Lavanya,
On 4/24/24 07:37, lavanya tech wrote:
Sorry I understood wrongly here with regards to my environment, Let me
start from the beginning. I donot want to use redirect at all. I simply
wanted to force apache tomcat to use both localhost and dns name of the
localhost via url.
When you say "force" what do you mean?
When you say "use both localhost and DNS name" what do you mean?
When you say "localhost" do you mean 127.0.0.1 or "the machine I'm
logged-into right now"?
I have DNS resollution as below.
server.lbg.com --> localhost
Is that a CNAME record?
nslookup server.lbg.com (localhost)
Name: server.lbg.com
Address: 192.168.100.20
alias: example.lbg.com
That's a weird DNS response. The DNS name "localhost" should *always*
return 127.0.0.1 for IPv4 and ::1 for IPv6. It shouldn't return
191.168.100.20.
We have working the below urls working:
https://server.lbg.com:8443/towl
https://example.lbg.com:8443/towl --> redirects to
What do you mean "redirect"? Does it return a 30x response that causes
the browser to make a new request to \/
https://server.lbg.com:8443/towl --> still works --> we have SSL
configured for the same but this SSL certificate doesnot have additional
DNS setup.
What SANs are in your certificate? How many certificates do you have?
But I would need to somehow access https://example.lbg.com --> which means
I would need to access via 443 here ?
I'm so confused. What needs to access what?
I tried to adding the below to server.xml as below, but that doesnot seems
to work.
<Connector port="80"
protocol="org.apache.coyote.http11.Http11NioProtocol"
connectionTimeout="20000"
redirectPort="443" />
This will only redirect (HTTP 302) requests to http://yourhost/anything
to https://yourhost/anything *if the application specifically requests
CONFIDENTIAL transport*. It doesn't just redirect everything by default.
If you want it to redirect everything, you'll need to set that up e.g.
using RewriteValve. There are other options, too.
Do i need additional SSL certificate for the https://example.lbg.com to
make it work ?
If you don't want your browser to complain, you will need at least one
TLS certificate that contains every Subject Alternative Name (SAN) for
every possible hostname you expect to use with this service. You ca do
it with multiple certificates as well, but a single cert with multiple
SANs is less work.
Do i need to set up an additional web server for this like apache or nginx
for redirecting requests?
No.
Please stop saying "redirect" because it sounds like you almost never
mean "HTTP 30x redirect" and that's confusing everything.
I *think* you only need the following:
1. A TLS certificate with the following SANs:
* server.lbg.com
* example.lbg.com
* localhost (you shouldn't do this)
2. DNS configured for all hostnames:
* server.lbg.com -> A 192.168.100.20
* example.lgb.com -> A 192.168.100.20
3. Tomcat configured with a single <Host> which is the default virtual
host. Note that this is the *default Tomcat configuration* and doesn't
need to be changed from the default.
4. Tomcat configured with your certificate like this:
<Connector ...
SSLEnabled="true">
<SSLHostConfig>
<Certificate
certificateFile="/path/to/your/cert.crt"
certificateKeyFile="/path/to/your/key.pem" />
<!-- You may need certificateKeyPassword in <Certificate> -->
</SSLHostConfig>
</Connector>
If your SANs are configured properly, this should allow you to connect
using any of these URLs:
$ curl https://server.lbg.com/towl/login.jsp
(returns login page)
$ curl https://example.lbg.com/towl/login.jsp
(returns login page)
If your application's web.xml contains something like this:
<security-constraint>
<web-resource-collection>
<web-resource-name>theapp</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
... then these URLs insecure HTTP URLs should redirect your clients:
$ curl http://server.lbg.com/towl/login.jsp
(returns HTTP 302 redirect to https://server.lbg.com/towl/login.jsp)
$ curl https://server.lbg.com/towl/login.jsp
(returns HTTP 302 redirect to https://example.lbg.com/towl/login.jsp)
I don't think you need any use of the RewriteValve unless you want to
handle sending HTTP 302 redirect responses to insecure requests without
specifying the CONFIDENTIAL transport-guarantee in your application's
web.xml file. But I don't see any reason NOT to have that in there.
-chris
On Tue, Apr 23, 2024 at 10:52 PM Christopher Schultz <
ch...@christopherschultz.net> wrote:
Lavanya,
On 4/22/24 05:21, lavanya tech wrote:
Could you please explain, what you exactly mean ? So here redirect is
not a
solution right ?
Redirecting is fine.
Perhaps you should take a step back and decide: what do you actually
want, here? You might be trying to solve problem X by applying solution
Y, and you've already decided that solution Y is correct so you are
trying to get help with that.
Perhaps ask for help with Problem X?
For example, "I don't want users to have to type the name of my
application to reach it so I want example.com/ to go to my application
instead of example.com/myapp/".
Or, "I have multiple domains and I want all of them to redirect to the
canonical domain example.com and to go to me web application /myapp so
everything goes to example.com/myapp/".
"You'd have to use a glob/regex if
you wanted to check for [anything and maybe nothing.]example.com."
There is nothing in your configuration or question that suggests that
the hostname in the request is relevant, but you are making it a
*requirement* that the request contains a specific Host header. IF you
don't actually need that, why do you have it?
-chris
On Fri, Apr 19, 2024 at 3:03 PM Christopher Schultz <
ch...@christopherschultz.net> wrote:
Ammu,
On 4/19/24 08:32, lavanya tech wrote:
Thank you very much. I removed <Host> for example.com as well as
adding
an
<Alias> in server.xml
I copied context.xml file
/git/app/apache-tomcat-10.1.11/webapps/towl/META-INF/context.xml
Removed < in rewrite.config files.
But still I dont redirect the URL.
If you have <Context> in server.xml and also your application in the
webapps/ directory, then you will be double-deploying your application.
Re-name /git/app/apache-tomcat-10.1.11/webapps/towl/ to be
/git/app/apache-tomcat-10.1.11/webapps/ROOT (the capitals are important)
and remove the <Context> element from your server.xml.
Then start your server and read the logs.
*nslookup alias.example.com <http://alias.example.com>
gives-->Non-authoritative answer:Name: www.example.com
<http://www.example.com>Address: 192.168.200.10Aliases:
alias.example.com
<http://alias.example.com>*
Just to give some information here, *www.example.com
<http://www.example.com>* has alias* "alias.example.com
<http://alias.example.com>"*
But https://www.example.com:7777/example --> works fine with out
issues
but
the alias doesnot works (https://alias.example.com)
So i am not sure if the redirect url helps or if its correct
Your rewrite configuration says that you have to be using host
"example.com" but your request goes to www.example.com. Your
configuration should only redirect a request such as:
$ curl -v http://example.com:7777/something
HTTP/1.1 301 Moved Permanently
...
Location: https://www.example.com:7777/example
If you make a request like:
$ curl -v http://www.example.com:7777/something
I wouldn't expect a redirect because of your "host" condition. The
"%{HTTP_HOST} example.com" looks at the entire Host header and not just
anything that ends in "example.com". You'd have to use a glob/regex if
you wanted to check for [anything and maybe nothing.]example.com.
You'd also have to make sure that your application is serving responses
to requests to / which is why I'm recommending you use the ROOT web
application name instead of "towl".
-chris
On Fri, Apr 19, 2024 at 1:21 PM Christopher Schultz <
ch...@christopherschultz.net> wrote:
Ammu,
On 4/18/24 09:34, lavanya tech wrote:
I am attaching server.xml and context.xml and rewrite.config files.
The paths are
/git/app/apache-tomcat-10.1.11/webapps/towl/context.xml
<Context>
<Valve
className="org.apache.catalina.valves.rewrite.RewriteValve"
/>
<!-- Other context configuration -->
</Context>
This file ^^^ is in the wrong place. It should be in
/git/app/apache-tomcat-10.1.11/webapps/towl/META-INF/context.xml
/git/app/apache-tomcat-10.1.11/webapps/towl/WEB-INF/rewrite.config
<RewriteCond %{HTTP_HOST} example.com [NC]
<RewriteRule ^/(.*)$ https://www.example.com:7777/example [R=301,L]
Why do you have < symbols at the beginning of these lines?
server.xml
> [...]
