Hi Chris, I tried the below and have the issues.
1)proxyPort="443" and proxyName="example.lbg.com" to the connector 2) remanmed towl.war to ROOT.war 3) created rewrite.config and added as below under conf/ RewriteCond %{REQUEST_URI} ^/towl/(.*) RewriteRule ^/towl/(.*) https://example.lbg.com/%1 [R] 4) added this in web.xml file of /webapps/towl/web.xml/ <!-- Servlet mappings --> <!-- Add your existing servlet mappings here --> <!-- Security constraint to restrict access to /towl path --> <security-constraint> <web-resource-collection> <web-resource-name>Restricted Access to /towl</web-resource-name> <url-pattern>/towl/*</url-pattern> </web-resource-collection> <auth-constraint> <!-- Deny access to all roles --> </auth-constraint> </security-constraint> Also I noticed that even if I rename the towl application to ROOT, when i call the url with https://example.lbg.com/towl --> this towl directory is getting created under webapps by default 5) Resarted tomcat and I have the below error and all the urls have the same issue Message org.apache.jasper.JasperException: java.lang.ClassNotFoundException: org.apache.jsp.index_jsp Description The server encountered an unexpected condition that prevented it from fulfilling the request. Exception org.apache.jasper.JasperException: org.apache.jasper.JasperException: java.lang.ClassNotFoundException: org.apache.jsp.index_jsp org.apache.jasper.servlet.JspServletWrapper.handleJspException(JspServletWrapper.java:578) org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:422) org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:380) org.apache.jasper.servlet.JspServlet.service(JspServlet.java:328) jakarta.servlet.http.HttpServlet.service(HttpServlet.java:658) org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:51) On Thu, May 9, 2024 at 11:20 PM Christopher Schultz < ch...@christopherschultz.net> wrote: > Lavanya, > > On 5/9/24 13:48, lavanya tech wrote: > > Thank you so much for your explanation. I will try these options. > > > > Do server and example both resolve to the same IP? > > -yes > > Good, that significantly reduces the complexity required, since you can > do it will a single process (Tomcat) in a single environment. > > > So I need follow both 4a/b and 5a/b steps here or any of them ? > > > > If I setup exactly by using below steps , then I should access both the > > urls right ? https://server.lbg.com:8443/towl and > https://example.lbg.com > > If you visit either hostname with /towl, you will be redirected to > example.lbg.com/ with no port number. example:8443 will still work and > no redirect will take place... unless you specifically make arrangements > for that. We can do that later if you really want to. > > Let's get the other things working, first. > > -chris > > > On Thursday, May 9, 2024, Christopher Schultz < > ch...@christopherschultz.net> > > wrote: > > > >> Lavanya, > >> > >> On 5/9/24 02:58, lavanya tech wrote: > >> > >>> Just giving background again of this topic again. > >>> > >>> 1) The application team who is working they wanted to access the url > >>> https://server.lbg.com:8443/towl —> which should redirect or point to > >>> https://example.lbg.com > >>> > >>> Is that a typo? You want specifically https://server.lbg.com/towl and > >>> https://example.lbg.com/ to point to your application? > >>> — It’s not the Typo the requirements are still the > same. > >>> > >> > >> Okay. > >> > >> Do server and example both resolve to the same IP? > >> > >> 2) Hence I added firewall rule to redirect port 443 to 8443. And the url > >>> https://example.lbg.com started working but its pointing to > >>> https://server.lbg.com:8443 indeed and not > https://server.lbg.com:8443/to > >>> wl > >>> > >>> But then they wanted