>>>>>>> I am using "Tomcat 10.1" in our environment and I wanted to redirect
>>>> url
>>>>>>>> from https://example.com to https://www.servercom:7777 and for
>> this i
>>>>>>>> modified the server.xml as below in tomcat config, and the below
>>>>>>>> configuration doesnot seems to work. Does anyone has ideas. Please
>>>>>>> suggest.
>>>>>>>> The url alone https://www.servercom:7777/ already works. But just
>>>>>>>> redirection from the old to one doesnot.
>>>>>>>>
>>>>>>>> <Host name="example.com" appBase="app" unpackWARs="true"
>>>>>>> autoDeploy="true">
>>>>>>>> <Context path="" docBase="example" />
>>>>>>>> <Alias>example.com</Alias>
>>>>>>>> <!-- Add RewriteValve and RewriteRule here -->
>>>>>>>> <Valve
>>>>>>> className="org.apache.catalina.valves.rewrite.RewriteValve"/>
>>>>>>>> <Engine name="Catalina" defaultHost="localhost">
>>>>>>>> <Host name="example.com" appBase="app" unpackWARs="true"
>>>>>>>> autoDeploy="true">
>>>>>>>> <Context path="" docBase="example" />
>>>>>>>> <Alias>example.com</Alias>
>>>>>>>> <Valve
>>>>>>> className="org.apache.catalina.valves.rewrite.RewriteValve"/>
>>>>>>>> <Engine name="Catalina" defaultHost="localhost">
>>>>>>>> <Host name="example.com" appBase="app"
>>>>>>>> unpackWARs="true" autoDeploy="true">
>>>>>>>> <Context path="" docBase="example" />
>>>>>>>> <Alias>example.com</Alias>
>>>>>>>> <!-- Rewrite rule to redirect to
>>>>>>>> www.servercom:8080/example -->
>>>>>>>> <RewriteCond %{HTTP_HOST} example\.com [NC]
>>>>>>>> <RewriteRule ^/(.*)$
>>>>>>>> https://www.servercom:7777/example/$1 [R=301,L]
>>>>>>>
>>>>>>> 1. That isn't valid XML.
>>>>>>>
>>>>>>> 2. Where in the Tomcat docs does it say you can nest re-write rules
>> in
>>>> a
>>>>>>> Host element (or any other element)?
>>>>>>>
>>>>>>>> </Host>
>>>>>>>> </Engine>
>>>>>>>> </Host>
>>>>>>>> </Engine>
>>>>>>>> </Host>
>>>>>>>
>>>>>>> You need to configure the RewriteValve.
>>>>>>> https://tomcat.apache.org/tomcat-10.1-doc/rewrite.html
>>>>>>>
>>>>>>> Mark
>>>>>>>
>>>>>>> ---------------------------------------------------------------------
>>>>>>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>>>>>>> For additional commands, e-mail: users-help@tomcat.apache.org
>>>>>>>
>>>>>>>
>>>>>
>>>>
>>>> ---------------------------------------------------------------------
>>>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>>>> For additional commands, e-mail: users-help@tomcat.apache.org
>>>>
>>>>
>>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>> For additional commands, e-mail: users-help@tomcat.apache.org
>>
>>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Regarding Tomcat url redirection
Posted by lavanya tech <la...@gmail.com>.
Hi Chris,
Thank you very much. I removed <Host> for example.com as well as adding an
<Alias> in server.xml
I copied context.xml file
/git/app/apache-tomcat-10.1.11/webapps/towl/META-INF/context.xml
Removed < in rewrite.config files.
But still I dont redirect the URL.
For your information
*nslookup alias.example.com <http://alias.example.com>
gives-->Non-authoritative answer:Name: www.example.com
<http://www.example.com>Address: 192.168.200.10Aliases: alias.example.com
<http://alias.example.com>*
Just to give some information here, *www.example.com
<http://www.example.com>* has alias* "alias.example.com
<http://alias.example.com>"*
But https://www.example.com:7777/example --> works fine with out issues but
the alias doesnot works (https://alias.example.com)
So i am not sure if the redirect url helps or if its correct
Looking for some suggestions.
Thanks
Ammu
On Fri, Apr 19, 2024 at 1:21 PM Christopher Schultz <
chris@christopherschultz.net> wrote:
> Ammu,
>
> On 4/18/24 09:34, lavanya tech wrote:
> > I am attaching server.xml and context.xml and rewrite.config files.
> > The paths are
> >
> > /git/app/apache-tomcat-10.1.11/webapps/towl/context.xml
> > <Context>
> > <Valve className="org.apache.catalina.valves.rewrite.RewriteValve"
> />
> > <!-- Other context configuration -->
> > </Context>
>
> This file ^^^ is in the wrong place. It should be in
> /git/app/apache-tomcat-10.1.11/webapps/towl/META-INF/context.xml
>
> > /git/app/apache-tomcat-10.1.11/webapps/towl/WEB-INF/rewrite.config
> >
> > <RewriteCond %{HTTP_HOST} example.com [NC]
> > <RewriteRule ^/(.*)$ https://www.example.com:7777/example [R=301,L]
>
> Why do you have < symbols at the beginning of these lines?
>
> > server.xml
> >
> > [...]
