0

I have a tomcat web app in an Ubuntu server. The web app is deployed as ROOT. I have installed apache2 and via a VirtualHost I pointed the IP directly to the tomcat web app. So I can access the site via the IP (and domain) directly like 125.20.20.50 or example.com.

Please check the below file, which is the 000-default.conf in \etc\apache2\sites-enabled\.

<VirtualHost *:80>
    ProxyPreserveHost On

    # Servers to proxy the connection, or;
    # List of application servers:
    # Usage:
    # ProxyPass / http://[IP Addr.]:[port]/
    # ProxyPassReverse / http://[IP Addr.]:[port]/
    # Example:
    ProxyPass / http://127.0.0.1:8080/
    ProxyPassReverse / http://127.0.0.1:8080/
    ServerName localhost
</VirtualHost>

<VirtualHost *:443>
        ServerAdmin webmaster@localhost
        DocumentRoot /opt/apache-tomcat-7.0.79/webapps/ROOT/
        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined
        SSLEngine On
        # Set the path to SSL certificate
        # Usage: SSLCertificateFile /path/to/cert.pem
        SSLCertificateKeyFile /etc/apache2/ssl/key.key
        SSLCertificateFile /etc/apache2/ssl/certificate.crt
        SSLCertificateChainFile /etc/apache2/ssl/STAR_xxx_com.ca-bundle
        ProxyPreserveHost On
        ProxyPass / http://localhost:8080/
        ProxyPassReverse / http://localhost:8080/
        ServerName localhost
</VirtualHost>

The SSL works fine if I specifically used https in the URL like https://portal.example.com. The case is I still can access the site without security if I didn't specifically mention the https but typed something like portal.example.com in browser.

How can I fix this?

PeakGen
  • 129
  • 1
  • 8

3 Answers3

4

Typically you simply redirect users to https from the plain HTTP virtualhost entry:

<VirtualHost *:80>
    ServerName portal.example.com
    Redirect / https://portal.example.com
</VirtualHost>
HBruijn
  • 77,029
  • 24
  • 135
  • 201
  • So, replace my `VirtualHost` for `80` with your code? Or add your code into my existing? – PeakGen Aug 08 '17 at 03:53
  • Sorry, I tried your answer. Then portal.example.com simply took me to the apache port 80 page. For the `servername` I am using `localhost` as it works perfectly, tried changing it to my domain but the same result. I updated the above code in my question with the exact one I am using. – PeakGen Aug 09 '17 at 06:58
4

If I understood you correctly you want all accesses to http://portal.example.com/ being rewritten to https://portal.example.com?

To do this you just need to replace the ProxyPass stuff in the port 80 VirtualHost with a RewriteRule:

<VirtualHost *:80>
    RewriteEngine on
    RewriteRule ^(.*)$ https://portal.example.com/$1

    ServerName portal.example.com
</VirtualHost>

This should be enough to rewrite everything to your HTTPS page.

NOTE: This does keep the rest of the URL, so that means http://portal.example.com/random_page becomes https://portal.example.com/random_page

If you just want to redirect every HTTP Access to the root HTTPS page (so http://portal.example.com/random_page will become https://portal.example.com/), you should accept @HBruijn's answer, as it is much simpler and enough for this case.

Tim Schumacher
  • 576
  • 3
  • 12
  • Thank you for the reply. So in @HBruijn's answer, how can I use it? I mean remove my `VirtualHost` for `80` and use his? The code need a point to TomCat as well, which I have done.... – PeakGen Aug 08 '17 at 03:58
  • Yes, you should remove your Virtual Host for 80 and use mine/his. – Tim Schumacher Aug 08 '17 at 06:21
  • @PeakGen The VirtualHost for 80 does not need a reference to Tomcat, as it's only purpose is to redirect the Browser so that the VirtualHost for 443 is used. – Tim Schumacher Aug 08 '17 at 14:12
  • ohhhh... ok.... – PeakGen Aug 09 '17 at 04:01
  • Sorry, I tried your answer. Then portal.example.com simply took me to the apache port 80 page. For the `servername` I am using `localhost` as it works perfectly, tried changing it to my domain but the same result. I updated the above code in my question with the exact one I am using. – PeakGen Aug 09 '17 at 06:57
  • you are still using the ProxyPass directives. Please replace your whole VirtualHost for Port 80 with my Virtual host (of course you need to change portal.example.com to localhost everywhere) – Tim Schumacher Aug 09 '17 at 07:37
  • I did the same. Changed everything with your code but no good – PeakGen Aug 09 '17 at 07:38
  • Could you upload your complete 000-default.conf (with my VirtualHost) to somewhere like pastebin? Also, please make sure that you saved the file correctly. – Tim Schumacher Aug 09 '17 at 07:46
  • Here is the link, of course In my original I have the real domain instead of `portal.xxx.com` - https://pastebin.com/Hw4w14yn – PeakGen Aug 09 '17 at 08:54
  • @PeakGen Nothing seems wrong there... And you say the normal HTTP page fires up instead of redirecting you to HTTPS when accessing the page? If yes, try adding the line `RewriteEngine on` above the RewriteRule line. Also, please make sure the file was saved correctly and restart Apache afterwards. – Tim Schumacher Aug 09 '17 at 11:30
  • Thanks for the help, `RewriteEngine on` is the reason. Please edit your answer with that. – PeakGen Aug 13 '17 at 16:40
2

Change you first VirtualHost to 

<VirtualHost *:80>
 ServerName portal.example.com
 DocumentRoot /opt/apache-tomcat-7.0.79/webapps/ROOT/
 Redirect /secure https://portal.example.com
</VirtualHost>

PS: never run your web server as root. Use dedicated user, and give it rights on your machine accordingly.

Valentin Gazzola
  • 21
  • 1
  • 1
    This is not what the OP asked for. Please read the question again and edit your answer if you have a different solution than already given in other answers. – Tim Schumacher Aug 04 '17 at 18:13