Richard, > Am 20.07.2019 um 04:19 schrieb Richard Huntrods <huntr...@athabascau.ca>: > > I tried implementing automatic redirection from HTTP to HTTPS on my > tomcat today, but it's not working. > > First, my system: > OS: Ubuntu 18.04.2 LTS (server) > Tomcat: 9.0.22 (installed from tomcat distribution, not via apt get) > Java: OpenJDK "11.0.3" 2019-04-16 > Mysql: Ver 14.14 Distrib 5.7.26 > > This web application has it's own domain (let's call it "mydomain.com" ) > and has working HTTPS - and has done for some time now. > > Static web pages are served on this application via tomcat using the > ROOT directory ../tomcat/webapps/ROOT > > Again, this is working just fine. If I type "https://mydomain.com" I see > the secure static pages. If I type "http://mydomain.com" I see the same > pages, but browsers inform me the page isn't secure. > > I want to force tomcat to redirect "http://mydomain.com" to > "https://mydomain.com" always. > > I found instructions for auto-redirection on several on-line sites, and > all had the same instructions. > > I already have the redirect code in server.xml: > > <Connector port="80" protocol="HTTP/1.1" > connectionTimeout="20000" > redirectPort="443" /> > > So all I had to add (according to the instructions) was code at the end > of ...tomcat/conf/web.xml > > <security-constraint> > <web-resource-collection> > <web-resource-name>Secured</web-resource-name> > <url-pattern>/*</url-pattern> > </web-recource-collection> > <user-data-constraint> > <transport-guarantee>CONFIDENTIAL</transport-guarantee> > </user-data-constraint> > </security-constraint> > > just before the final </web-app>
This should go into your webapp's WEB-INF/web.xml! Not the tomcat/conf! Hope this helps, Peter > > I did this and restarted tomcat. It doesn't work. > > After restarting tomcat, if I type in "http://mydomain.com" I still see > the unsecured version. It does not auto-redirect to https. > > What am I missing? > > Thanks, > -Richard > > --- > This email has been checked for viruses by Avast antivirus software. > https://www.avast.com/antivirus > > -- > This communication is intended for the use of the recipient to whom it is > addressed, and may contain confidential, personal, and or privileged > information. Please contact us immediately if you are not the intended > recipient of this communication, and do not copy, distribute, or take action > relying on it. Any communications received in error, or subsequent reply, > should be deleted or destroyed. > --- > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org >
smime.p7s
Description: S/MIME cryptographic signature