the point 1 to have it. If I understood > correctly. So > >>> basically to achieve this we wanted a reverse proxy setup ? > >>> > >>> I didnot define any additional host in server.xml file on just left to > >>> default to local host. > >>> > >> > >> Here's what you have to do in order to support this odd configuration. > >> > >> 1. Configure your firewall to route port 443 -> 8443. I suspect this is > >> already done. > >> > >> 2. Deploy Tomcat on server.lbg.com with a <Connector> on port 8443. > This > >> is the default, so there shouldn't be anything to do. I suspect this is > >> already done. You should set proxyPort="443" and proxyName=" > >> example.lbg.com" in your <Connector>. This will ensure that any URLs > >> generated by Tomcat or your application will point to > >> https://example.lbg.com/ and not to server.lbg.com or have a port > number > >> or whatever. > >> > >> 3. Re-name your application directory or WAR file from towl -> ROOT > (upper > >> case is important). So if you have tomcat/webapps/towl re-name that to > >> tomcat/webapps/ROOT or if you have tomcat/webapps/towl.war re-name that > to > >> tomcat/webapps/ROOT.war. > >> > >> The last thing to do is get /towl to re-direct to /. There are a few > ways > >> of doing that. > >> > >> 4a. Configure your application (now called ROOT and deployed on / and > not > >> /towl anymore) to handle the /towl URL and specifically redirect this > back > >> to /. This is oddly specific and has the application trying to redirect > to > >> itself which is weird. > >> > >> 4b. Create a new application called towl or towl.war which will be > >> deployed on /towl and have THAT redirect to /. I think this is cleaner > >> because you can call the application anything you'd like and it will > still > >> work. You don't have to match URL patterns yourself, you just re-name > the > >> WAR file if you suddenly want to use /towl2 instead of /towl. > >> > >> There are several ways to redirect. > >> > >> 5a. Use the rewrite valve and map /(*) to (global redirect) /\1. A few > >> notes: (1) the (*) means "capture this string" and \1 means "put the > string > >> back. This allows you to redirect /towl/foo/bar to /foo/bar instead of > >> losing the /foo/bar. This syntax may not be perfect, adapt it to your > >> needs. (2) Remember that the towl application is deployed on /towl so > you > >> don't want to redirect /towl/foo/bar you only want redirect /foo/bar > since > >> the URL will be relative to the current context (/towl). Got that? > Finally, > >> (3) you need to use a global redirect that does *NOT* redirect back to > the > >> /towl application. Normally, if you redirect to /foo you'll get an > >> application-relative redirect from something like a rewrite > >> valve/filter/whatever. Take care to redirect relative to the SERVER and > not > >> to the application. > >> > >> 5b. Write your own servlet to do a specific redirect. > >> > >> I hope that helps, > >> -chris > >> > >> On Wednesday, May 8, 2024, Christopher Schultz < > >>> ch...@christopherschultz.net> > >>> wrote: > >>> > >>> Lavanya, > >>>> > >>>> On 5/8/24 06:48, lavanya tech wrote: > >>>> > >>>> I figured out how I can it make it work with 443. Now the URls are > >>>>> working. > >>>>> I added iptables route 443 to 8443 and it started working. > >>>>> > >>>>> nslookup example.lbg.com > >>>>> > >>>>> Non-authoritative answer: > >>>>> Name: server.lbg.com > >>>>> Address: 192.168.200.105 > >>>>> Aliases: example.lbg.com > >>>>> > >>>>> > >>>>> I have some application towl running with apache tomcat. I have the > >>>>> below > >>>>> URLs working. > >>>>> > >>>>> https://server.lbg.com:8443/towl > >>>>> https://server.lbg.com > >>>>> https://example.lbg.com > >>>>> https://example.lbg.com/towl > >>>>> > >>>>> > >>>>> Now i wanted to disable the url https://example.lbg.com/towl and > >>>>> https://server.lbg.com and access only the other remaining two. > >>>>> > >>>>> > >>>> > >>> > >>> > >>>> I would *highly* recommend that you pick either /towl or / and not > try to > >>>> do both, unless you want to deploy the application twice (which is > fine, > >>>> just deploy towl.war and ROOT.war as copies of each other). If you > try to > >>>> re-write /towl to / or / to /towl, you'll find you spend the rest of > your > >>>> days tracking-down edge-cases and "fixing" them -- likely making > things > >>>> confusing and, probably, worse. > >>>> > >>>> In the end our goal to makesure that the links are not always dead as > >>>> soon > >>>> > >>>>> as the towl is moved to a new machine. Can you pelase assit me how > to do > >>>>> that? > >>>>> > >>>>> > >>>> The goal should be that "moving" the application only means changing > DNS > >>>> and everything else works as expected. > >>>> > >>>> If you: > >>>> > >>>> 1. Deploy the application with a single context (e.g. /towl, which I > >>>> recommend) > >>>> > >>>> 2. Re-direct / to /towl (this requires a reverse-proxy or a ROOT > >>>> application that does nothing but redirect ; my personal preference) > >>>> > >>>> 3. Do not define any <Host> other than "localhost" and make it the > >>>> default. Do not bother with any <Alias> elements since they are not > >>>> necessary. > >>>> > >>>> Moving the application should only require that you: > >>>> > >>>> 4. Deploy the same application with the same configuration in the new > >>>> location > >>>> > >>>> 5. Change DNS to point example.lbg.com and server.lbg.com to the new > >>>> location of the service > >>>> > >>>> Hope that helps, > >>>> -chris > >>>> > >>>> On Tue, Apr 30, 2024 at 5:44 PM Christopher Schultz < > >>>> ch...@christopherschultz.net> wrote: > >>>> > >>>> Lavanya, > >>>> > >>>> On 4/30/24 07:10, lavanya tech wrote: > >>>> > >>>> Can you tell me how to do the below ? How should I setup Tomcat in > >>>> server.xml ? > >>>> > >>>> > >>>> If you want to use port 443 (the default port for HTTPS) then you will > >>>> need to change Tomcat to bind to port 443 (if that's allowed on your > OS) > >>>> or arrange to have port 443 routed to port 8443. You may need > additional > >>>> configuration in Tomcat (specifically: proxyPort) to avoid having > Tomcat > >>>> generate URLs with ":8443" in them. > >>>> > >>>> Looking forward to your reply. > >>>> > >>>> > >>>> If Tomcat is listening on port 8443 then you will need to include that > >>>> in your URL, period. If you want to allow URLs without a port number, > >>>> you will have to arrange to have something listening on port 443. > >>>> > >>>> On Windows, Tomcat can listen directly on port 443. On UNIX and > >>>> UNIX-like systems, you won't be able to do this without running Tomcat > >>>> as root WHICH YOU ABSOLUTELY SHOULD NOT DO. > >>>> > >>>> There are other ways to get port 443 working, but I'll need to know > more > >>>> about your environment. The port issue is "easier" than figuring out > >>>> whatever is going on with your DNS, aliases, etc. so I would recommend > >>>> we fix one thing at a time. > >>>> > >>>> -chris > >>>> > >>>> On Mon, Apr 29, 2024 at 2:03 PM lavanya tech < > lavanyatech...