0

So we have a webservice running tomcat 7 on port 58080 that I have been tasked with migrating from http to https. I have the SSL configuration set and functional but only if you go directly to the url https://<domain>.com:58080. I would like it to listen for http://<domain>.com:58080 and <domain>.com:58080 but rewrite those to the https url. Currently if you do not specify https in the url there's no answer so I would like to know if this is possible and how?

Thanks!

Edit: I also have the require SSL config in web.xml.

dave_thompson_085
  • 34,712
  • 6
  • 50
  • 70
kmurphy
  • 1
  • FYI there's no such thing as listening without a protocol. Many _clients_ let you enter just `host[:port][/path]` as a URL and automatically _add_ http: (or https: if HSTS applies), but any actual connection uses an actual protocol, typically http or https but others are possible. Also fixed your markdown so the anglebrackets don't disappear. – dave_thompson_085 Oct 02 '18 at 20:20
  • If using non-standard ports you have to live with some usability issues as the browser just fails to connect if the user is wrong or it guesses wrong given only `host:port`. Is the server/domain running something else on 80 and 443? Often Java sites will have somethimg else in front as a proxy. – Fire Lancer Oct 02 '18 at 20:25
  • Use a second port to run HTTPS on, say 58081, and always do an HTTP redirect to an HTTPS url on 58081. See [this question and the answers](https://security.stackexchange.com/q/166204/662) for more info. Also, [this one](https://stackoverflow.com/q/33208796/238704). – President James K. Polk Oct 02 '18 at 23:06

1 Answers1

0

Doesn’t that defeat the purpose of having https?

Usually you would have https for external access and http for internal access. The http port being different than the https port.

Defaults are http:80 and https:443 - which I’m sure you already know.

But you can’t have both http and https on the same port. Tomcat will not be able to distinguish if the protocol is https or http.

Mike Murphy
  • 1,006
  • 8
  • 16
  • The only connector in conf/server.xml is the SSL connector on port 58080. So I guess the question is if I don't have a http connector on 58080 and someone goes to the URL "webserver.com:58080" shouldn't they have their url rewritten to "HTTPS://webserver.com:58080"? – kmurphy Oct 02 '18 at 19:30
  • 1
    But its not just re-writing the https, you have to accommodate the change in protocol from http to https, certificates and all that good stuff. If the client is using a browser then it will support the protocol, if the client is using rest or soap or some such api then it has to handle the protocol including the provision of a certificate. – Mike Murphy Oct 02 '18 at 19:43
  • This link might help https://stackoverflow.com/questions/33208796/redirect-http-to-httpsport-in-tomcat – Mike Murphy Oct 02 '18 at 19:58