> >
> > <Host name="example.com" appBase="webapps" unpackWARs="true"
> > autoDeploy="true">
> > <Context path="" docBase="towl" />
>
> It's best not to define any <Context> in server.xml. I would remove this
> <Context> entirely and allow Tomcat to auto-reploy from your
> webapps/towl directory. If you need this application to be deployed as
> the ROOT context (on / and not /towl) then you should re-name
> /git/app/apache-tomcat-10.1.11/webapps/towl to
> /git/app/apache-tomcat-10.1.11/webapps/ROOT
>
> You also don't need a <Host> for example.com as well as adding an
> <Alias> for the same domain (though this is probably to anonymize the
> configuration). You can feel free to simply use the "localhost" <Host>
> as the default <Host> and deploy everything into it. This makes your
> configuration changes relative to a stock Tomcat less significant and
> easier to apply to new versions if/when necessary.
>
> -chris
>
> > On Thu, Apr 18, 2024 at 2:17 PM Christopher Schultz <
> > chris@christopherschultz.net> wrote:
> >
> >> Ammu,
> >>
> >> On 4/18/24 07:45, lavanya tech wrote:
> >>> I added classname rewrite valeus in contex.xml file .
> >>>
> >>> <!-- REWRITE VALVE -->
> >>> <Valve
> className="org.apache.catalina.valves.rewrite.RewriteValve"
> >> />
> >>> <!-- // -->
> >>>
> >>> created rewrite.config so both of them is located under conf under
> >>> apache-tomcat.
> >>>
> >>>
> >>> <RewriteCond %{HTTP_HOST} example.com [NC]
> >>> <RewriteRule ^/(.*)$
> >>> https://www.example.com:7777/example [R=301,L]
> >>>
> >>> So according to the documentaion they say context.xml should be placed
> >>> under webapps and rewrite.config file should be put in WEB-INF folder
> of
> >>> apache-tomcat . I placed and restarted tomcat webserver but still it
> >>> doesnot redirect.
> >>
> >> Can you give full paths to both server.xml and rewrite.config, re-post
> >> your current server.xml <Context> element, and the complete contents of
> >> rewrite.config?
> >>
> >> Have you looked at the log files after start?
> >>
> >> -chris
> >>
> >>> On Thu, Apr 18, 2024 at 1:36 PM lavanya tech <lavanyatech440@gmail.com
> >
> >>> wrote:
> >>>
> >>>> Hi Thomas,
> >>>>
> >>>> Thanks for the fast response.
> >>>>
> >>>> I added classname rewrite valeus in contex.xml file .
> >>>>
> >>>> <!-- REWRITE VALVE -->
> >>>> <Valve
> className="org.apache.catalina.valves.rewrite.RewriteValve"
> >> />
> >>>> <!-- // -->
> >>>>
> >>>> created rewrite.config so both of them is located under conf under
> >>>> apache-tomcat.
> >>>>
> >>>> So according to the documentaion they say context.xml should be placed
> >>>> under webapps and rewrite.config file should be put in WEB-INF folder
> of
> >>>> apache-tomcat
> >>>>
> >>>> Thnks,
> >>>> Ammu
> >>>>
> >>>>
> >>>>
> >>>> On Thu, Apr 18, 2024 at 1:22 PM Mark Thomas <ma...@apache.org> wrote:
> >>>>
> >>>>> On 18/04/2024 12:05, lavanya tech wrote:
> >>>>>> Hi Team,
> >>>>>>
> >>>>>> I am using "Tomcat 10.1" in our environment and I wanted to redirect
> >> url
> >>>>>> from https://example.com to https://www.servercom:7777 and for
> this i
> >>>>>> modified the server.xml as below in tomcat config, and the below
> >>>>>> configuration doesnot seems to work. Does anyone has ideas. Please
> >>>>> suggest.
> >>>>>> The url alone https://www.servercom:7777/ already works. But just
> >>>>>> redirection from the old to one doesnot.
> >>>>>>
> >>>>>> <Host name="example.com" appBase="app" unpackWARs="true"
> >>>>> autoDeploy="true">
> >>>>>> <Context path="" docBase="example" />
> >>>>>> <Alias>example.com</Alias>
> >>>>>> <!-- Add RewriteValve and RewriteRule here -->
> >>>>>> <Valve
> >>>>> className="org.apache.catalina.valves.rewrite.RewriteValve"/>
> >>>>>> <Engine name="Catalina" defaultHost="localhost">
> >>>>>> <Host name="example.com" appBase="app" unpackWARs="true"
> >>>>>> autoDeploy="true">
> >>>>>> <Context path="" docBase="example" />
> >>>>>> <Alias>example.com</Alias>
> >>>>>> <Valve
> >>>>> className="org.apache.catalina.valves.rewrite.RewriteValve"/>
> >>>>>> <Engine name="Catalina" defaultHost="localhost">
> >>>>>> <Host name="example.com" appBase="app"
> >>>>>> unpackWARs="true" autoDeploy="true">
> >>>>>> <Context path="" docBase="example" />
> >>>>>> <Alias>example.com</Alias>
> >>>>>> <!-- Rewrite rule to redirect to
> >>>>>> www.servercom:8080/example -->
> >>>>>> <RewriteCond %{HTTP_HOST} example\.com [NC]
> >>>>>> <RewriteRule ^/(.*)$
> >>>>>> https://www.servercom:7777/example/$1 [R=301,L]
> >>>>>
> >>>>> 1. That isn't valid XML.