<Host name="example.com" appBase="webapps"
unpackWARs="true"
autoDeploy="true">
<Context path="" docBase="towl" />
It's best not to define any <Context> in server.xml. I would remove
this
<Context> entirely and allow Tomcat to auto-reploy from your
webapps/towl directory. If you need this application to be deployed as
the ROOT context (on / and not /towl) then you should re-name
/git/app/apache-tomcat-10.1.11/webapps/towl to
/git/app/apache-tomcat-10.1.11/webapps/ROOT
You also don't need a <Host> for example.com as well as adding an
<Alias> for the same domain (though this is probably to anonymize the
configuration). You can feel free to simply use the "localhost" <Host>
as the default <Host> and deploy everything into it. This makes your
configuration changes relative to a stock Tomcat less significant and
easier to apply to new versions if/when necessary.
-chris
On Thu, Apr 18, 2024 at 2:17 PM Christopher Schultz <
ch...@christopherschultz.net> wrote:
Ammu,
On 4/18/24 07:45, lavanya tech wrote:
I added classname rewrite valeus in contex.xml file .
<!-- REWRITE VALVE -->
<Valve
className="org.apache.catalina.valves.rewrite.RewriteValve"
/>
<!-- // -->
created rewrite.config so both of them is located under conf under
apache-tomcat.
<RewriteCond %{HTTP_HOST} example.com [NC]
<RewriteRule ^/(.*)$
https://www.example.com:7777/example [R=301,L]
So according to the documentaion they say context.xml should be
placed
under webapps and rewrite.config file should be put in WEB-INF
folder
of
apache-tomcat . I placed and restarted tomcat webserver but still
it
doesnot redirect.
Can you give full paths to both server.xml and rewrite.config,
re-post
your current server.xml <Context> element, and the complete contents
of
rewrite.config?
Have you looked at the log files after start?
-chris
On Thu, Apr 18, 2024 at 1:36 PM lavanya tech <
lavanyatech...@gmail.com
wrote:
Hi Thomas,
Thanks for the fast response.
I added classname rewrite valeus in contex.xml file .
<!-- REWRITE VALVE -->
<Valve
className="org.apache.catalina.valves.rewrite.RewriteValve"
/>
<!-- // -->
created rewrite.config so both of them is located under conf
under
apache-tomcat.
So according to the documentaion they say context.xml should be
placed
under webapps and rewrite.config file should be put in WEB-INF
folder
of
apache-tomcat
Thnks,
Ammu
On Thu, Apr 18, 2024 at 1:22 PM Mark Thomas <ma...@apache.org>
wrote:
On 18/04/2024 12:05, lavanya tech wrote:
Hi Team,
I am using "Tomcat 10.1" in our environment and I wanted to
redirect
url
from https://example.com to https://www.servercom:7777 and for
this i
modified the server.xml as below in tomcat config, and the below
configuration doesnot seems to work. Does anyone has ideas.
Please
suggest.
The url alone https://www.servercom:7777/ already works. But
just
redirection from the old to one doesnot.
<Host name="example.com" appBase="app" unpackWARs="true"
autoDeploy="true">
<Context path="" docBase="example" />
<Alias>example.com</Alias>
<!-- Add RewriteValve and RewriteRule here -->
<Valve
className="org.apache.catalina.valves.rewrite.RewriteValve"/>
<Engine name="Catalina" defaultHost="localhost">
<Host name="example.com" appBase="app"
unpackWARs="true"
autoDeploy="true">
<Context path="" docBase="example" />
<Alias>example.com</Alias>
<Valve
className="org.apache.catalina.valves.rewrite.RewriteValve"/>
<Engine name="Catalina"
defaultHost="localhost">
<Host name="example.com" appBase="app"
unpackWARs="true" autoDeploy="true">
<Context path="" docBase="example" />
<Alias>example.com</Alias>
<!-- Rewrite rule to redirect to
www.servercom:8080/example -->
<RewriteCond %{HTTP_HOST} example\.com
[NC]
<RewriteRule ^/(.*)$
https://www.servercom:7777/example/$1 [R=301,L]
1. That isn't valid XML.
2. Where in the Tomcat docs does it say you can nest re-write
rules
in
a
Host element (or any other element)?
</Host>
</Engine>
</Host>
</Engine>
</Host>
You need to configure the RewriteValve.
https://tomcat.apache.org/tomcat-10.1-doc/rewrite.html
Mark
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
