Hello Chris, I figured out how I can it make it work with 443. Now the URls are working. I added iptables route 443 to 8443 and it started working.
nslookup example.lbg.com Non-authoritative answer: Name: server.lbg.com Address: 192.168.200.105 Aliases: example.lbg.com I have some application towl running with apache tomcat. I have the below URLs working. https://server.lbg.com:8443/towl https://server.lbg.com https://example.lbg.com https://example.lbg.com/towl Now i wanted to disable the url https://example.lbg.com/towl and https://server.lbg.com and access only the other remaining two. In the end our goal to makesure that the links are not always dead as soon as the towl is moved to a new machine. Can you pelase assit me how to do that ? Thanks, Lavanya On Tue, Apr 30, 2024 at 5:44 PM Christopher Schultz < ch...@christopherschultz.net> wrote: > Lavanya, > > On 4/30/24 07:10, lavanya tech wrote: > > Can you tell me how to do the below ? How should I setup Tomcat in > > server.xml ? > > > > > > If you want to use port 443 (the default port for HTTPS) then you will > > need to change Tomcat to bind to port 443 (if that's allowed on your OS) > > or arrange to have port 443 routed to port 8443. You may need additional > > configuration in Tomcat (specifically: proxyPort) to avoid having Tomcat > > generate URLs with ":8443" in them. > > > > Looking forward to your reply. > > If Tomcat is listening on port 8443 then you will need to include that > in your URL, period. If you want to allow URLs without a port number, > you will have to arrange to have something listening on port 443. > > On Windows, Tomcat can listen directly on port 443. On UNIX and > UNIX-like systems, you won't be able to do this without running Tomcat > as root WHICH YOU ABSOLUTELY SHOULD NOT DO. > > There are other ways to get port 443 working, but I'll need to know more > about your environment. The port issue is "easier" than figuring out > whatever is going on with your DNS, aliases, etc. so I would recommend > we fix one thing at a time. > > -chris > > > On Mon, Apr 29, 2024 at 2:03 PM lavanya tech <lavanyatech...@gmail.com> > > wrote: > > > >> Hi Chris, > >> > >> There is no issues with browser, because I tested with different > browsers > >> and it all works fine. I am sure that there is no issue with the > >> certificate. > >> Because I was able to establish successful connections with port > 8443, it > >> just doesnot work with out port > >> > >> curl https://example.lbg.com/towl > >> curl: (56) Received HTTP code 504 from proxy after CONNECT > >> curl: (56) Received HTTP code 504 from proxy after CONNECT > >> > >> > >> If you want to use port 443 (the default port for HTTPS) then you will > >> need to change Tomcat to bind to port 443 (if that's allowed on your OS) > >> or arrange to have port 443 routed to port 8443. You may need additional > >> configuration in Tomcat (specifically: proxyPort) to avoid having Tomcat > >> generate URLs with ":8443" in them. > >> > >> <Connector port="443" protocol="HTTP/1.1" > >> connectionTimeout="20000" > >> redirectPort="8443" > >> maxThreads="150" > >> scheme="https" secure="true" SSLEnabled="true" > >> keystoreFile="path_to_your_keystore_file" > >> keystorePass="your_keystore_password" > >> keystoreType="PKCS12" > >> clientAuth="false" sslProtocol="TLS" > >> proxyPort="443"/> > >> > >> should i use connect port like the above ? But you mentioned before we > >> dont need any configuration changes. Please clarify I am not able to > figure > >> this out and I have this issue many days pending. How to make it work > with > >> port 8443 and with out port > >> > >> Also I wanted to use weburl with alias name permanently instead of the > >> hostname. How can I achieve both > >> > >> Thanks, > >> Lavanya > >> > >> > >> --> > >> > >> > >> On Fri, Apr 26, 2024 at 9:28 PM Christopher Schultz < > >> ch...