> >>>>>
> >>>>> 2. Where in the Tomcat docs does it say you can nest re-write rules
> in
> >> a
> >>>>> Host element (or any other element)?
> >>>>>
> >>>>>> </Host>
> >>>>>> </Engine>
> >>>>>> </Host>
> >>>>>> </Engine>
> >>>>>> </Host>
> >>>>>
> >>>>> You need to configure the RewriteValve.
> >>>>> https://tomcat.apache.org/tomcat-10.1-doc/rewrite.html
> >>>>>
> >>>>> Mark
> >>>>>
> >>>>> ---------------------------------------------------------------------
> >>>>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> >>>>> For additional commands, e-mail: users-help@tomcat.apache.org
> >>>>>
> >>>>>
> >>>
> >>
> >> ---------------------------------------------------------------------
> >> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> >> For additional commands, e-mail: users-help@tomcat.apache.org
> >>
> >>
> >
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>
Re: Regarding Tomcat url redirection
Posted by Christopher Schultz <ch...@christopherschultz.net>.
Ammu,
On 4/18/24 09:34, lavanya tech wrote:
> I am attaching server.xml and context.xml and rewrite.config files.
> The paths are
>
> /git/app/apache-tomcat-10.1.11/webapps/towl/context.xml
> <Context>
> <Valve className="org.apache.catalina.valves.rewrite.RewriteValve" />
> <!-- Other context configuration -->
> </Context>
This file ^^^ is in the wrong place. It should be in
/git/app/apache-tomcat-10.1.11/webapps/towl/META-INF/context.xml
> /git/app/apache-tomcat-10.1.11/webapps/towl/WEB-INF/rewrite.config
>
> <RewriteCond %{HTTP_HOST} example.com [NC]
> <RewriteRule ^/(.*)$ https://www.example.com:7777/example [R=301,L]
Why do you have < symbols at the beginning of these lines?
> server.xml
>
> [...]
>
> <Host name="example.com" appBase="webapps" unpackWARs="true"
> autoDeploy="true">
> <Context path="" docBase="towl" />
It's best not to define any <Context> in server.xml. I would remove this
<Context> entirely and allow Tomcat to auto-reploy from your
webapps/towl directory. If you need this application to be deployed as
the ROOT context (on / and not /towl) then you should re-name
/git/app/apache-tomcat-10.1.11/webapps/towl to
/git/app/apache-tomcat-10.1.11/webapps/ROOT
You also don't need a <Host> for example.com as well as adding an
<Alias> for the same domain (though this is probably to anonymize the
configuration). You can feel free to simply use the "localhost" <Host>
as the default <Host> and deploy everything into it. This makes your
configuration changes relative to a stock Tomcat less significant and
easier to apply to new versions if/when necessary.
-chris
> On Thu, Apr 18, 2024 at 2:17 PM Christopher Schultz <
> chris@christopherschultz.net> wrote:
>
>> Ammu,
>>
>> On 4/18/24 07:45, lavanya tech wrote:
>>> I added classname rewrite valeus in contex.xml file .
>>>
>>> <!-- REWRITE VALVE -->
>>> <Valve className="org.apache.catalina.valves.rewrite.RewriteValve"
>> />
>>> <!-- // -->
>>>
>>> created rewrite.config so both of them is located under conf under
>>> apache-tomcat.
>>>
>>>
>>> <RewriteCond %{HTTP_HOST} example.com [NC]
>>> <RewriteRule ^/(.*)$
>>> https://www.example.com:7777/example [R=301,L]
>>>
>>> So according to the documentaion they say context.xml should be placed
>>> under webapps and rewrite.config file should be put in WEB-INF folder of
>>> apache-tomcat . I placed and restarted tomcat webserver but still it
>>> doesnot redirect.
>>
>> Can you give full paths to both server.xml and rewrite.config, re-post
>> your current server.xml <Context> element, and the complete contents of
>> rewrite.config?
>>
>> Have you looked at the log files after start?
>>
>> -chris
>>
>>> On Thu, Apr 18, 2024 at 1:36 PM lavanya tech <la...@gmail.com>
>>> wrote:
>>>
>>>> Hi Thomas,
>>>>
>>>> Thanks for the fast response.
>>>>
>>>> I added classname rewrite valeus in contex.xml file .
>>>>
>>>> <!-- REWRITE VALVE -->
>>>> <Valve className="org.apache.catalina.valves.rewrite.RewriteValve"
>> />
>>>> <!-- // -->
>>>>
>>>> created rewrite.config so both of them is located under conf under
>>>> apache-tomcat.
>>>>
>>>> So according to the documentaion they say context.xml should be placed
>>>> under webapps and rewrite.config file should be put in WEB-INF folder of
>>>> apache-tomcat
>>>>
>>>> Thnks,
>>>> Ammu
>>>>
>>>>
>>>>
>>>> On Thu, Apr 18, 2024 at 1:22 PM Mark Thomas <ma...@apache.org> wrote:
>>>>
>>>>> On 18/04/2024 12:05, lavanya tech wrote:
>>>>>> Hi Team,
>>>>>>
>>>>>> I am using "Tomcat 10.1" in our environment and I wanted to redirect
>> url
>>>>>> from https://example.com to https://www.servercom:7777 and for this i
>>>>>> modified the server.xml as below in tomcat config, and the below
>>>>>> configuration doesnot seems to work. Does anyone has ideas. Please
>>>>> suggest.
>>>>>> The url alone https://www.servercom:7777/ already works. But just
>>>>>> redirection from the old to one doesnot.
>>>>>>
>>>>>> <Host name="example.com" appBase="app" unpackWARs="true"
>>>>> autoDeploy="true">
>>>>>> <Context path="" docBase="example" />
>>>>>> <Alias>example.com</Alias>
>>>>>> <!-- Add RewriteValve and RewriteRule here -->
>>>>>> <Valve
>>>>> className="org.apache.catalina.valves.rewrite.RewriteValve"/>
>>>>>> <Engine name="Catalina" defaultHost="localhost">
>>>>>> <Host name="example.com" appBase="app" unpackWARs="true"
>>>>>> autoDeploy="true">
>>>>>> <Context path="" docBase="example" />
>>>>>> <Alias>example.com</Alias>
>>>>>> <Valve
>>>>> className="org.apache.catalina.valves.rewrite.RewriteValve"/>
>>>>>> <Engine name="Catalina" defaultHost="localhost">
>>>>>> <Host name="example.com" appBase="app"
>>>>>> unpackWARs="true" autoDeploy="true">
>>>>>> <Context path="" docBase="example" />
>>>>>> <Alias>example.com</Alias>
>>>>>> <!-- Rewrite rule to redirect to
>>>>>> www.servercom:8080/example -->
>>>>>> <RewriteCond %{HTTP_HOST} example\.com [NC]
>>>>>> <RewriteRule ^/(.*)$
>>>>>> https://www.servercom:7777/example/$1 [R=301,L]
>>>>>
>>>>> 1. That isn't valid XML.
>>>>>
>>>>> 2. Where in the Tomcat docs does it say you can nest re-write rules in
>> a
>>>>> Host element (or any other element)?
>>>>>
>>>>>> </Host>
>>>>>> </Engine>
>>>>>> </Host>
>>>>>> </Engine>
>>>>>> </Host>
>>>>>
>>>>> You need to configure the RewriteValve.
>>>>> https://tomcat.apache.org/tomcat-10.1-doc/rewrite.html
>>>>>
>>>>> Mark
>>>>>
>>>>> ---------------------------------------------------------------------
>>>>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>>>>> For additional commands, e-mail: users-help@tomcat.apache.org
>>>>>
>>>>>
>>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>> For additional commands, e-mail: users-help@tomcat.apache.org
>>
>>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Regarding Tomcat url redirection
Posted by lavanya tech <la...@gmail.com>.
Hi Chris,
Thanks for message,
I am attaching server.xml and context.xml and rewrite.config files.
The paths are
/git/app/apache-tomcat-10.1.11/webapps/towl/context.xml
<Context>
<Valve className="org.apache.catalina.valves.rewrite.RewriteValve" />
<!-- Other context configuration -->
</Context>
/git/app/apache-tomcat-10.1.11/webapps/towl/WEB-INF/rewrite.config
<RewriteCond %{HTTP_HOST} example.com [NC]
<RewriteRule ^/(.*)$ https://www.example.com:7777/example [R=301,L]
server.xml
<?xml version="1.0" encoding="UTF-8"?>
<!--
Licensed to the Apache Software Foundation (ASF) under one or more
contributor license agreements. See the NOTICE file distributed with
this work for additional information regarding copyright ownership.
The ASF licenses this file to You under the Apache License, Version 2.0
(the "License"); you may not use this file except in compliance with
the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
-->
<!-- Note: A "Server" is not itself a "Container", so you may not
define subcomponents such as "Valves" at this level.
Documentation at /docs/config/server.html
-->
<Server port="8005" shutdown="SHUTDOWN">
<Listener className="org.apache.catalina.startup.VersionLoggerListener" />
<!-- Security listener. Documentation at /docs/config/listeners.html
<Listener className="org.apache.catalina.security.SecurityListener" />
-->
<!-- APR library loader. Documentation at /docs/apr.html -->
<Listener className="org.apache.catalina.core.AprLifecycleListener"
SSLEngine="on" />
<!-- Prevent memory leaks due to use of particular java/javax APIs-->
<Listener
className="org.apache.catalina.core.JreMemoryLeakPreventionListener" />
<Listener
className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" />
<Listener
className="org.apache.catalina.core.ThreadLocalLeakPreventionListener" />
<!-- Global JNDI resources
Documentation at /docs/jndi-resources-howto.html
-->
<GlobalNamingResources>
<!-- Editable user database that can also be used by
UserDatabaseRealm to authenticate users
-->
<Resource name="UserDatabase" auth="Container"
type="org.apache.catalina.UserDatabase"
description="User database that can be updated and saved"
factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
pathname="conf/tomcat-users.xml" />
</GlobalNamingResources>
<!-- A "Service" is a collection of one or more "Connectors" that share
a single "Container" Note: A "Service" is not itself a "Container",
so you may not define subcomponents such as "Valves" at this level.
Documentation at /docs/config/service.html
-->
<Service name="Catalina">
<!--The connectors can use a shared executor, you can define one or
more named thread pools-->
<!--
<Executor name="tomcatThreadPool" namePrefix="catalina-exec-"
maxThreads="150" minSpareThreads="4"/>
-->
<!-- A "Connector" represents an endpoint by which requests are received
and responses are returned. Documentation at :
HTTP Connector: /docs/config/http.html
AJP Connector: /docs/config/ajp.html
Define a non-SSL/TLS HTTP/1.1 Connector on port 8080
-->
<Connector port="8080" protocol="HTTP/1.1"
address="127.0.0.1"
connectionTimeout="20000"
maxParameterCount="1000"
/>
<!--
<Connector port="8080" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="7777"
maxParameterCount="1000"
/>
-->
<!-- A "Connector" using the shared thread pool-->
<!--
<Connector executor="tomcatThreadPool"
port="8080" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="7777"
maxParameterCount="1000"
/>
-->
<!-- Define an SSL/TLS HTTP/1.1 Connector on port 7777 with HTTP/2
This connector uses the NIO implementation. The default
SSLImplementation will depend on the presence of the APR/native
library and the useOpenSSL attribute of the AprLifecycleListener.
Either JSSE or OpenSSL style configuration may be used regardless
of
the SSLImplementation selected. JSSE style configuration is used
below.
-->
<Connector port="7777"
protocol="org.apache.coyote.http11.Http11NioProtocol"
maxThreads="150" SSLEnabled="true"
maxParameterCount="1000"
>
<UpgradeProtocol className="org.apache.coyote.http2.Http2Protocol"
/>
<SSLHostConfig>
<Certificate
certificateKeystoreFile="/git/application/app/keystore"
certificateKeystorePassword="pass"
type="RSA"
/>
</SSLHostConfig>
</Connector>
<!-- Define an AJP 1.3 Connector on port 8009 -->
<!--
<Connector protocol="AJP/1.3"
address="::1"
port="8009"
redirectPort="7777"
maxParameterCount="1000"
/>
-->
<!-- An Engine represents the entry point (within Catalina) that
processes
every request. The Engine implementation for Tomcat stand alone
analyzes the HTTP headers included with the request, and passes
them
on to the appropriate Host (virtual host).
Documentation at /docs/config/engine.html -->
<!-- You should set jvmRoute to support load-balancing via AJP ie :
<Engine name="Catalina" defaultHost="localhost" jvmRoute="jvm1">
-->
<Engine name="Catalina" defaultHost="localhost">
<!--For clustering, please take a look at documentation at:
/docs/cluster-howto.html (simple how to)
/docs/config/cluster.html (reference documentation) -->
<!--
<Cluster className="org.apache.catalina.ha.tcp.SimpleTcpCluster"/>
-->
<!-- Use the LockOutRealm to prevent attempts to guess user passwords
via a brute-force attack -->
<Realm className="org.apache.catalina.realm.LockOutRealm">
<!-- This Realm uses the UserDatabase configured in the global JNDI
resources under the key "UserDatabase". Any edits
that are performed against this UserDatabase are immediately
available for use by the Realm. -->
<Realm className="org.apache.catalina.realm.UserDatabaseRealm"
resourceName="UserDatabase"/>
</Realm>
<Host name="example.com" appBase="webapps" unpackWARs="true"
autoDeploy="true">
<Context path="" docBase="towl" />
<Alias>example.com</Alias>
</Host>
<Host name="localhost" appBase="webapps"
unpackWARs="true" autoDeploy="true">
<!-- SingleSignOn valve, share authentication between web
applications
Documentation at: /docs/config/valve.html -->
<!--
<Valve className="org.apache.catalina.authenticator.SingleSignOn" />
-->
<!-- Access log processes all example.
Documentation at: /docs/config/valve.html
Note: The pattern used is equivalent to using pattern="common"
-->
<Valve className="org.apache.catalina.valves.AccessLogValve"
directory="logs"
prefix="localhost_access_log" suffix=".txt"
pattern="%h %l %u %t "%r" %s %b" />
</Host>
</Engine>
</Service>
</Server>
Thanks
Ammu
On Thu, Apr 18, 2024 at 2:17 PM Christopher Schultz <
chris@christopherschultz.net> wrote:
> Ammu,
>
> On 4/18/24 07:45, lavanya tech wrote:
> > I added classname rewrite valeus in contex.xml file .
> >
> > <!-- REWRITE VALVE -->
> > <Valve className="org.apache.catalina.valves.rewrite.RewriteValve"
> />
> > <!-- // -->
> >
> > created rewrite.config so both of them is located under conf under
> > apache-tomcat.
> >
> >
> > <RewriteCond %{HTTP_HOST} example.com [NC]
> > <RewriteRule ^/(.*)$
> > https://www.example.com:7777/example [R=301,L]
> >
> > So according to the documentaion they say context.xml should be placed
> > under webapps and rewrite.config file should be put in WEB-INF folder of
> > apache-tomcat . I placed and restarted tomcat webserver but still it
> > doesnot redirect.
>
> Can you give full paths to both server.xml and rewrite.config, re-post
> your current server.xml <Context> element, and the complete contents of
> rewrite.config?
>
> Have you looked at the log files after start?
>
> -chris
>
> > On Thu, Apr 18, 2024 at 1:36 PM lavanya tech <la...@gmail.com>
> > wrote:
> >
> >> Hi Thomas,
> >>
> >> Thanks for the fast response.
> >>
> >> I added classname rewrite valeus in contex.xml file .
> >>
> >> <!-- REWRITE VALVE -->
> >> <Valve className="org.apache.catalina.valves.rewrite.RewriteValve"
> />
> >> <!-- // -->
> >>
> >> created rewrite.config so both of them is located under conf under
> >> apache-tomcat.
> >>
> >> So according to the documentaion they say context.xml should be placed
> >> under webapps and rewrite.config file should be put in WEB-INF folder of
> >> apache-tomcat
> >>
> >> Thnks,
> >> Ammu
> >>
> >>
> >>
> >> On Thu, Apr 18, 2024 at 1:22 PM Mark Thomas <ma...@apache.org> wrote:
> >>
> >>> On 18/04/2024 12:05, lavanya tech wrote:
> >>>> Hi Team,
> >>>>
> >>>> I am using "Tomcat 10.1" in our environment and I wanted to redirect
> url
> >>>> from https://example.com to https://www.servercom:7777 and for this i
> >>>> modified the server.xml as below in tomcat config, and the below
> >>>> configuration doesnot seems to work. Does anyone has ideas. Please
> >>> suggest.
> >>>> The url alone https://www.servercom:7777/ already works. But just
> >>>> redirection from the old to one doesnot.
> >>>>
> >>>> <Host name="example.com" appBase="app" unpackWARs="true"
> >>> autoDeploy="true">
> >>>> <Context path="" docBase="example" />
> >>>> <Alias>example.com</Alias>
> >>>> <!-- Add RewriteValve and RewriteRule here -->
> >>>> <Valve
> >>> className="org.apache.catalina.valves.rewrite.RewriteValve"/>
> >>>> <Engine name="Catalina" defaultHost="localhost">
> >>>> <Host name="example.com" appBase="app" unpackWARs="true"
> >>>> autoDeploy="true">
> >>>> <Context path="" docBase="example" />
> >>>> <Alias>example.com</Alias>
> >>>> <Valve
> >>> className="org.apache.catalina.valves.rewrite.RewriteValve"/>
> >>>> <Engine name="Catalina" defaultHost="localhost">
> >>>> <Host name="example.com" appBase="app"
> >>>> unpackWARs="true" autoDeploy="true">
> >>>> <Context path="" docBase="example" />
> >>>> <Alias>example.com</Alias>
> >>>> <!-- Rewrite rule to redirect to
> >>>> www.servercom:8080/example -->
> >>>> <RewriteCond %{HTTP_HOST} example\.com [NC]
> >>>> <RewriteRule ^/(.*)$
> >>>> https://www.servercom:7777/example/$1 [R=301,L]
> >>>
> >>> 1. That isn't valid XML.
> >>>
> >>> 2. Where in the Tomcat docs does it say you can nest re-write rules in
> a
> >>> Host element (or any other element)?
> >>>
> >>>> </Host>
> >>>> </Engine>
> >>>> </Host>
> >>>> </Engine>
> >>>> </Host>
> >>>
> >>> You need to configure the RewriteValve.
> >>> https://tomcat.apache.org/tomcat-10.1-doc/rewrite.html
> >>>
> >>> Mark
> >>>
> >>> ---------------------------------------------------------------------
> >>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> >>> For additional commands, e-mail: users-help@tomcat.apache.org
> >>>
> >>>
> >
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>
Re: Regarding Tomcat url redirection
Posted by Christopher Schultz <ch...@christopherschultz.net>.
Ammu,
On 4/18/24 07:45, lavanya tech wrote:
> I added classname rewrite valeus in contex.xml file .
>
> <!-- REWRITE VALVE -->
> <Valve className="org.apache.catalina.valves.rewrite.RewriteValve" />
> <!-- // -->
>
> created rewrite.config so both of them is located under conf under
> apache-tomcat.
>
>
> <RewriteCond %{HTTP_HOST} example.com [NC]
> <RewriteRule ^/(.*)$
> https://www.example.com:7777/example [R=301,L]
>
> So according to the documentaion they say context.xml should be placed
> under webapps and rewrite.config file should be put in WEB-INF folder of
> apache-tomcat . I placed and restarted tomcat webserver but still it
> doesnot redirect.
Can you give full paths to both server.xml and rewrite.config, re-post
your current server.xml <Context> element, and the complete contents of
rewrite.config?
Have you looked at the log files after start?
-chris
> On Thu, Apr 18, 2024 at 1:36 PM lavanya tech <la...@gmail.com>
> wrote:
>
>> Hi Thomas,
>>
>> Thanks for the fast response.
>>
>> I added classname rewrite valeus in contex.xml file .
>>
>> <!-- REWRITE VALVE -->
>> <Valve className="org.apache.catalina.valves.rewrite.RewriteValve" />
>> <!-- // -->
>>
>> created rewrite.config so both of them is located under conf under
>> apache-tomcat.
>>
>> So according to the documentaion they say context.xml should be placed
>> under webapps and rewrite.config file should be put in WEB-INF folder of
>> apache-tomcat
>>
>> Thnks,
>> Ammu
>>
>>
>>
>> On Thu, Apr 18, 2024 at 1:22 PM Mark Thomas <ma...@apache.org> wrote:
>>
>>> On 18/04/2024 12:05, lavanya tech wrote:
>>>> Hi Team,
>>>>
>>>> I am using "Tomcat 10.1" in our environment and I wanted to redirect url
>>>> from https://example.com to https://www.servercom:7777 and for this i
>>>> modified the server.xml as below in tomcat config, and the below
>>>> configuration doesnot seems to work. Does anyone has ideas. Please
>>> suggest.
>>>> The url alone https://www.servercom:7777/ already works. But just
>>>> redirection from the old to one doesnot.
>>>>
>>>> <Host name="example.com" appBase="app" unpackWARs="true"
>>> autoDeploy="true">
>>>> <Context path="" docBase="example" />
>>>> <Alias>example.com</Alias>
>>>> <!-- Add RewriteValve and RewriteRule here -->
>>>> <Valve
>>> className="org.apache.catalina.valves.rewrite.RewriteValve"/>
>>>> <Engine name="Catalina" defaultHost="localhost">
>>>> <Host name="example.com" appBase="app" unpackWARs="true"
>>>> autoDeploy="true">
>>>> <Context path="" docBase="example" />
>>>> <Alias>example.com</Alias>
>>>> <Valve
>>> className="org.apache.catalina.valves.rewrite.RewriteValve"/>
>>>> <Engine name="Catalina" defaultHost="localhost">
>>>> <Host name="example.com" appBase="app"
>>>> unpackWARs="true" autoDeploy="true">
>>>> <Context path="" docBase="example" />
>>>> <Alias>example.com</Alias>
>>>> <!-- Rewrite rule to redirect to
>>>> www.servercom:8080/example -->
>>>> <RewriteCond %{HTTP_HOST} example\.com [NC]
>>>> <RewriteRule ^/(.*)$
>>>> https://www.servercom:7777/example/$1 [R=301,L]
>>>
>>> 1. That isn't valid XML.
>>>
>>> 2. Where in the Tomcat docs does it say you can nest re-write rules in a
>>> Host element (or any other element)?
>>>
>>>> </Host>
>>>> </Engine>
>>>> </Host>
>>>> </Engine>
>>>> </Host>
>>>
>>> You need to configure the RewriteValve.
>>> https://tomcat.apache.org/tomcat-10.1-doc/rewrite.html
>>>
>>> Mark
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>>> For additional commands, e-mail: users-help@tomcat.apache.org
>>>
>>>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Regarding Tomcat url redirection
Posted by lavanya tech <la...@gmail.com>.
Hi Thomas,
Thanks for the fast response.
I added classname rewrite valeus in contex.xml file .
<!-- REWRITE VALVE -->
<Valve className="org.apache.catalina.valves.rewrite.RewriteValve" />
<!-- // -->
created rewrite.config so both of them is located under conf under
apache-tomcat.
<RewriteCond %{HTTP_HOST} example.com [NC]
<RewriteRule ^/(.*)$
https://www.example.com:7777/example [R=301,L]
So according to the documentaion they say context.xml should be placed
under webapps and rewrite.config file should be put in WEB-INF folder of
apache-tomcat . I placed and restarted tomcat webserver but still it
doesnot redirect.
Thnks,
Ammu
On Thu, Apr 18, 2024 at 1:36 PM lavanya tech <la...@gmail.com>
wrote:
> Hi Thomas,
>
> Thanks for the fast response.
>
> I added classname rewrite valeus in contex.xml file .
>
> <!-- REWRITE VALVE -->
> <Valve className="org.apache.catalina.valves.rewrite.RewriteValve" />
> <!-- // -->
>
> created rewrite.config so both of them is located under conf under
> apache-tomcat.
>
> So according to the documentaion they say context.xml should be placed
> under webapps and rewrite.config file should be put in WEB-INF folder of
> apache-tomcat
>
> Thnks,
> Ammu
>
>
>
> On Thu, Apr 18, 2024 at 1:22 PM Mark Thomas <ma...@apache.org> wrote:
>
>> On 18/04/2024 12:05, lavanya tech wrote:
>> > Hi Team,
>> >
>> > I am using "Tomcat 10.1" in our environment and I wanted to redirect url
>> > from https://example.com to https://www.servercom:7777 and for this i
>> > modified the server.xml as below in tomcat config, and the below
>> > configuration doesnot seems to work. Does anyone has ideas. Please
>> suggest.
>> > The url alone https://www.servercom:7777/ already works. But just
>> > redirection from the old to one doesnot.
>> >
>> > <Host name="example.com" appBase="app" unpackWARs="true"
>> autoDeploy="true">
>> > <Context path="" docBase="example" />
>> > <Alias>example.com</Alias>
>> > <!-- Add RewriteValve and RewriteRule here -->
>> > <Valve
>> className="org.apache.catalina.valves.rewrite.RewriteValve"/>
>> > <Engine name="Catalina" defaultHost="localhost">
>> > <Host name="example.com" appBase="app" unpackWARs="true"
>> > autoDeploy="true">
>> > <Context path="" docBase="example" />
>> > <Alias>example.com</Alias>
>> > <Valve
>> className="org.apache.catalina.valves.rewrite.RewriteValve"/>
>> > <Engine name="Catalina" defaultHost="localhost">
>> > <Host name="example.com" appBase="app"
>> > unpackWARs="true" autoDeploy="true">
>> > <Context path="" docBase="example" />
>> > <Alias>example.com</Alias>
>> > <!-- Rewrite rule to redirect to
>> > www.servercom:8080/example -->
>> > <RewriteCond %{HTTP_HOST} example\.com [NC]
>> > <RewriteRule ^/(.*)$
>> > https://www.servercom:7777/example/$1 [R=301,L]
>>
>> 1. That isn't valid XML.
>>
>> 2. Where in the Tomcat docs does it say you can nest re-write rules in a
>> Host element (or any other element)?
>>
>> > </Host>
>> > </Engine>
>> > </Host>
>> > </Engine>
>> > </Host>
>>
>> You need to configure the RewriteValve.
>> https://tomcat.apache.org/tomcat-10.1-doc/rewrite.html
>>
>> Mark
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>> For additional commands, e-mail: users-help@tomcat.apache.org
>>
>>
Re: Regarding Tomcat url redirection
Posted by lavanya tech <la...@gmail.com>.
Hi Thomas,
Thanks for the fast response.
I added classname rewrite valeus in contex.xml file .
<!-- REWRITE VALVE -->
<Valve className="org.apache.catalina.valves.rewrite.RewriteValve" />
<!-- // -->
created rewrite.config so both of them is located under conf under
apache-tomcat.
So according to the documentaion they say context.xml should be placed
under webapps and rewrite.config file should be put in WEB-INF folder of
apache-tomcat
Thnks,
Ammu
On Thu, Apr 18, 2024 at 1:22 PM Mark Thomas <ma...@apache.org> wrote:
> On 18/04/2024 12:05, lavanya tech wrote:
> > Hi Team,
> >
> > I am using "Tomcat 10.1" in our environment and I wanted to redirect url
> > from https://example.com to https://www.servercom:7777 and for this i
> > modified the server.xml as below in tomcat config, and the below
> > configuration doesnot seems to work. Does anyone has ideas. Please
> suggest.
> > The url alone https://www.servercom:7777/ already works. But just
> > redirection from the old to one doesnot.
> >
> > <Host name="example.com" appBase="app" unpackWARs="true"
> autoDeploy="true">
> > <Context path="" docBase="example" />
> > <Alias>example.com</Alias>
> > <!-- Add RewriteValve and RewriteRule here -->
> > <Valve className="org.apache.catalina.valves.rewrite.RewriteValve"/>
> > <Engine name="Catalina" defaultHost="localhost">
> > <Host name="example.com" appBase="app" unpackWARs="true"
> > autoDeploy="true">
> > <Context path="" docBase="example" />
> > <Alias>example.com</Alias>
> > <Valve
> className="org.apache.catalina.valves.rewrite.RewriteValve"/>
> > <Engine name="Catalina" defaultHost="localhost">
> > <Host name="example.com" appBase="app"
> > unpackWARs="true" autoDeploy="true">
> > <Context path="" docBase="example" />
> > <Alias>example.com</Alias>
> > <!-- Rewrite rule to redirect to
> > www.servercom:8080/example -->
> > <RewriteCond %{HTTP_HOST} example\.com [NC]
> > <RewriteRule ^/(.*)$
> > https://www.servercom:7777/example/$1 [R=301,L]
>
> 1. That isn't valid XML.
>
> 2. Where in the Tomcat docs does it say you can nest re-write rules in a
> Host element (or any other element)?
>
> > </Host>
> > </Engine>
> > </Host>
> > </Engine>
> > </Host>
>
> You need to configure the RewriteValve.
> https://tomcat.apache.org/tomcat-10.1-doc/rewrite.html
>
> Mark
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>
Re: Regarding Tomcat url redirection
Posted by Mark Thomas <ma...@apache.org>.
On 18/04/2024 12:05, lavanya tech wrote:
> Hi Team,
>
> I am using "Tomcat 10.1" in our environment and I wanted to redirect url
> from https://example.com to https://www.servercom:7777 and for this i
> modified the server.xml as below in tomcat config, and the below
> configuration doesnot seems to work. Does anyone has ideas. Please suggest.
> The url alone https://www.servercom:7777/ already works. But just
> redirection from the old to one doesnot.
>
> <Host name="example.com" appBase="app" unpackWARs="true" autoDeploy="true">
> <Context path="" docBase="example" />
> <Alias>example.com</Alias>
> <!-- Add RewriteValve and RewriteRule here -->
> <Valve className="org.apache.catalina.valves.rewrite.RewriteValve"/>
> <Engine name="Catalina" defaultHost="localhost">
> <Host name="example.com" appBase="app" unpackWARs="true"
> autoDeploy="true">
> <Context path="" docBase="example" />
> <Alias>example.com</Alias>
> <Valve className="org.apache.catalina.valves.rewrite.RewriteValve"/>
> <Engine name="Catalina" defaultHost="localhost">
> <Host name="example.com" appBase="app"
> unpackWARs="true" autoDeploy="true">
> <Context path="" docBase="example" />
> <Alias>example.com</Alias>
> <!-- Rewrite rule to redirect to
> www.servercom:8080/example -->
> <RewriteCond %{HTTP_HOST} example\.com [NC]
> <RewriteRule ^/(.*)$
> https://www.servercom:7777/example/$1 [R=301,L]
1. That isn't valid XML.
2. Where in the Tomcat docs does it say you can nest re-write rules in a
Host element (or any other element)?
> </Host>
> </Engine>
> </Host>
> </Engine>
> </Host>
You need to configure the RewriteValve.
https://tomcat.apache.org/tomcat-10.1-doc/rewrite.html
Mark
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org