I am using Ubuntu 14.04 and apache-tomcat version 6. I changed all necessary things to redirect the port from 8080 to 8443 and it's working fine, but the thing is both urls are working. I would like to auto redirect to 8443(https://localhost:8443) when we open 8080 (http://localhost:8080) and is there any free SSL CA(certificate authority) available to encrypt the data among server and user.
Asked
Active
Viewed 1,838 times
1 Answers
0
Tomcat 6.0 is obsolete, so I'll assume you have at least Tomcat 7 (which is available on Ubuntu 14.04). There are basically three ways to force a redirect to HTTPS:
- Add a
<security-contraint>to theweb.xmlfiles of all your application. If they don't have any, add:
<security-constraint>
<web-resource-collection>
<web-resource-name>All</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
otherwise add the <user-data-constraint> part to the existing <security-constraint>.
You can also add the previous snippet to conf/web.xml, but that may have side-effects: security constraints are selected by the most specific URL pattern. If they have the same URL pattern they are merged: the less restrictive contraint applies. E.g. if you use the /html/* pattern in conf/web.xml it will be merged with Tomcat Manager's contraint and you will be able to log into Tomcat Manager without encryption and without password.
- You can use a RewriteValve: see this question for Tomcat 7 or this question for more recent versions.
- Personally I'd recommend to use a reverse proxy like Nginx and to perform the redirect on it, rather than Tomcat. There are lot of questions and answers on this site on how to do it.
Piotr P. Karwasz
- 5,748
- 2
- 11
- 21