@christopherschultz.net> wrote: > >> > >>> Lavanya, > >>> > >>> On 4/25/24 07:24, lavanya tech wrote: > >>>> Hi Chris, > >>>> > >>>> One question / doubt: > >>>> > >>>> As I mentioned earlier, the below URLS already working in the browser > >>>>> https://server.lbg.com:8443/towl > >>>>> https://example.lbg.com:8443/towl -> redirect ( which means when I > >>> hit in > >>>> browser) it points to https://server.lbg.com:8443/towl ---> To be > >>> frank, > >>>> even I donot need redirect here, not sure why it redirects. > >>>> > >>>> My question is why its working even though SAN is not registered with > >>> the > >>>> certificate ? It doesnot even throw warning in the browser. > >>> > >>> I'm not sure. Is it possible you have dismissed this error in the past > >>> and the browser is remembering that? Try this with a different web > >>> browser or maybe with curl from the command-line to see what happens. > >>> > >>>> Why https://server.lbg.com/towl or https://example.lbg.com/towl --> > >>> How it > >>>> should work with New SAN certificate ? > >>> > >>> You don't need to worry about the port number or application name, only > >>> the hostname is a part of the SAN. > >>> > >>> -chris > >>> > >>>> On Thu, Apr 25, 2024 at 10:16 AM lavanya tech < > lavanyatech...@gmail.com > >>>> > >>>> wrote: > >>>> > >>>>> Hi Chris, > >>>>> > >>>>> > >>>>> Thanks I will request new certificate with SANs and I will try to fix > >>> the > >>>>> things from our end. > >>>>> > >>>>> Best Regards, > >>>>> Lavanya > >>>>> > >>>>> On Wed, Apr 24, 2024 at 11:12 PM Christopher Schultz < > >>>>> ch...@christopherschultz.net> wrote: > >>>>> > >>>>>> Lavanya, > >>>>>> > >>>>>> On 4/24/24 15:39, lavanya tech wrote: > >>>>>>> Local host means the machine i am logged in to server.lbg.com > >>>>>>> > >>>>>>> You are right, example.lbg.com is CNAME record. > >>>>>> > >>>>>> Okay, thanks for clearing that up. > >>>>>> > >>>>>>> I dont have any SAN configured for the certificate. The certificate > >>> is > >>>>>>> requested for only server.lbg.com > >>>>>> > >>>>>> You will never be able to make a secure request to anything other > than > >>>>>> server.lbg.com without seeing an error. I highly recommend adding > the > >>>>>> other hostname as a SAN to your certificate if you really want to > >>>>>> support this. > >>>>>> > >>>>>> Even if you wanted https://example.lbg.com/whatever to return an > HTTP > >>>>>> 302 redirect to https://server.lbg.com/whatever, the user would > see a > >>>>>> certificate hostname mismatch error which is ugly. It's best to make > >>> it > >>>>>> work without users seeing ugly things. > >>>>>> > >>>>>>> So if i just request new certificate with SAN it should work ? If > >>> yes, I > >>>>>>> will request for it and follow your steps as below suggested. > >>>>>> > >>>>>> Yes, it should. > >>>>>> > >>>>>>> Should i use CName record or DNS? Does it make difference? > >>>>>> > >>>>>> CNAME *is* DNS. > >>>>>> > >>>>>> Whenever possible, use hostnames and not IP addresses as SANs. It's > >>> more > >>>>>> flexible that way, and users get to see hostnames instead of IP > >>> addresses. > >>>>>> > >>>>>> -chris > >>>>>> > >>>>>>> On Wednesday, April 24, 2024, Christopher Schultz < > >>>>>>> ch...@christopherschultz.net> wrote: > >>>>>>> > >>>>>>>> Lavanya, > >>>>>>>> > >>>>>>>> On 4/24/24 07:37, lavanya tech wrote: > >>>>>>>> > >>>>>>>>> Sorry I understood wrongly here with regards to my environment, > >>> Let me > >>>>>>>>> start from the beginning. I donot want to use redirect at all. I > >>>>>> simply > >>>>>>>>> wanted to force apache tomcat to use both localhost and dns name > of > >>>>>> the > >>>>>>>>> localhost via url. > >>>>>>>>> > >>>>>>>> > >>>>>>>> When you say "force" what do you mean? > >>>>>>>> > >>>>>>>> When you say "use both localhost and DNS name" what do you mean? > >>>>>>>> > >>>>>>>> When you say "localhost" do you mean 127.0.0.1 or "the machine I'm > >>>>>>>> logged-into right now"? > >>>>>>>> > >>>>>>>> I have DNS resollution as below. > >>>>>>>>> > >>>>>>>>> server.lbg.com --> localhost > >>>>>>>>> > >>>>>>>> > >>>>>>>> Is that a CNAME record? > >>>>>>>> > >>>>>>>> nslookup server.lbg.com (localhost) > >>>>>>>>> Name: server.lbg.com > >>>>>>>>> Address: 192.168.100.20 > >>>>>>>>> alias: example.lbg.com > >>>>>>>>> > >>>>>>>> > >>>>>>>> That's a weird DNS response. The DNS name "localhost" should > >>> *always* > >>>>>>>> return 127.0.0.1 for IPv4 and ::1 for IPv6. It shouldn't return > >>>>>>>> 191.168.100.20. > >>>>>>>> > >>>>>>>> We have working the below urls working: > >>>>>>>>> https://server.lbg.com:8443/towl > >>>>>>>>> https://example.lbg.com:8443/towl --> redirects to > >>>>>>>>> > >>>>>>>> > >>>>>>>> What do you mean "redirect"? Does it return a 30x response that > >>> causes > >>>>>> the > >>>>>>>> browser to make a new request to \/ > >>>>>>>> > >>>>>>>> https://server.lbg.com:8443/towl --> still works --> we have SSL > >>>>>>>>> configured for the same but this SSL certificate doesnot have > >>>>>> additional > >>>>>>>>> DNS setup. > >>>>>>>>> > >>>>>>>> > >>>>>>>> What SANs are in your certificate? How many certificates do you > >>> have? > >>>>>>>> > >>>>>>>> But I would need to somehow access https://example.lbg.com --> > >>> which > >>>>>>>>> means > >>>>>>>>> I would need to access via 443 here ? > >>>>>>>>> > >>>>>>>> > >>>>>>>> I'm so confused. What needs to access what? > >>>>>>>> > >>>>>>>> I tried to adding the below to server.xml as below, but that > >>> doesnot > >>>>>> seems > >>>>>>>>> to work. > >>>>>>>>> > >>>>>>>>> <Connector port="80" > >>>>>>>>> protocol="org.apache.coyote.http11.Http11NioProtocol" > >>>>>>>>> connectionTimeout="20000" > >>>>>>>>> redirectPort="443" /> > >>>>>>>>> > >>>>>>>> > >>>>>>>> This will only redirect (HTTP 302) requests to > >>>>>> http://yourhost/anything > >>>>>>>> to https://yourhost/anything *if the application specifically > >>> requests > >>>>>>>> CONFIDENTIAL transport*. It doesn't just redirect everything by > >>>>>> default. If > >>>>>>>> you want it to redirect everything, you'll need to set that up > e.g. > >>>>>> using > >>>>>>>> RewriteValve. There are other options, too. > >>>>>>>> > >>>>>>>> Do i need additional SSL certificate for the > >>> https://example.lbg.com > >>>>>> to > >>>>>>>>> make it work ? > >>>>>>>>> > >>>>>>>> > >>>>>>>> If you don't want your browser to complain, you will need at least > >>> one > >>>>>> TLS > >>>>>>>> certificate that contains every Subject Alternative Name (SAN) for > >>>>>> every > >>>>>>>> possible hostname you expect to use with this service. You ca do > it > >>>>>> with > >>>>>>>> multiple certificates as well, but a single cert with multiple > SANs > >>> is > >>>>>> less > >>>>>>>> work. > >>>>>>>> > >>>>>>>> Do i need to set up an additional web server for this like apache > or > >>>>>> nginx > >>>>>>>>> for redirecting requests? > >>>>>>>>> > >>>>>>>> > >>>>>>>> No. > >>>>>>>> > >>>>>>>> Please stop saying "redirect" because it sounds like you almost > >>> never > >>>>>> mean > >>>>>>>> "HTTP 30x redirect" and that's confusing everything. > >>>>>>>> > >>>>>>>> I *think* you only need the following: > >>>>>>>> > >>>>>>>> 1. A TLS certificate with the following SANs: > >>>>>>>> > >>>>>>>> * server.lbg.com > >>>>>>>> * example.lbg.com > >>>>>>>> * localhost (you shouldn't do this) > >>>>>>>> > >>>>>>>> 2. DNS configured for all hostnames: > >>>>>>>> > >>>>>>>> * server.lbg.com -> A 192.168.100.20 > >>>>>>>> * example.lgb.com -> A 192.168.100.20 > >>>>>>>> > >>>>>>>> 3. Tomcat configured with a single <Host> which is the default > >>> virtual > >>>>>>>> host. Note that this is the *default Tomcat configuration* and > >>> doesn't > >>>>>> need > >>>>>>>> to be changed from the default. > >>>>>>>> > >>>>>>>> 4. Tomcat configured with your certificate like this: > >>>>>>>> > >>>>>>>> <Connector ... > >>>>>>>> SSLEnabled="true"> > >>>>>>>> <SSLHostConfig> > >>>>>>>> <Certificate > >>>>>>>> certificateFile="/path/to/your/cert.crt" > >>>>>>>> certificateKeyFile="/path/to/your/key.pem" /> > >>>>>>>> <!