@gmail.com> > >>>> wrote: > >>>> > >>>> Hi Chris, > >>>> > >>>> There is no issues with browser, because I tested with different > >>>> > >>>> browsers > >>>> > >>>> and it all works fine. I am sure that there is no issue with the > >>>> certificate. > >>>> Because I was able to establish successful connections with port > >>>> > >>>> 8443, it > >>>> > >>>> just doesnot work with out port > >>>> > >>>> curl https://example.lbg.com/towl > >>>> curl: (56) Received HTTP code 504 from proxy after CONNECT > >>>> curl: (56) Received HTTP code 504 from proxy after CONNECT > >>>> > >>>> > >>>> If you want to use port 443 (the default port for HTTPS) then you will > >>>> need to change Tomcat to bind to port 443 (if that's allowed on your > OS) > >>>> or arrange to have port 443 routed to port 8443. You may need > additional > >>>> configuration in Tomcat (specifically: proxyPort) to avoid having > Tomcat > >>>> generate URLs with ":8443" in them. > >>>> > >>>> <Connector port="443" protocol="HTTP/1.1" > >>>> connectionTimeout="20000" > >>>> redirectPort="8443" > >>>> maxThreads="150" > >>>> scheme="https" secure="true" SSLEnabled="true" > >>>> keystoreFile="path_to_your_keystore_file" > >>>> keystorePass="your_keystore_password" > >>>> keystoreType="PKCS12" > >>>> clientAuth="false" sslProtocol="TLS" > >>>> proxyPort="443"/> > >>>> > >>>> should i use connect port like the above ? But you mentioned before > we > >>>> dont need any configuration changes. Please clarify I am not able to > >>>> > >>>> figure > >>>> > >>>> this out and I have this issue many days pending. How to make it work > >>>> > >>>> with > >>>> > >>>> port 8443 and with out port > >>>> > >>>> Also I wanted to use weburl with alias name permanently instead of the > >>>> hostname. How can I achieve both > >>>> > >>>> Thanks, > >>>> Lavanya > >>>> > >>>> > >>>> --> > >>>> > >>>> > >>>> On Fri, Apr 26, 2024 at 9:28 PM Christopher Schultz < > >>>> ch...@christopherschultz.net> wrote: > >>>> > >>>> Lavanya, > >>>> > >>>> On 4/25/24 07:24, lavanya tech wrote: > >>>> > >>>> Hi Chris, > >>>> > >>>> One question / doubt: > >>>> > >>>> As I mentioned earlier, the below URLS already working in the browser > >>>> > >>>> https://server.lbg.com:8443/towl > >>>> https://example.lbg.com:8443/towl -> redirect ( which means when I > >>>> > >>>> hit in > >>>> > >>>> browser) it points to https://server.lbg.com:8443/towl ---> To be > >>>> > >>>> frank, > >>>> > >>>> even I donot need redirect here, not sure why it redirects. > >>>> > >>>> My question is why its working even though SAN is not registered with > >>>> > >>>> the > >>>> > >>>> certificate ? It doesnot even throw warning in the browser. > >>>> > >>>> > >>>> I'm not sure. Is it possible you have dismissed this error in the past > >>>> and the browser is remembering that? Try this with a different web > >>>> browser or maybe with curl from the command-line to see what happens. > >>>> > >>>> Why https://server.lbg.com/towl or https://example.lbg.com/towl --> > >>>> > >>>> How it > >>>> > >>>> should work with New SAN certificate ? > >>>> > >>>> > >>>> You don't need to worry about the port number or application name, > only > >>>> the hostname is a part of the SAN. > >>>> > >>>> -chris > >>>> > >>>> On Thu, Apr 25, 2024 at 10:16 AM lavanya tech < > >>>> > >>>> lavanyatech...@gmail.com > >>>> > >>>> > >>>> wrote: > >>>> > >>>> Hi Chris, > >>>> > >>>> > >>>> Thanks I will request new certificate with SANs and I will try to fix > >>>> > >>>> the > >>>> > >>>> things from our end. > >>>> > >>>> Best Regards, > >>>> Lavanya > >>>> > >>>> On Wed, Apr 24, 2024 at 11:12 PM Christopher Schultz < > >>>> ch...@christopherschultz.net> wrote: > >>>> > >>>> Lavanya, > >>>> > >>>> On 4/24/24 15:39, lavanya tech wrote: > >>>> > >>>> Local host means the machine i am logged in to server.lbg.com > >>>> > >>>> You are right, example.lbg.com is CNAME record. > >>>> > >>>> > >>>> Okay, thanks for clearing that up. > >>>> > >>>> I dont have any SAN configured for the certificate. The certificate > >>>> > >>>> is > >>>> > >>>> requested for only server.lbg.com > >>>> > >>>> > >>>> You will never be able to make a secure request to anything other > >>>> > >>>> than > >>>> > >>>> server.lbg.com without seeing an error. I highly recommend adding > >>>> > >>>> the > >>>> > >>>> other hostname as a SAN to your certificate if you really want to > >>>> support this. > >>>> > >>>> Even if you wanted https://example.lbg.com/whatever to return an > >>>> > >>>> HTTP > >>>> > >>>> 302 redirect to https://server.lbg.com/whatever, the user would > >>>> > >>>> see a > >>>> > >>>> certificate hostname mismatch error which is ugly. It's best to make > >>>> > >>>> it > >>>> > >>>> work without users seeing ugly things. > >>>> > >>>> So if i just request new certificate with SAN it should work ? If > >>>> > >>>> yes, I > >>>> > >>>> will request for it and follow your steps as below suggested. > >>>> > >>>> > >>>> Yes, it should. > >>>> > >>>> Should i use CName record or DNS? Does it make difference? > >>>> > >>>> > >>>> CNAME *is* DNS. > >>>> > >>>> Whenever possible, use hostnames and not IP addresses as SANs. It's > >>>> > >>>> more > >>>> > >>>> flexible that way, and users get to see hostnames instead of IP > >>>> > >>>> addresses. > >>>> > >>>> > >>>> -chris > >>>> > >>>> On Wednesday, April 24, 2024, Christopher Schultz < > >>>> ch...@christopherschultz.net> wrote: > >>>> > >>>> Lavanya, > >>>> > >>>> On 4/24/24 07:37, lavanya tech wrote: > >>>> > >>>> Sorry I understood wrongly here with regards to my environment, > >>>> > >>>> Let me > >>>> > >>>> start from the beginning. I donot want to use redirect at all. I > >>>> > >>>> simply > >>>> > >>>> wanted to force apache tomcat to use both localhost and dns name > >>>> > >>>> of > >>>> > >>>> the > >>>> > >>>> localhost via url. > >>>> > >>>> > >>>> When you say "force" what do you mean? > >>>> > >>>> When you say "use both localhost and DNS name" what do you mean? > >>>> > >>>> When you say "localhost" do you mean 127.0.0.1 or "the machine I'm > >>>> logged-into right now"? > >>>> > >>>> I have DNS resollution as below. > >>>> > >>>> > >>>> server.lbg.com --> localhost > >>>> > >>>> > >>>> Is that a CNAME record? > >>>> > >>>> nslookup server.lbg.com (localhost) > >>>> > >>>> Name: server.lbg.com > >>>> Address: 192.168.100.20 > >>>> alias: example.lbg.com > >>>> > >>>> > >>>> That's a weird DNS response. The DNS name "localhost" should > >>>> > >>>> *always* > >>>> > >>>> return 127.0.0.1 for IPv4 and ::1 for IPv6. It shouldn't return > >>>> 191.168.100.20. > >>>> > >>>> We have working the below urls working: > >>>> > >>>> https://server.lbg.com:8443/towl > >>>> https://example.lbg.com:8443/towl --> redirects to > >>>> > >>>> > >>>> What do you mean "redirect"? Does it return a 30x response that > >>>> > >>>> causes > >>>> > >>>> the > >>>> > >>>> browser to make a new request to \/ > >>>> > >>>> https://server.lbg.com:8443/towl --> still works --> we have SSL > >>>> > >>>> configured for the same but this SSL certificate doesnot have > >>>> > >>>> additional > >>>> > >>>> DNS setup. > >>>> > >>>> > >>>> What SANs are in your certificate? How many certificates do you > >>>> > >>>> have? > >>>> > >>>> > >>>> But I would need to somehow access https://example.lbg.com --> > >>>> > >>>> which > >>>> > >>>> means > >>>> I would need to access via 443 here ? > >>>> > >>>> > >>>> I'm so confused. What needs to access what? > >>>> > >>>> I tried to adding the below to server.xml as below, but that > >>>> > >>>> doesnot > >>>> > >>>> seems > >>>> > >>>> to work. > >>>> > >>>> <Connector port="80" > >>>> protocol="org.apache.coyote.http11.Http11NioProtocol" > >>>> connectionTimeout="20000" > >>>> redirectPort="443" /> > >>>> > >>>> > >>>> This will only redirect (HTTP 302) requests to > >>>> > >>>> http://yourhost/anything > >>>> > >>>> to https://yourhost/anything *if the application specifically > >>>> > >>>> requests > >>>> > >>>> CONFIDENTIAL transport*. It doesn't just redirect everything by > >>>> > >>>> default. If > >>>> > >>>> you want it to redirect everything, you'll need to set that up > >>>> > >>>> e.g. > >>>> > >>>> using > >>>> > >>>> RewriteValve. There are other options, too. > >>>> > >>>> Do i need additional SSL certificate for the > >>>> > >>>> https://example.lbg.com > >>>> > >>>> to > >>>> > >>>> make it work ? > >>>> > >>>> > >>>> If you don't want your browser to complain, you will need at least > >>>> > >>>> one > >>>> > >>>> TLS > >>>> > >>>> certificate that contains every Subject Alternative Name (SAN) for > >>>> > >>>> every > >>>> > >>>> possible hostname you expect to use with this service. You ca do > >>>> > >>>> it > >>>> > >>>> with > >>>> > >>>> multiple certificates as well, but a single cert with multiple > >>>> > >>>> SANs > >>>> > >>>> is > >>>> > >>>> less > >>>> > >>>> work. > >>>> > >>>> Do i need to set up an additional web server for this like apache > >>>> > >>>> or > >>>> > >>>> nginx > >>>> > >>>> for redirecting requests? > >>>> > >>>> > >>>> No. > >>>> > >>>> Please stop saying "redirect" because it sounds like you almost > >>>> > >>>> never > >>>> > >>>> mean > >>>> > >>>> "HTTP 30x redirect" and that's confusing everything. > >>>> > >>>> I *think* you only need the following: > >>>> > >>>> 1. A TLS certificate with the following SANs: > >>>> > >>>> * server.lbg.com > >>>> * example.lbg.com > >>>> * localhost (you shouldn't do this) > >>>> > >>>> 2. DNS configured for all hostnames: > >>>> > >>>> * server.lbg.com -> A 192.168.100.20 > >>>> * example.lgb.com -> A 192.168.100.20 > >>>> > >>>> 3. Tomcat configured with a single <Host> which is the default > >>>> > >>>> virtual > >>>> > >>>> host. Note that this is the *default Tomcat configuration* and > >>>> > >>>> doesn't > >>>> > >>>> need > >>>> > >>>> to be changed from the default. > >>>> > >>>> 4. Tomcat configured with your certificate like this: > >>>> > >>>> <Connector ... > >>>> SSLEnabled="true"> > >>>> <SSLHostConfig> > >>>> <Certificate > >>>> certificateFile="/path/to/your/cert.crt" > >>>> certificateKeyFile="/path/to/your/key.pem" /> > >>>> <!-- You may need certificateKeyPassword in > >>>> > >>>> <Certificate> > >>>> > >>>> --> > >>>> > >>>> </SSLHostConfig> > >>>> </Connector> > >>>> > >>>> If your SANs are configured properly, this should allow you to > >>>> > >>>> connect > >>>> > >>>> using any of these URLs: > >>>> > >>>> $ curl https://server.lbg.com/towl/login.jsp > >>>> > >>>> (returns login page) > >>>> > >>>> $ curl https://example.lbg.com/towl/login.jsp > >>>> > >>>> (returns login page) > >>>> > >>>> If your application's web.xml contains something like this: > >>>> > >>>> <security-constraint> > >>>> <web-resource-collection> > >>>> <web-resource-name>theapp</web-resource-name> > >>>> <url-pattern>/*</url-pattern> > >>>> </web-resource-collection> > >>>> <user-data-constraint> > >>>> <transport-guarantee>CONFIDENTIAL</transport-guarantee> > >>>> </user-data-constraint> > >>>> </security-constraint> > >>>> > >>>> ... then these URLs insecure HTTP URLs should redirect your > >>>> > >>>> clients: > >>>> > >>>> > >>>> $ curl http://server.lbg.com/towl/login.jsp > >>>> > >>>> (returns HTTP 302 redirect to > >>>> > >>>> https://server.lbg.com/towl/login.jsp > >>>> > >>>> ) > >>>> > >>>> > >>>> $ curl https://server.lbg.com/towl/login.jsp > >>>> > >>>> (returns HTTP 302 redirect to > >>>> > >>>> https://example.lbg.com/towl/login.jsp) > >>>> > >>>> > >>>> I don't think you need any use of the RewriteValve unless you want > >>>> > >>>> to > >>>> > >>>> handle sending HTTP 302 redirect responses to insecure requests > >>>> > >>>> without > >>>> > >>>> specifying the CONFIDENTIAL transport-guarantee in your > >>>> > >>>> application's > >>>> > >>>> web.xml file. But I don't see any reason NOT to have that in > >>>> > >>>> there. > >>>> > >>>> > >>>> -chris > >>>> > >>>> On Tue, Apr 23, 2024 at 10:52 PM Christopher Schultz < > >>>> > >>>> ch...@christopherschultz.net> wrote: > >>>> > >>>> Lavanya, > >>>> > >>>> > >>>> On 4/22/24 05:21, lavanya tech wrote: > >>>> > >>>> Could you please explain, what you exactly mean ? So here > >>>> > >>>> redirect > >>>> > >>>> is > >>>> > >>>> > >>>> not a > >>>> > >>>> solution right ? > >>>> > >>>> > >>>> Redirecting is fine. > >>>> > >>>> Perhaps you should take a step back and decide: what do you > >>>> > >>>> actually > >>>> > >>>> want, here? You might be trying to solve problem X by applying > >>>> > >>>> solution > >>>> > >>>> Y, and you've already decided that solution Y is correct so you > >>>> > >>>> are > >>>> > >>>> trying to get help with that. > >>>> > >>>> Perhaps ask for help with Problem X? > >>>> > >>>> For example, "I don't want users to have to type the name of my > >>>> application to reach it so I want example.com/ to go to my > >>>> > >>>> application > >>>> > >>>> instead of example.com/myapp/". > >>>> > >>>> Or, "I have multiple domains and I want all of them to redirect > >>>> > >>>> to > >>>> > >>>> the > >>>> > >>>> canonical domain example.com and to go to me web application > >>>> > >>>> /myapp > >>>> > >>>> so > >>>> > >>>> everything goes to example.com/myapp/". > >>>> > >>>> "You'd have to use a glob/regex if > >>>> > >>>> you wanted to check for [anything and maybe nothing.] > >>>> > >>>> example.com > >>>> > >>>> ." > >>>> > >>>> > >>>> > >>>> There is nothing in your configuration or question that suggests > >>>> > >>>> that > >>>> > >>>> the hostname in the request is relevant, but you are making it a > >>>> *requirement* that the request contains a specific Host header. > >>>> > >>>> IF > >>>> > >>>> you > >>>> > >>>> don't actually need that, why do you have it? > >>>> > >>>> -chris > >>>> > >>>> On Fri, Apr 19, 2024 at 3:03 PM Christopher Schultz < > >>>> > >>>> ch...@christopherschultz.net> wrote: > >>>> > >>>> Ammu, > >>>> > >>>> > >>>> On 4/19/24 08:32, lavanya tech wrote: > >>>> > >>>> Thank you very much. I removed <Host> for example.com as > >>>> > >>>> well > >>>> > >>>> as > >>>> > >>>> > >>>> adding > >>>> > >>>> > >>>> an > >>>> > >>>> > >>>> <Alias> in server.xml > >>>> I copied context.xml file > >>>> > >>>> /git/app/apache-tomcat-10.1.11/webapps/towl/META-INF/context.xml > >>>> > >>>> Removed < in rewrite.config files. > >>>> > >>>> But still I dont redirect the URL. > >>>> > >>>> > >>>> If you have <Context> in server.xml and also your application > >>>> > >>>> in > >>>> > >>>> the > >>>> > >>>> webapps/ directory, then you will be double-deploying your > >>>> > >>>> application. > >>>> > >>>> > >>>> Re-name /git/app/apache-tomcat-10.1.11/webapps/towl/ to be > >>>> /git/app/apache-tomcat-10.1.11/webapps/ROOT (the capitals are > >>>> important) > >>>> and remove the <Context> element from your server.xml. > >>>> > >>>> Then start your server and read the logs. > >>>> > >>>> *nslookup alias.example.com <http://alias.example.com> > >>>> > >>>> gives-->Non-authoritative answer:Name: www.example.com > >>>> <http://www.example.com>Address: 192.168.200.10Aliases: > >>>> > >>>> alias.example.com > >>>> > >>>> <http://alias.example.com>* > >>>> > >>>> > >>>> Just to give some information here, *www.example.com > >>>> <http://www.example.com>* has alias* "alias.example.com > >>>> <http://alias.example.com>"* > >>>> But https://www.example.com:7777/example --> works fine with > >>>> > >>>> out > >>>> > >>>> > >>>> issues > >>>> > >>>> > >>>> but > >>>> > >>>> > >>>> the alias doesnot works (https://alias.example.com) > >>>> So i am not sure if the redirect url helps or if its correct > >>>> > >>>> > >>>> Your rewrite configuration says that you have to be using host > >>>> "example.com" but your request goes to www.example.com. Your > >>>> configuration should only redirect a request such as: > >>>> > >>>> $ curl -v http://example.com:7777/something > >>>> > >>>> HTTP/1.1 301 Moved Permanently > >>>> ... > >>>> Location: https://www.example.com:7777/example > >>>> > >>>> If you make a request like: > >>>> > >>>> $ curl -v http://www.example.com:7777/something > >>>> > >>>> I wouldn't expect a redirect because of your "host" condition. > >>>> > >>>> The > >>>> > >>>> "%{HTTP_HOST} example.com" looks at the entire Host header > >>>> > >>>> and > >>>> > >>>> not > >>>> > >>>> just > >>>> anything that ends in "example.com". You'd have to use a > >>>> > >>>> glob/regex if > >>>> > >>>> you wanted to check for [anything and maybe nothing.] > >>>> > >>>> example.com. > >>>> > >>>> > >>>> You'd also have to make sure that your application is serving > >>>> > >>>> responses > >>>> > >>>> to requests to / which is why I'm recommending you use the > >>>> > >>>> ROOT > >>>> > >>>> web > >>>> > >>>> application name instead of "towl". > >>>> > >>>> -chris > >>>> > >>>> On Fri, Apr 19, 2024 at 1:21 PM Christopher Schultz < > >>>> > >>>> ch...@christopherschultz.net> wrote: > >>>> > >>>> Ammu, > >>>> > >>>> > >>>> On 4/18/24 09:34, lavanya tech wrote: > >>>> > >>>> I am attaching server.xml and context.xml and > >>>> > >>>> rewrite.config > >>>> > >>>> files. > >>>> > >>>> The paths are > >>>> > >>>> /git/app/apache-tomcat-10.1.11/webapps/towl/context.xml > >>>> <Context> > >>>> <Valve > >>>> > >>>> className="org.apache.catalina.valves.rewrite.RewriteValve" > >>>> > >>>> > >>>> /> > >>>> > >>>> > >>>> <!-- Other context configuration --> > >>>> </Context> > >>>> > >>>> > >>>> This file ^^^ is in the wrong place. It should be in > >>>> > >>>> /git/app/apache-tomcat-10.1.11/webapps/towl/META-INF/context.xml > >>>> > >>>> > >>>> > >>>> /git/app/apache-tomcat-10.1.11/webapps/towl/WEB-INF/rewrite.config > >>>> > >>>> > >>>> <RewriteCond %{HTTP_HOST} example.com [NC] > >>>> <RewriteRule ^/(.*)$ https://www.example.com:7777/example > >>>> > >>>> [R=301,L] > >>>> > >>>> > >>>> > >>>> Why do you have < symbols at the beginning of these lines? > >>>> > >>>> server.xml > >>>> > >>>> > >>>> > [...] > >>>> > >>>> > >>>> > >>>> <Host name="example.com" appBase="webapps" > >>>> > >>>> unpackWARs="true" > >>>> > >>>> > >>>> autoDeploy="true"> > >>>> > >>>> <Context path="" docBase="towl" /> > >>>> > >>>> > >>>> It's best not to define any <Context> in server.xml. I would > >>>> > >>>> remove > >>>> > >>>> > >>>> this > >>>> > >>>> > >>>> <Context> entirely and allow Tomcat to auto-reploy from your > >>>> > >>>> webapps/towl directory. If you need this application to be > >>>> > >>>> deployed > >>>> > >>>> as > >>>> the ROOT context (on / and not /towl) then you should > >>>> > >>>> re-name > >>>> > >>>> /git/app/apache-tomcat-10.1.11/webapps/towl to > >>>> /git/app/apache-tomcat-10.1.11/webapps/ROOT > >>>> > >>>> You also don't need a <Host> for example.com as well as > >>>> > >>>> adding > >>>> > >>>> an > >>>> > >>>> <Alias> for the same domain (though this is probably to > >>>> > >>>> anonymize the > >>>> > >>>> > >>>> > >>> > >> --------------------------------------------------------------------- > >> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > >> For additional commands, e-mail: users-h...@tomcat.apache.org > >> > >> > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > >