On 22 September 2016 15:43:47 BST, Mike Johnson <mike.john...@nosm.ca> wrote:
>I did a little more testing and it seems that only the Tomcat
>Manager/Server (a.k.a. the logged in areas) of the default Tomcat
>is acting this way. This is perhaps why I thought it was working on
>My web apps are working as I expected them to, redirecting all traffic
>the appropriate https url.
>So, this may be a simpler question now: Can anyone explain to me what
>happening in the Tomcat manager?
>Tomcat manager's user prompt seems to override the switch of protocol.
>to http://localhost/manager/html, never kicks me over to https)
>Also, once I'm logged into the manager app, if I remove the 's' on
>and hit enter, it reprompts for a login, and let's me into http.
>If I continue on in the same session, I can actually use http with
>seemingly using both sessions I've created :P really messed up.
>Anyway, this isn't overly important as none of our admins will log into
>manager remotely, so ssl into manager isn't required. It also seems to
>fine with the webapp, which is the main goal.
>On Thu, Sep 22, 2016 at 10:18 AM, Mike Johnson <mike.john...@nosm.ca>
>> I'm clearly misunderstanding how to do this, but I can't seem to find
>> appropriate documentation to get me to my goal.
>> My goal is to have any http request directed to the https equivilant.
>> On Tomcat 6, I was able to get it working, but something in my config
>> different, or tomcat 8 has changed slightly enough that what I was
>doing on
>> 6 doesn't work on 8.
>> I'm assuming it's the first, so digging through and comparing all my
>> config. While I do that, I'm hoping a message here may point me in
>> right direction.
>> I've setup my 80 connector to redirect like so:
>> <Connector port="80"
>>                protocol="HTTP/1.1"
>>                connectionTimeout="20000"
>>                redirectPort="443" />
>> I've setup my 443 connector like so:
>>     <Connector port="443"
>>                maxThreads="1024" minSpareThreads="25"
>>                enableLookups="false" disableUploadTimeout="true"
>>                acceptCount="101" debug="0"
>>                SSLEnabled="true"
>>                scheme="https"
>>                secure="true"
>>                clientAuth="false"
>>                sslProtocols="TLSv1,TLSv1.1,TLSv1.2"
>>                keystoreFile="my.pfx"
>>                keystoreType="pkcs12"
>>                keystorePass="passw0rd"
>>     />
>> I've also included the security constraint in my web.xml like this:
>> <security-constraint>
>> <web-resource-collection>
>> <web-resource-name>Protected Context</web-resource-name>
>> <url-pattern>/*</url-pattern>
>> </web-resource-collection>
>> <!-- auth-constraint goes here if you requre authentication -->
>> <user-data-constraint>
>> <transport-guarantee>CONFIDENTIAL</transport-guarantee>
>> </user-data-constraint>
>> </security-constraint>
>> I googled "http to https tomcat 8" and reviewed the top 10, and I
>> find anything different from the above either.
>> Any help would be appreciated. I am admittedly a hacker at this, and
>> fully understand all the various config files with tomcat yet...
>> Thanks!
>> Mike.
>> --
>> Mike Johnson
>> Datatel Programmer/Analyst
>> Northern Ontario School of Medicine
>> 955 Oliver Road
>> Thunder Bay, ON   P7B 5E1
>> Phone: (807) 766-7331
>> Email: mike.john...@nosm.ca

Exactly which web.xml file(s) did you edit?


To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Reply via email to