HowTo: Enable HTTP to HTTPS redirection in tomcat for server under elb.

Posted on Updated on

I have installed Tomcat native method APR which is very lite to handle the serverlet request, For secure the logins, it is better to configure force redirection.

I followed the below methods,  in amazon server.

1, Configure SSL with port redirection in AWS firewall

ELB-tomcat

 

 

 

 

2, Edit the tomcat configuration for SSL redirection, Modify the below parts in the conf file.

/usr/local/apache-tomcat-7.0.47/conf/server.xml

<Connector port="80" protocol="HTTP/1.1"
 enableLookups="false"
 connectionTimeout="20000"
 redirectPort="443" />

SSL Certifice configuration in APR tomcat native method

<Connector
 protocol="HTTP/1.1"
 port="443" maxThreads="500"
 scheme="https" secure="true" SSLEnabled="true"
 SSLCertificateFile="${catalina.home}/conf/keystore/wacom.crt"
 SSLCertificateKeyFile="${catalina.home}/conf/keystore/wacom.key"
 SSLCACertificateFile="${catalina.home}/conf/keystore/wacom.intermediate.ca"
 SSLVerifyClient="optional" SSLProtocol="TLSv1"/>

3, edit the Aplications web.xml for force redirection. webapps/ROOT/WEB-INF/web.xml

<security-constraint>
<web-resource-collection>
<web-resource-name>Protected Context</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<!-- auth-constraint goes here if you requre authentication -->
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>

Verify :

curl -I http://domain.com/ROOT
HTTP/1.1 302 Found
Content-length: 0
Date: Fri, 31 Oct 2014 16:33:42 GMT
Location: https://domain.com/login;jsessionid=5B5B0B1292597816EA2C5DE89B298F74
Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID=5B5B0B1292597816EA2C5DE89B298F74; Path=/; HttpOnly
Connection: keep-alive

 

Advertisements

2 thoughts on “HowTo: Enable HTTP to HTTPS redirection in tomcat for server under elb.

    pramod said:
    March 16, 2016 at 3:37 pm

    When I make a call HTTPS request, then there are two levels of encryptions happening : at LB and at tomcat as well. Isn’t there a single place which can solve the problem?

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s