-- You may need certificateKeyPassword in > <Certificate> > >>> --> > >>>>>>>> </SSLHostConfig> > >>>>>>>> </Connector> > >>>>>>>> > >>>>>>>> If your SANs are configured properly, this should allow you to > >>> connect > >>>>>>>> using any of these URLs: > >>>>>>>> > >>>>>>>> $ curl https://server.lbg.com/towl/login.jsp > >>>>>>>> > >>>>>>>> (returns login page) > >>>>>>>> > >>>>>>>> $ curl https://example.lbg.com/towl/login.jsp > >>>>>>>> > >>>>>>>> (returns login page) > >>>>>>>> > >>>>>>>> If your application's web.xml contains something like this: > >>>>>>>> > >>>>>>>> <security-constraint> > >>>>>>>> <web-resource-collection> > >>>>>>>> <web-resource-name>theapp</web-resource-name> > >>>>>>>> <url-pattern>/*</url-pattern> > >>>>>>>> </web-resource-collection> > >>>>>>>> <user-data-constraint> > >>>>>>>> <transport-guarantee>CONFIDENTIAL</transport-guarantee> > >>>>>>>> </user-data-constraint> > >>>>>>>> </security-constraint> > >>>>>>>> > >>>>>>>> ... then these URLs insecure HTTP URLs should redirect your > clients: > >>>>>>>> > >>>>>>>> $ curl http://server.lbg.com/towl/login.jsp > >>>>>>>> > >>>>>>>> (returns HTTP 302 redirect to > >>> https://server.lbg.com/towl/login.jsp > >>>>>> ) > >>>>>>>> > >>>>>>>> $ curl https://server.lbg.com/towl/login.jsp > >>>>>>>> > >>>>>>>> (returns HTTP 302 redirect to > >>>>>> https://example.lbg.com/towl/login.jsp) > >>>>>>>> > >>>>>>>> I don't think you need any use of the RewriteValve unless you want > >>> to > >>>>>>>> handle sending HTTP 302 redirect responses to insecure requests > >>> without > >>>>>>>> specifying the CONFIDENTIAL transport-guarantee in your > >>> application's > >>>>>>>> web.xml file. But I don't see any reason NOT to have that in > there. > >>>>>>>> > >>>>>>>> -chris > >>>>>>>> > >>>>>>>> On Tue, Apr 23, 2024 at 10:52 PM Christopher Schultz < > >>>>>>>>> ch...@christopherschultz.net> wrote: > >>>>>>>>> > >>>>>>>>> Lavanya, > >>>>>>>>>> > >>>>>>>>>> On 4/22/24 05:21, lavanya tech wrote: > >>>>>>>>>> > >>>>>>>>>>> Could you please explain, what you exactly mean ? So here > >>> redirect > >>>>>> is > >>>>>>>>>>> > >>>>>>>>>> not a > >>>>>>>>>> > >>>>>>>>>>> solution right ? > >>>>>>>>>>> > >>>>>>>>>> > >>>>>>>>>> Redirecting is fine. > >>>>>>>>>> > >>>>>>>>>> Perhaps you should take a step back and decide: what do you > >>> actually > >>>>>>>>>> want, here? You might be trying to solve problem X by applying > >>>>>> solution > >>>>>>>>>> Y, and you've already decided that solution Y is correct so you > >>> are > >>>>>>>>>> trying to get help with that. > >>>>>>>>>> > >>>>>>>>>> Perhaps ask for help with Problem X? > >>>>>>>>>> > >>>>>>>>>> For example, "I don't want users to have to type the name of my > >>>>>>>>>> application to reach it so I want example.com/ to go to my > >>>>>> application > >>>>>>>>>> instead of example.com/myapp/". > >>>>>>>>>> > >>>>>>>>>> Or, "I have multiple domains and I want all of them to redirect > to > >>>>>> the > >>>>>>>>>> canonical domain example.com and to go to me web application > >>> /myapp > >>>>>> so > >>>>>>>>>> everything goes to example.com/myapp/". > >>>>>>>>>> > >>>>>>>>>> "You'd have to use a glob/regex if > >>>>>>>>>>> you wanted to check for [anything and maybe nothing.] > example.com > >>> ." > >>>>>>>>>>> > >>>>>>>>>> > >>>>>>>>>> There is nothing in your configuration or question that suggests > >>> that > >>>>>>>>>> the hostname in the request is relevant, but you are making it a > >>>>>>>>>> *requirement* that the request contains a specific Host header. > IF > >>>>>> you > >>>>>>>>>> don't actually need that, why do you have it? > >>>>>>>>>> > >>>>>>>>>> -chris > >>>>>>>>>> > >>>>>>>>>> On Fri, Apr 19, 2024 at 3:03 PM Christopher Schultz < > >>>>>>>>>>> ch...@christopherschultz.net> wrote: > >>>>>>>>>>> > >>>>>>>>>>> Ammu, > >>>>>>>>>>>> > >>>>>>>>>>>> On 4/19/24 08:32, lavanya tech wrote: > >>>>>>>>>>>> > >>>>>>>>>>>>> Thank you very much. I removed <Host> for example.com as > well > >>> as > >>>>>>>>>>>>> > >>>>>>>>>>>> adding > >>>>>>>>>> > >>>>>>>>>>> an > >>>>>>>>>>>> > >>>>>>>>>>>>> <Alias> in server.xml > >>>>>>>>>>>>> I copied context.xml file > >>>>>>>>>>>>> > >>> /git/app/apache-tomcat-10.1.11/webapps/towl/META-INF/context.xml > >>>>>>>>>>>>> Removed < in rewrite.config files. > >>>>>>>>>>>>> > >>>>>>>>>>>>> But still I dont redirect the URL. > >>>>>>>>>>>>> > >>>>>>>>>>>> > >>>>>>>>>>>> If you have <Context> in server.xml and also your application > in > >>>>>> the > >>>>>>>>>>>> webapps/ directory, then you will be double-deploying your > >>>>>> application. > >>>>>>>>>>>> > >>>>>>>>>>>> Re-name /git/app/apache-tomcat-10.1.11/webapps/towl/ to be > >>>>>>>>>>>> /git/app/apache-tomcat-10.1.11/webapps/ROOT (the capitals are > >>>>>>>>>>>> important) > >>>>>>>>>>>> and remove the <Context> element from your server.xml. > >>>>>>>>>>>> > >>>>>>>>>>>> Then start your server and read the logs. > >>>>>>>>>>>> > >>>>>>>>>>>> *nslookup alias.example.com <http://alias.example.com> > >>>>>>>>>>>>> gives-->Non-authoritative answer:Name: www.example.com > >>>>>>>>>>>>> <http://www.example.com>Address: 192.168.200.10Aliases: > >>>>>>>>>>>>> > >>>>>>>>>>>> alias.example.com > >>>>>>>>>>>> > >>>>>>>>>>>>> <http://alias.example.com>* > >>>>>>>>>>>>> > >>>>>>>>>>>>> > >>>>>>>>>>>>> Just to give some information here, *www.example.com > >>>>>>>>>>>>> <http://www.example.com>* has alias* "alias.example.com > >>>>>>>>>>>>> <http://alias.example.com>"* > >>>>>>>>>>>>> But https://www.example.com:7777/example --> works fine with > >>> out > >>>>>>>>>>>>> > >>>>>>>>>>>> issues > >>>>>>>>>> > >>>>>>>>>>> but > >>>>>>>>>>>> > >>>>>>>>>>>>> the alias doesnot works (https://alias.example.com) > >>>>>>>>>>>>> So i am not sure if the redirect url helps or if its correct > >>>>>>>>>>>>> > >>>>>>>>>>>> > >>>>>>>>>>>> Your rewrite configuration says that you have to be using host > >>>>>>>>>>>> "example.com" but your request goes to www.example.com. Your > >>>>>>>>>>>> configuration should only redirect a request such as: > >>>>>>>>>>>> > >>>>>>>>>>>> $ curl -v http://example.com:7777/something > >>>>>>>>>>>> > >>>>>>>>>>>> HTTP/1.1 301 Moved Permanently > >>>>>>>>>>>> ... > >>>>>>>>>>>> Location: https://www.example.com:7777/example > >>>>>>>>>>>> > >>>>>>>>>>>> If you make a request like: > >>>>>>>>>>>> > >>>>>>>>>>>> $ curl -v http://www.example.com:7777/something > >>>>>>>>>>>> > >>>>>>>>>>>> I wouldn't expect a redirect because of your "host" condition. > >>> The > >>>>>>>>>>>> "%{HTTP_HOST} example.com" looks at the entire Host header > and > >>> not > >>>>>>>>>>>> just > >>>>>>>>>>>> anything that ends in "example.com". You'd have to use a > >>>>>> glob/regex if > >>>>>>>>>>>> you wanted to check for [anything and maybe nothing.] > >>> example.com. > >>>>>>>>>>>> > >>>>>>>>>>>> You'd also have to make sure that your application is serving > >>>>>> responses > >>>>>>>>>>>> to requests to / which is why I'm recommending you use the > ROOT > >>> web > >>>>>>>>>>>> application name instead of "towl". > >>>>>>>>>>>> > >>>>>>>>>>>> -chris > >>>>>>>>>>>> > >>>>>>>>>>>> On Fri, Apr 19, 2024 at 1:21 PM Christopher Schultz < > >>>>>>>>>>>>> ch...@christopherschultz.net> wrote: > >>>>>>>>>>>>> > >>>>>>>>>>>>> Ammu, > >>>>>>>>>>>>>> > >>>>>>>>>>>>>> On 4/18/24 09:34, lavanya tech wrote: > >>>>>>>>>>>>>> > >>>>>>>>>>>>>>> I am attaching server.xml and context.xml and > rewrite.config > >>>>>> files. > >>>>>>>>>>>>>>> The paths are > >>>>>>>>>>>>>>> > >>>>>>>>>>>>>>> /git/app/apache-tomcat-10.1.11/webapps/towl/context.xml > >>>>>>>>>>>>>>> <Context> > >>>>>>>>>>>>>>> <Valve > >>>>>>>>>>>>>>> > >>>>>>>>>>>>>> className="org.apache.catalina.valves.rewrite.RewriteValve" > >>>>>>>>>>>> > >>>>>>>>>>>>> /> > >>>>>>>>>>>>>> > >>>>>>>>>>>>>>> <!-- Other context configuration --> > >>>>>>>>>>>>>>> </Context> > >>>>>>>>>>>>>>> > >>>>>>>>>>>>>> > >>>>>>>>>>>>>> This file ^^^ is in the wrong place. It should be in > >>>>>>>>>>>>>> > >>> /git/app/apache-tomcat-10.1.11/webapps/towl/META-INF/context.xml > >>>>>>>>>>>>>> > >>>>>>>>>>>>>> > >>>>>> /git/app/apache-tomcat-10.1.11/webapps/towl/WEB-INF/rewrite.config > >>>>>>>>>>>>>>> > >>>>>>>>>>>>>>> <RewriteCond %{HTTP_HOST} example.com [NC] > >>>>>>>>>>>>>>> <RewriteRule ^/(.*)$ https://www.example.com:7777/example > >>>>>> [R=301,L] > >>>>>>>>>>>>>>> > >>>>>>>>>>>>>> > >>>>>>>>>>>>>> Why do you have < symbols at the beginning of these lines? > >>>>>>>>>>>>>> > >>>>>>>>>>>>>> server.xml > >>>>>>>>>>>>>>> > >>>>>>>>>>>>>>> > [...] > >>>>>>>>>>>>>> > >>>>>>>>>>>>>>> > >>>>>>>>>>>>>>> <Host name="example.com" appBase="webapps" > >>>>>>>>>>>>>>> > >>>>>>>>>>>>>> unpackWARs="true" > >>>>>>>>>> > >>>>>>>>>>> autoDeploy="true"> > >>>>>>>>>>>>>>> <Context path="" docBase="towl" /> > >>>>>>>>>>>>>>> > >>>>>>>>>>>>>> > >>>>>>>>>>>>>> It's best not to define any <Context> in server.xml. I would > >>>>>> remove > >>>>>>>>>>>>>> > >>>>>>>>>>>>> this > >>>>>>>>>> > >>>>>>>>>>> <Context> entirely and allow Tomcat to auto-reploy from your > >>>>>>>>>>>>>> webapps/towl directory. If you need this application to be > >>>>>> deployed > >>>>>>>>>>>>>> as > >>>>>>>>>>>>>> the ROOT context (on / and not /towl) then you should > re-name > >>>>>>>>>>>>>> /git/app/apache-tomcat-10.1.11/webapps/towl to > >>>>>>>>>>>>>> /git/app/apache-tomcat-10.1.11/webapps/ROOT > >>>>>>>>>>>>>> > >>>>>>>>>>>>>> You also don't need a <Host> for example.com as well as > >>> adding > >>>>>> an > >>>>>>>>>>>>>> <Alias> for the same domain (though this is probably to > >>>>>> anonymize the > >>>>>>>>>>>>>> configuration). You can feel free to simply use the > >>> "localhost" > >>>>>>>>>>>>>> <Host> > >>>>>>>>>>>>>> as the default <Host> and deploy everything into it. This > >>> makes > >>>>>> your > >>>>>>>>>>>>>> configuration changes relative to a stock Tomcat less > >>>>>> significant and > >>>>>>>>>>>>>> easier to apply to new versions if/when necessary. > >>>>>>>>>>>>>> > >>>>>>>>>>>>>> -chris > >>>>>>>>>>>>>> > >>>>>>>>>>>>>> On Thu, Apr 18, 2024 at 2:17 PM Christopher Schultz < > >>>>>>>>>>>>>>> ch...@christopherschultz.net> wrote: > >>>>>>>>>>>>>>> > >>>>>>>>>>>>>>> Ammu, > >>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>> On 4/18/24 07:45, lavanya tech wrote: > >>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>> I added classname rewrite valeus in contex.xml file . > >>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>> <!-- REWRITE VALVE --> > >>>>>>>>>>>>>>>>> <Valve > >>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>> > className="org.apache.catalina.valves.rewrite.RewriteValve" > >>>>>>>>>>>>>> > >>>>>>>>>>>>>>> /> > >>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>> <!-- // --> > >>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>> created rewrite.config so both of them is located under > >>> conf > >>>>>>>>>>>>>>>>> under > >>>>>>>>>>>>>>>>> apache-tomcat. > >>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>> <RewriteCond %{HTTP_HOST} > >>>>>> example.com > >>>>>>>>>>>>>>>>> [NC] > >>>>>>>>>>>>>>>>> <RewriteRule ^/(.*)$ > >>>>>>>>>>>>>>>>> https://www.example.com:7777/example [R=301,L] > >>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>> So according to the documentaion they say context.xml > >>> should > >>>>>> be > >>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>> placed > >>>>>>>>>>>> > >>>>>>>>>>>>> under webapps and rewrite.config file should be put in > WEB-INF > >>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>> folder > >>>>>>>>>> > >>>>>>>>>>> of > >>>>>>>>>>>>>> > >>>>>>>>>>>>>>> apache-tomcat . I placed and restarted tomcat webserver but > >>>>>> still > >>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>> it > >>>>>>>>>> > >>>>>>>>>>> doesnot redirect. > >>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>> Can you give full paths to both server.xml and > >>> rewrite.config, > >>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>> re-post > >>>>>>>>>> > >>>>>>>>>>> your current server.xml <Context> element, and the complete > >>> contents > >>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>> of > >>>>>>>>>>>> > >>>>>>>>>>>>> rewrite.config? > >>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>> Have you looked at the log files after start? > >>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>> -chris > >>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>> On Thu, Apr 18, 2024 at 1:36 PM lavanya tech < > >>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>> lavanyatech...@gmail.com > >>>>>>>>>>>> > >>>>>>>>>>>>> > >>>>>>>>>>>>>>> wrote: > >>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>> Hi Thomas, > >>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>> Thanks for the fast response. > >>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>> I added classname rewrite valeus in contex.xml file . > >>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>> <!-- REWRITE VALVE --> > >>>>>>>>>>>>>>>>>> <Valve > >>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>> > className="org.apache.catalina.valves.rewrite.RewriteValve" > >>>>>>>>>>>>>> > >>>>>>>>>>>>>>> /> > >>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>> <!-- // --> > >>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>> created rewrite.config so both of them is located under > >>> conf > >>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>> under > >>>>>>>>>> > >>>>>>>>>>> apache-tomcat. > >>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>> So according to the documentaion they say context.xml > >>> should > >>>>>> be > >>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>> placed > >>>>>>>>>>>> > >>>>>>>>>>>>> under webapps and rewrite.config file should be put in > WEB-INF > >>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>> folder > >>>>>>>>>>>> > >>>>>>>>>>>>> of > >>>>>>>>>>>>>> > >>>>>>>>>>>>>>> apache-tomcat > >>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>> Thnks, > >>>>>>>>>>>>>>>>>> Ammu > >>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>> On Thu, Apr 18, 2024 at 1:22 PM Mark Thomas < > >>>>>> ma...@apache.org> > >>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>> wrote: > >>>>>>>>>>>> > >>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>> On 18/04/2024 12:05, lavanya tech wrote: > >>>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>>>> Hi Team, > >>>>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>>>> I am using "Tomcat 10.1" in our environment and I > >>> wanted to > >>>>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>>> redirect > >>>>>>>>>>>> > >>>>>>>>>>>>> url > >>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>> from https://example.com to https://www.servercom:7777 > and > >>>>>> for > >>>>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>>> this i > >>>>>>>>>>>>>> > >>>>>>>>>>>>>>> modified the server.xml as below in tomcat config, and the > >>> below > >>>>>>>>>>>>>>>>>>>> configuration doesnot seems to work. Does anyone has > >>> ideas. > >>>>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>>> Please > >>>>>>>>>> > >>>>>>>>>>> suggest. > >>>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>>>> The url alone https://www.servercom:7777/ already > >>> works. > >>>>>> But > >>>>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>>> just > >>>>>>>>>> > >>>>>>>>>>> redirection from the old to one doesnot. > >>>>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>>>> <Host name="example.com" appBase="app" > >>> unpackWARs="true" > >>>>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>>> autoDeploy="true"> > >>>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>>>> <Context path="" docBase="example" /> > >>>>>>>>>>>>>>>>>>>> <Alias>example.com</Alias> > >>>>>>>>>>>>>>>>>>>> <!-- Add RewriteValve and RewriteRule > here > >>> --> > >>>>>>>>>>>>>>>>>>>> <Valve > >>>>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>>> > >>>>>> className="org.apache.catalina.valves.rewrite.RewriteValve"/> > >>>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>>>> <Engine name="Catalina" > >>> defaultHost="localhost"> > >>>>>>>>>>>>>>>>>>>> <Host name="example.com" > appBase="app" > >>>>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>>> unpackWARs="true" > >>>>>>>>>>>> > >>>>>>>>>>>>> autoDeploy="true"> > >>>>>>>>>>>>>>>>>>>> <Context path="" > docBase="example" > >>> /> > >>>>>>>>>>>>>>>>>>>> <Alias>example.com</Alias> > >>>>>>>>>>>>>>>>>>>> <Valve > >>>>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>>> > >>>>>> className="org.apache.catalina.valves.rewrite.RewriteValve"/> > >>>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>>>> <Engine name="Catalina" > >>>>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>>> defaultHost="localhost"> > >>>>>>>>>> > >>>>>>>>>>> <Host name="example.com" > appBase="app" > >>>>>>>>>>>>>>>>>>>> unpackWARs="true" autoDeploy="true"> > >>>>>>>>>>>>>>>>>>>> <Context path="" > >>>>>> docBase="example" /> > >>>>>>>>>>>>>>>>>>>> <Alias>example.com > </Alias> > >>>>>>>>>>>>>>>>>>>> <!-- Rewrite rule to > >>> redirect to > >>>>>>>>>>>>>>>>>>>> www.servercom:8080/example --> > >>>>>>>>>>>>>>>>>>>> <RewriteCond %{HTTP_HOST} > >>>>>>>>>>>>>>>>>>>> example\.com > >>>>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>>> [NC] > >>>>>>>>>>>> > >>>>>>>>>>>>> <RewriteRule ^/(.*)$ > >>>>>>>>>>>>>>>>>>>> https://www.servercom:7777/example/$1 [R=301,L] > >>>>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>>> 1. That isn't valid XML. > >>>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>>> 2. Where in the Tomcat docs does it say you can nest > >>>>>> re-write > >>>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>> rules > >>>>>>>>>> > >>>>>>>>>>> in > >>>>>>>>>>>>>> > >>>>>>>>>>>>>>> a > >>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>> Host element (or any other element)? > >>>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>>> </Host> > >>>>>>>>>>>>>>>>>>>> </Engine> > >>>>>>>>>>>>>>>>>>>> </Host> > >>>>>>>>>>>>>>>>>>>> </Engine> > >>>>>>>>>>>>>>>>>>>> </Host> > >>>>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>>> You need to configure the RewriteValve. > >>>>>>>>>>>>>>>>>>> https://tomcat.apache.org/tomcat-10.1-doc/rewrite.html > >>>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>>> Mark > >>>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>>> > >>> ------------------------------------------------------------ > >>>>>>>>>>>> --------- > >>>>>>>>>>>> > >>>>>>>>>>>>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > >>>>>>>>>>>>>>>>>>> For additional commands, e-mail: > >>>>>> users-h...@tomcat.apache.org > >>>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>> > ------------------------------------------------------------ > >>>>>>>>>> --------- > >>>>>>>>>> > >>>>>>>>>>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > >>>>>>>>>>>>>>>> For additional commands, e-mail: > >>> users-h...@tomcat.apache.org > >>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>> > >>>>>>>>>>>>>> ------------------------------------------------------------ > >>>>>>>>>>>>>> --------- > >>>>>>>>>>>>>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > >>>>>>>>>>>>>> For additional commands, e-mail: > users-h...@tomcat.apache.org > >>>>>>>>>>>>>> > >>>>>>>>>>>>>> > >>>>>>>>>>>>>> > >>>>>>>>>>>>> > >>>>>>>>>>>> > >>>>>> > --------------------------------------------------------------------- > >>>>>>>>>>>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > >>>>>>>>>>>> For additional commands, e-mail: users-h...@tomcat.apache.org > >>>>>>>>>>>> > >>>>>>>>>>>> > >>>>>>>>>>>> > >>>>>>>>>>> > >>>>>>>>>> > >>> --------------------------------------------------------------------- > >>>>>>>>>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > >>>>>>>>>> For additional commands, e-mail: users-h...@tomcat.apache.org > >>>>>>>>>> > >>>>>>>>>> > >>>>>>>>>> > >>>>>>>>> > >>>>>>>> > >>> --------------------------------------------------------------------- > >>>>>>>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > >>>>>>>> For additional commands, e-mail: users-h...@tomcat.apache.org > >>>>>>>> > >>>>>>>> > >>>>>>> > >>>>>> > >>>>>> > --------------------------------------------------------------------- > >>>>>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > >>>>>> For additional commands, e-mail: users-h...@tomcat.apache.org > >>>>>> > >>>>>> > >>>> > >>> > >>> --------------------------------------------------------------------- > >>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > >>> For additional commands, e-mail: users-h...@tomcat.apache.org > >>> > >>> > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > >