Hi Chris, > <Context path="" docBase="towl" />
If i remove this from server.xml file i have the below error. Message java.lang.NoClassDefFoundError: org/towl/indexer/web/Prefix Description The server encountered an unexpected condition that prevented it from fulfilling the request. Exception jakarta.servlet.ServletException: java.lang.NoClassDefFoundError: org/towl/indexer/web/Prefix org.apache.jasper.servlet.JspServlet.service(JspServlet.java:333) jakarta.servlet.http.HttpServlet.service(HttpServlet.java:658) org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:51) The "aliasing" will always be weird. IMO it's better to redirect. If you change to redirect, does everything *work*, even if you don't like how the browser's URL bar displays? --> I tried but it didnot work ok apart from this tpic , we have one more issue found. Actually application team, they are deploying two applications one with towl (which you are already aware) the other one is (towl-app) they have defined seperate server.xml for both. Name: server.lbg.com Address: 192.168.200.120 Aliases: example.lbg.com Name: server.lbg.com Address: 192.168.200.120 Aliases: example-app.lbg.com which means we have two aliases for server.lbg.com , earlier we were concentrating only on one example.lbg.com , now i wanted to somehow enable access as the same for the other one also https://example-app.lbg.com --> https://server.lbg.com:8444/towl-app So i created iptable rule in the sameway as before redirect 443 to 8444 and i have the urls working same as example.lbg.com Both the server.xml files are here /git/towl/apachetomcat/conf/server.xml /git/towl-app/apachetomcat/conf/server.xml --> I changed the port of connectors and everything But now when i try to access https://example.lbg.com --> I get webpage of https://example-app.lbg.com and sometimes i get webpage of https://example.lbg.com after refresh itself which is wierd May i know why this is happening. If we fix this then I am thinking to disable the unwated urls leaving the required ones. for example the below ones. I think that would be easier ? rather than redirecting or aliasing--> Because we noticed that towl application is already pointing with https://example.lbg.com https://server.lbg.com:8443 https://example-lbg.com:8443 <https://example.lbg.com/towl> <https://server.lbg.com/towl> https://server.lbg.com:8444 https://example-lbg.com:8444 <https://example.lbg.com/towl-app> <https://server.lbg.com/towl-app> kindly suggest us a fix. Thanks once again for your time Regards, Lavanya On Wed, May 15, 2024 at 2:16 PM Christopher Schultz < ch...@christopherschultz.net> wrote: > Lavanya, > > On 5/15/24 04:43, lavanya tech wrote: > > Though to write you privately, regaridng the tomcat url redirection as > > the mail chain is getting more big big > > It's better to post to the list, so anyone in your situation can learn > from it. > > > Let me know if its fine for you and here is what I did. > > > > 1) <Host name="localhost" appBase="webapps" unpackWARs="true" > > autoDeploy="true"> > > <Context path="" docBase="towl" /> > > Don't do this. Just put towl.war into webapps/ and let it auto-deploy. > What you are doing here is double-deploying your "towl" application: > once as "" (ROOT) and once as "/towl". Remove this from server.xml. > > > <!-- Rewrite Valve configuration --> > > <Valve > > className="org.apache.catalina.valves.rewrite.RewriteValve" /> > > Okay. > > > 2) I have towl application and towl.war under webapps directory > > 3) added proxy port and proxyname to connector > > > > <Connector port="8443" > > protocol="org.apache.coyote.http11.Http11NioProtocol" > > maxThreads="150" SSLEnabled="true"> > > proxyPort="8443" proxyName="server.lbg.com > > <http://server.lbg.com>"> > > <UpgradeProtocol > > className="org.apache.coyote.http2.Http2Protocol" /> > > <SSLHostConfig> > > <Certificate certificateKeystoreFile="/path/to/keystore" > > certificateKeystorePassword="pass" > > type="RSA" /> > > </SSLHostConfig> > > </Connector> > > Okay. > > > 4) added rewrite.config under conf directory > > > # Redirect everything that is not server.lbg.com > > <http://server.lbg.com> to > > > # server.lbg.com <http://server.lbg.com>. Don't worry about /towl > yet. > > > RewriteCond %{HTTP_HOST} !^server\.lbg\.com$ > > > RewriteRule ^/(.*) https://server.lbg.com:8443/$1 > > <https://server.lbg.com:8443/$1> [L] > > > > > > # Redirect anything that isn't already going to /towl > > > # to go to /towl > > > RewriteCond %{REQUEST_URI} !^/towl > > > RewriteRule ^/(.*) https://server.lbg.com:8443/towl/$1 > > <https://server.lbg.com:8443/towl/$1> [L] > > > > 5) restarted tomcat > > 6) can access all the urls https://server.lbg.com:8443 > > <https://server.lbg.com:8443>, https://server.lbg.com > > <https://server.lbg.com>, https://server.lbg.com:8443/towl > > <https://server.lbg.com:8443/towl>, https://server.lbg.com/towl > > <https://server.lbg.com/towl> > > https://example.lbg.com:8443 <https://example.lbg.com:8443>, > > https://example.lbg.com <https://example.lbg.com>, > > https://example.lbg.com:8443/towl <https://example.lbg.com:8443/towl>, > > https://example.lbg.com/towl <https://example.lbg.com/towl> > > > > Unfortunately aliasing still doesnot work https://example.lbg.com > > <https://example.lbg.com> --> https://server.lbg.com:8443/towl > > <https://server.lbg.com:8443/towl> and many urls works > > The "aliasing" will always be weird. IMO it's better to redirect. If you > change to redirect, does everything *work*, even if you don't like how > the browser's URL bar displays? > > -chris > > > On Tue, May 14, 2024 at 11:38 PM Christopher Schultz > > <ch...@christopherschultz.net <mailto:ch...@christopherschultz.net>> > wrote: > > > > Lavanya, > > > > On 5/14/24 15:11, lavanya tech wrote: > > > You are right. We need aliasing here which means the URL in the > > browser > > > does not change. > > > May I know where should I put the below rewrite files ? > > > > > > # Redirect everything that is not server.lbg.com > > <http://server.lbg.com> to > > > # server.lbg.com <http://server.lbg.com>. Don't worry about /towl > > yet. > > > RewriteCond %{HTTP_HOST} !^server\.lbg\.com$ > > > RewriteRule ^/(.*) https://server.lbg.com:8443/$1 > > <https://server.lbg.com:8443/$1> [R=301,L] > > > > > > # Redirect anything that isn't already going to /towl > > > # to go to /towl > > > RewriteCond %{REQUEST_URI} !^/towl > > > RewriteRule ^/(.*) https://server.lbg.com:8443/towl/$1 > > <https://server.lbg.com:8443/towl/$1> [R=301,L] > > > > AIUI, you can put all of the above in conf/rewrite.config and > configure > > the <Valve> under your <Host> just as you had it before. > > > > If you want aliasing and not redirection, then you don't want the [R] > > flag. IMO, you should really do a redirect. If you don't, then the > > application and the browser disagree about the base URL and all > > kinds of > > things like that. > > > > -chris > > > > > On Tuesday, May 14, 2024, Christopher Schultz > > <ch...@christopherschultz.net <mailto:ch...@christopherschultz.net>> > > > wrote: > > > > > >> Lavanya, > > >> > > >> On 5/14/24 09:12, lavanya tech wrote: > > >> > > >>> IMHO removing the port number is always the preferred solution > > — I never > > >>>> did it > > >>>> > > >>>> > > >>>>> can we achieve this with tomcat or we need to setup an > > reverse proxy > > >>>>> here. > > >>>>> > > >>>>> > > >>>> Your application uses whatever internal URLs it wants. Are you > > building > > >>>> those yourself, or are you asking Tomcat for the e.g. > > hostname, etc.? If > > >>>> it's Tomcat, this is where the proxyName and proxyPort come in. > > >>>> > > >>> > > >>> - Yes, I have not built these UrLs before. It’s was working > > from the > > >>> very > > >>> beginning. As. I mentioned we are not able to reach goal or > > whatever. > > >>> > > >>> Rather than saying redirection, I would say it’s aliasing. > > >>> > > >> > > >> Please be specific. "Aliasing" (to me) means "the URL does to > > the right > > >> place but doesn't change in the browser's URL" and "redirection" > (to > > >> everybody) means "HTTP 301 or 302 response to a new URL". > > >> > > >> Instead of moving applications or changing tomcat configuration > > it’s easier > > >>> to achieve with reverse proxy ? > > >>> > > >>> https://example.lbg.com/ <https://example.lbg.com/> to > > https://server.lbg.com:8443/towl <https://server.lbg.com:8443/towl> > > >>> > > >> > > >> This will be a nightmare. Do not try to rewrite URLs using a > reverse > > >> proxy. You should redirect users to the right place if > > necessary. You can > > >> use a reverse-proxy if you want, but it won't be any less > > complicated than > > >> having Tomcat do it. > > >> > > >> I think your rewrite.config file just needs a few tweaks: > > >> > > >> # Redirect everything that is not server.lbg.com > > <http://server.lbg.com> to > > >> # server.lbg.com <http://server.lbg.com>. Don't worry about > > /towl yet. > > >> RewriteCond %{HTTP_HOST} !^server\.lbg\.com$ > > >> RewriteRule ^/(.*) https://server.lbg.com:8443/$1 > > <https://server.lbg.com:8443/$1> [R=301,L] > > >> > > >> # Redirect anything that isn't already going to /towl > > >> # to go to /towl > > >> RewriteCond %{REQUEST_URI} !^/towl > > >> RewriteRule ^/(.*) https://server.lbg.com:8443/towl/$1 > > <https://server.lbg.com:8443/towl/$1> [R=301,L] > > >> > > >> The application should be deployed as towl.war (or towl/ > > directory). You > > >> should listen on ports 80, 443, and 8443, and you should always > > end up at > > >> the right place. You should have proxyPort="8443" and proxyName=" > > >> server.lbg.com <http://server.lbg.com>" in your <Connector>. > > >> > > >> You will not need a ROOT context, since the rewrite will take > > care of that > > >> for you. > > >> > > >> -chris > > >> > > >> On Mon, May 13, 2024 at 10:17 PM lavanya tech > > <lavanyatech...@gmail.com <mailto:lavanyatech...@gmail.com>> > > >>>> wrote: > > >>>> > > >>>> Hi Chris, > > >>>> > > >>>> Sorry, If I did confuse. It’s important that > > >>>> https://server.lbg.com:8443/towl > > <https://server.lbg.com:8443/towl> is always working. Goal is not to > > >>>> disable /towl, but just redirect or aliasing > > >>>> > > >>>> https//example.lbg.com/ <http://example.lbg.com/> to > > https://server.lbg.com:8443/towl <https://server.lbg.com:8443/towl> > > >>>> > > >>>> > > >>>> > > >>>> > > >>>> Thanks, > > >>>> Lavanya > > >>>> > > >>>> On Monday, May 13, 2024, Christopher Schultz < > > >>>> ch...@christopherschultz.net <mailto: > ch...@christopherschultz.net> > > >>>> > > >>>>> > > >>>>> wrote: > > >>>> > > >>>> Lavanya, > > >>>> > > >>>> On 5/13/24 05:57, lavanya tech wrote: > > >>>> > > >>>> Somehow made it work now i can only access urls as you > > mentioned before > > >>>> https://example.lbg.com <https://example.lbg.com> and > > https://server.lbg.com <https://server.lbg.com> with port 8443 and > > >>>> with > > >>>> out > > >>>> > > >>>> https://example.lbg.com/towl <https://example.lbg.com/towl> > > and https://server.lbg.com/towl <https://server.lbg.com/towl> --> I > > >>>> have an > > >>>> error now File not found. > > >>>> > > >>>> So i think we need to make work https://example.lbg.com/ > > <https://example.lbg.com/> to > > >>>> https://server.lbg.com/towl <https://server.lbg.com/towl> > > >>>> > > >>>> > > >>>> I'm sorry, I'm still confused as to which way you want things. > > >>>> > > >>>> Do you want to redirect /towl -> / or do you want to redirect > > / - > > > >>>> /towl? > > >>>> > > >>>> Or does it depend upon the hostname? It would really be better > > if you > > >>>> could settle on one specific beahvior. > > >>>> > > >>>> -chris > > >>>> > > >>>> On Mon, May 13, 2024 at 9:41 AM lavanya tech > > <lavanyatech...@gmail.com <mailto:lavanyatech...@gmail.com>> > > >>>> > > >>>> wrote: > > >>>> > > >>>> Hi Chris, > > >>>> > > >>>> > > >>>> Where are you defining the RewriteValve itself? > > >>>> > > >>>> Defined rewritevalve here > > >>>> <Host name="localhost" appBase="webapps" > > >>>> unpackWARs="true" autoDeploy="true"> > > >>>> > > >>>> <Valve > > >>>> className="org.apache.catalina.valves.rewrite.RewriteValve" /> > > >>>> resource="conf/rewrite.config" /> > > >>>> > > >>>> 2) reated rewrite.config and added as below under conf/ > > >>>> > > >>>> RewriteCond %{REQUEST_URI} ^/towl/(.*) > > >>>> RewriteRule ^/towl/(.*) https://example.lbg.com/%1 > > <https://example.lbg.com/%1> [R] > > >>>> > > >>>> 3) After renaming towl to ROOT -> > > /webapps/ROOT/WEB-INF/web.xml ( I > > >>>> already have this mappings /* in web.xml file) > > >>>> > > >>>> <security-constraint> > > >>>> <web-resource-collection> > > >>>> <web-resource-name>Logging Area</web-resource-name> > > >>>> <description> > > >>>> Authentication for registered users. > > >>>> </description> > > >>>> <url-pattern>/*</url-pattern> > > >>>> <url-pattern>/api/v1/search</url-pattern> <!-- > > protect search > > >>>> endpoint whitelisted above --> > > >>>> <url-pattern>/api/v1/suggest/*</url-pattern> <!-- > > protect > > >>>> suggest > > >>>> endpoint whitelisted above --> > > >>>> </web-resource-collection> > > >>>> <auth-constraint> > > >>>> <role-name>LDAP_USER</role-name> > > >>>> <role-name>api</role-name> > > >>>> </auth-constraint> > > >>>> </security-constraint> > > >>>> > > >>>> 4) Restarted Tomcat, Then I cannot access > > >>>> https://server.lbg.com:8443/towl > > <https://server.lbg.com:8443/towl> > > >>>> --> Have below error > > >>>> > > >>>> Message java.nio.file.NoSuchFileException: > > >>>> > /git/apache-tomcat-10.1.11/webapps/towl/WEB-INF/lib/xss-1.0.8.jar > > >>>> > > >>>> Description The server encountered an unexpected condition that > > >>>> prevented > > >>>> it from fulfilling the request. > > >>>> > > >>>> 5) Also https://example.lbg.com <https://example.lbg.com> > > doesnot work anymore > > >>>> > > >>>> Before you do anything with redirecting, can you just make > > sure you are > > >>>> only deploying ROOT.war and nothing else? > > >>>> How can I do that. I already changed towl.war to > ROOT.war > > >>>> > > >>>> But still both the urls have error as mentioned above. > > >>>> > > >>>> > > >>>> Si I revereted back the changes. > > >>>> That's weird. Try stopping, deleting the work/ directory and > > restarting. > > >>>> --> I have this wierd behavior for some reason, thoudh > > index.jsp is > > >>>> located > > >>>> no changes were made to file. After deleting cookies url works > > >>>> > > >>>> where Am I going wrong. > > >>>> > > >>>> Thanks, > > >>>> Lavanya > > >>>> > > >>>> > > >>>> On Fri, May 10, 2024 at 6:50 PM Christopher Schultz < > > >>>> ch...@christopherschultz.net > > <mailto:ch...@christopherschultz.net>> wrote: > > >>>> > > >>>> Lavanya, > > >>>> > > >>>> > > >>>> On 5/10/24 04:37, lavanya tech wrote: > > >>>> > > >>>> I tried the below and have the issues. > > >>>> > > >>>> 1)proxyPort="443" and proxyName="example.lbg.com > > <http://example.lbg.com>" to the connector > > >>>> 2) remanmed towl.war to ROOT.war > > >>>> 3) created rewrite.config and added as below under conf/ > > >>>> > > >>>> > > >>>> Where are you defining the RewriteValve itself? > > >>>> > > >>>> RewriteCond %{REQUEST_URI} ^/towl/(.*) > > >>>> > > >>>> RewriteRule ^/towl/(.*) https://example.lbg.com/%1 > > <https://example.lbg.com/%1> [R] > > >>>> > > >>>> > > >>>> If this is being handled by the ROOT servlet then I think it's > > right. > > >>>> > > >>>> 4) added this in web.xml file of /webapps/towl/web.xml/ > > >>>> > > >>>> > > >>>> <!-- Servlet mappings --> > > >>>> <!-- Add your existing servlet mappings here --> > > >>>> > > >>>> <!-- Security constraint to restrict access to /towl > > path --> > > >>>> <security-constraint> > > >>>> <web-resource-collection> > > >>>> <web-resource-name>Restricted Access to > > >>>> /towl</web-resource-name> > > >>>> <url-pattern>/towl/*</url-pattern> > > >>>> > > >>>> > > >>>> No, this is wrong. Since this is the "towl" application and > > not ROOT, > > >>>> you want to map /* and not /towl/* because the application > > will never > > >>>> see the /towl/ as it's an application/context prefix that > > Tomcat will > > >>>> remove. > > >>>> > > >>>> </web-resource-collection> > > >>>> > > >>>> <auth-constraint> > > >>>> <!-- Deny access to all roles --> > > >>>> </auth-constraint> > > >>>> </security-constraint> > > >>>> > > >>>> Also I noticed that even if I rename the towl application to > ROOT, > > >>>> when > > >>>> > > >>>> i > > >>>> > > >>>> call the url with https://example.lbg.com/towl > > <https://example.lbg.com/towl> --> this towl > > >>>> directory > > >>>> > > >>>> is > > >>>> > > >>>> getting created under webapps by default > > >>>> > > >>>> > > >>>> If webapps/towl is being created, then it's happening for some > > other > > >>>> reason. Do you have anything under conf/Catalina/*/towl.xml > which > > >>>> points > > >>>> to a WAR file or something? If so, remove that. > > >>>> > > >>>> 5) Resarted tomcat and I have the below error and all the urls > > have the > > >>>> > > >>>> same issue > > >>>> > > >>>> Message org.apache.jasper.JasperException: > > >>>> java.lang.ClassNotFoundException: org.apache.jsp.index_jsp > > >>>> > > >>>> > > >>>> That's weird. Try stopping, deleting the work/ directory and > > >>>> restarting. > > >>>> > > >>>> Description The server encountered an unexpected condition that > > >>>> > > >>>> > > >>>> prevented > > >>>> > > >>>> it from fulfilling the request. > > >>>> > > >>>> Exception > > >>>> > > >>>> org.apache.jasper.JasperException: > > org.apache.jasper.JasperException: > > >>>> java.lang.ClassNotFoundException: org.apache.jsp.index_jsp > > >>>> > > >>>> > > >>>> org.apache.jasper.servlet.JspServletWrapper.handleJspException( > > >>>> JspServletWrapper.java:578) > > >>>> > > >>>> > > >>>> > > >>>> org.apache.jasper.servlet.JspServletWrapper.service( > > >>>> JspServletWrapper.java:422) > > >>>> > > >>>> > > >>>> > > > org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:380) > > >>>> > org.apache.jasper.servlet.JspServlet.service(JspServlet.java:328) > > >>>> jakarta.servlet.http.HttpServlet.service(HttpServlet.java:658) > > >>>> org.apache.tomcat.websocket.se > > <http://org.apache.tomcat.websocket.se> > > >>>> rver.WsFilter.doFilter(WsFilter.java:51) > > >>>> > > >>>> > > >>>> Before you do anything with redirecting, can you just make > > sure you are > > >>>> only deploying ROOT.war and nothing else? > > >>>> > > >>>> This should allow you to reach the application at both > > >>>> https://example.lbg.com/ <https://example.lbg.com/> and > > https://server.lbg.com/ <https://server.lbg.com/> as well as both > > >>>> of > > >>>> those with port 8443. > > >>>> > > >>>> Then use the applications and make sure they are working as > > expected. > > >>>> Then, we'll add the /towl handling. > > >>>> > > >>>> -chris > > >>>> > > >>>> On Thu, May 9, 2024 at 11:20 PM Christopher Schultz < > > >>>> > > >>>> ch...@christopherschultz.net > > <mailto:ch...@christopherschultz.net>> wrote: > > >>>> > > >>>> Lavanya, > > >>>> > > >>>> > > >>>> On 5/9/24 13:48, lavanya tech wrote: > > >>>> > > >>>> Thank you so much for your explanation. I will try these > options. > > >>>> > > >>>> Do server and example both resolve to the same IP? > > >>>> -yes > > >>>> > > >>>> > > >>>> Good, that significantly reduces the complexity required, > > since you > > >>>> can > > >>>> do it will a single process (Tomcat) in a single environment. > > >>>> > > >>>> So I need follow both 4a/b and 5a/b steps here or any of them ? > > >>>> > > >>>> > > >>>> If I setup exactly by using below steps , then I should access > > both > > >>>> > > >>>> the > > >>>> > > >>>> > > >>>> urls right ? https://server.lbg.com:8443/towl > > <https://server.lbg.com:8443/towl> and > > >>>> > > >>>> > > >>>> https://example.lbg.com <https://example.lbg.com> > > >>>> > > >>>> If you visit either hostname with /towl, you will be > redirected to > > >>>> example.lbg.com/ <http://example.lbg.com/> with no port > > number. example:8443 will still work > > >>>> and > > >>>> no redirect will take place... unless you specifically make > > >>>> > > >>>> arrangements > > >>>> > > >>>> > > >>>> for that. We can do that later if you really want to. > > >>>> > > >>>> > > >>>> Let's get the other things working, first. > > >>>> > > >>>> -chris > > >>>> > > >>>> On Thursday, May 9, 2024, Christopher Schultz < > > >>>> > > >>>> > > >>>> ch...@christopherschultz.net > > <mailto:ch...@christopherschultz.net>> > > >>>> > > >>>> wrote: > > >>>> > > >>>> Lavanya, > > >>>> > > >>>> > > >>>> On 5/9/24 02:58, lavanya tech wrote: > > >>>> > > >>>> Just giving background again of this topic again. > > >>>> > > >>>> > > >>>> 1) The application team who is working they wanted to access > the > > >>>> url > > >>>> https://server.lbg.com:8443/towl > > <https://server.lbg.com:8443/towl> —> which should redirect or > > >>>> point > > >>>> > > >>>> to > > >>>> > > >>>> > > >>>> https://example.lbg.com <https://example.lbg.com> > > >>>> > > >>>> > > >>>> Is that a typo? You want specifically > > https://server.lbg.com/towl <https://server.lbg.com/towl> > > >>>> > > >>>> and > > >>>> > > >>>> > > >>>> https://example.lbg.com/ <https://example.lbg.com/> to point > > to your application? > > >>>> > > >>>> — It’s not the Typo the requirements are > > still > > >>>> the > > >>>> > > >>>> same. > > >>>> > > >>>> > > >>>> > > >>>> > > >>>> Okay. > > >>>> > > >>>> Do server and example both resolve to the same IP? > > >>>> > > >>>> 2) Hence I added firewall rule to redirect port 443 to 8443. > And > > >>>> the > > >>>> > > >>>> url > > >>>> > > >>>> > > >>>> https://example.lbg.com <https://example.lbg.com> started > > working but its pointing to > > >>>> > > >>>> https://server.lbg.com:8443 <https://server.lbg.com:8443> > > indeed and not > > >>>> > > >>>> https://server.lbg.com:8443/to <https://server.lbg.com:8443/to > > > > >>>> > > >>>> > > >>>> wl > > >>>> > > >>>> > > >>>> But then they wanted the point 1 to have it. If I understood > > >>>> > > >>>> correctly. So > > >>>> > > >>>> > > >>>> basically to achieve this we wanted a reverse proxy setup ? > > >>>> > > >>>> > > >>>> I didnot define any additional host in server.xml file on just > > >>>> left > > >>>> > > >>>> to > > >>>> > > >>>> > > >>>> default to local host. > > >>>> > > >>>> > > >>>> > > >>>> Here's what you have to do in order to support this odd > > >>>> > > >>>> configuration. > > >>>> > > >>>> > > >>>> > > >>>> 1. Configure your firewall to route port 443 -> 8443. I suspect > > >>>> this > > >>>> > > >>>> is > > >>>> > > >>>> > > >>>> already done. > > >>>> > > >>>> > > >>>> 2. Deploy Tomcat on server.lbg.com <http://server.lbg.com> > > with a <Connector> on port > > >>>> 8443. > > >>>> > > >>>> This > > >>>> > > >>>> > > >>>> is the default, so there shouldn't be anything to do. I > > suspect this > > >>>> > > >>>> > > >>>> is > > >>>> > > >>>> > > >>>> already done. You should set proxyPort="443" and proxyName=" > > >>>> > > >>>> example.lbg.com <http://example.lbg.com>" in your <Connector>. > > This will ensure that any > > >>>> URLs > > >>>> generated by Tomcat or your application will point to > > >>>> https://example.lbg.com/ <https://example.lbg.com/> and not to > > server.lbg.com <http://server.lbg.com> or have a port > > >>>> > > >>>> number > > >>>> > > >>>> > > >>>> or whatever. > > >>>> > > >>>> > > >>>> 3. Re-name your application directory or WAR file from towl -> > > ROOT > > >>>> > > >>>> (upper > > >>>> > > >>>> > > >>>> case is important). So if you have tomcat/webapps/towl re-name > > that > > >>>> > > >>>> > > >>>> to > > >>>> > > >>>> > > >>>> tomcat/webapps/ROOT or if you have tomcat/webapps/towl.war > re-name > > >>>> > > >>>> > > >>>> that > > >>>> > > >>>> > > >>>> to > > >>>> > > >>>> > > >>>> tomcat/webapps/ROOT.war. > > >>>> > > >>>> > > >>>> The last thing to do is get /towl to re-direct to /. There are > a > > >>>> few > > >>>> > > >>>> ways > > >>>> > > >>>> > > >>>> of doing that. > > >>>> > > >>>> > > >>>> 4a. Configure your application (now called ROOT and deployed > on / > > >>>> and > > >>>> > > >>>> not > > >>>> > > >>>> > > >>>> /towl anymore) to handle the /towl URL and specifically > redirect > > >>>> > > >>>> this > > >>>> > > >>>> back > > >>>> > > >>>> > > >>>> to /. This is oddly specific and has the application trying to > > >>>> > > >>>> > > >>>> redirect > > >>>> > > >>>> > > >>>> to > > >>>> > > >>>> > > >>>> itself which is weird. > > >>>> > > >>>> > > >>>> 4b. Create a new application called towl or towl.war which > will be > > >>>> deployed on /towl and have THAT redirect to /. I think this is > > >>>> > > >>>> cleaner > > >>>> > > >>>> > > >>>> because you can call the application anything you'd like and > > it will > > >>>> > > >>>> > > >>>> still > > >>>> > > >>>> > > >>>> work. You don't have to match URL patterns yourself, you just > > >>>> > > >>>> re-name > > >>>> > > >>>> the > > >>>> > > >>>> > > >>>> WAR file if you suddenly want to use /towl2 instead of /towl. > > >>>> > > >>>> > > >>>> There are several ways to redirect. > > >>>> > > >>>> 5a. Use the rewrite valve and map /(*) to (global redirect) > /\1. A > > >>>> > > >>>> few > > >>>> > > >>>> > > >>>> notes: (1) the (*) means "capture this string" and \1 means > > "put the > > >>>> > > >>>> > > >>>> string > > >>>> > > >>>> > > >>>> back. This allows you to redirect /towl/foo/bar to /foo/bar > > instead > > >>>> > > >>>> > > >>>> of > > >>>> > > >>>> > > >>>> losing the /foo/bar. This syntax may not be perfect, adapt it > > to your > > >>>> > > >>>> needs. (2) Remember that the towl application is deployed on > /towl > > >>>> so > > >>>> > > >>>> you > > >>>> > > >>>> > > >>>> don't want to redirect /towl/foo/bar you only want redirect > > /foo/bar > > >>>> > > >>>> > > >>>> since > > >>>> > > >>>> > > >>>> the URL will be relative to the current context (/towl). Got > that? > > >>>> > > >>>> > > >>>> Finally, > > >>>> > > >>>> > > >>>> (3) you need to use a global redirect that does *NOT* redirect > > back > > >>>> > > >>>> > > >>>> to > > >>>> > > >>>> > > >>>> the > > >>>> > > >>>> > > >>>> /towl application. Normally, if you redirect to /foo you'll > get an > > >>>> > > >>>> application-relative redirect from something like a rewrite > > >>>> valve/filter/whatever. Take care to redirect relative to the > > SERVER > > >>>> > > >>>> and > > >>>> > > >>>> > > >>>> not > > >>>> > > >>>> > > >>>> to the application. > > >>>> > > >>>> > > >>>> 5b. Write your own servlet to do a specific redirect. > > >>>> > > >>>> I hope that helps, > > >>>> -chris > > >>>> > > >>>> On Wednesday, May 8, 2024, Christopher Schultz < > > >>>> > > >>>> ch...@christopherschultz.net > > <mailto:ch...@christopherschultz.net>> > > >>>> wrote: > > >>>> > > >>>> Lavanya, > > >>>> > > >>>> > > >>>> On 5/8/24 06:48, lavanya tech wrote: > > >>>> > > >>>> I figured out how I can it make it work with 443. Now the URls > > >>>> are > > >>>> > > >>>> working. > > >>>> I added iptables route 443 to 8443 and it started working. > > >>>> > > >>>> nslookup example.lbg.com <http://example.lbg.com> > > >>>> > > >>>> Non-authoritative answer: > > >>>> Name: server.lbg.com <http://server.lbg.com> > > >>>> Address: 192.168.200.105 > > >>>> Aliases: example.lbg.com <http://example.lbg.com> > > >>>> > > >>>> > > >>>> I have some application towl running with apache tomcat. I have > > >>>> > > >>>> the > > >>>> > > >>>> > > >>>> below > > >>>> > > >>>> URLs working. > > >>>> > > >>>> https://server.lbg.com:8443/towl > > <https://server.lbg.com:8443/towl> > > >>>> https://server.lbg.com <https://server.lbg.com> > > >>>> https://example.lbg.com <https://example.lbg.com> > > >>>> https://example.lbg.com/towl <https://example.lbg.com/towl> > > >>>> > > >>>> > > >>>> Now i wanted to disable the url https://example.lbg.com/towl > > <https://example.lbg.com/towl> > > >>>> and > > >>>> https://server.lbg.com <https://server.lbg.com> and access > > only the other remaining two. > > >>>> > > >>>> > > >>>> > > >>>> > > >>>> > > >>>> I would *highly* recommend that you pick either /towl or / and > not > > >>>> > > >>>> > > >>>> try to > > >>>> > > >>>> > > >>>> do both, unless you want to deploy the application twice > (which is > > >>>> > > >>>> > > >>>> fine, > > >>>> > > >>>> > > >>>> just deploy towl.war and ROOT.war as copies of each other). If > you > > >>>> > > >>>> > > >>>> try to > > >>>> > > >>>> > > >>>> re-write /towl to / or / to /towl, you'll find you spend the > rest > > >>>> > > >>>> > > >>>> of > > >>>> > > >>>> > > >>>> your > > >>>> > > >>>> > > >>>> days tracking-down edge-cases and "fixing" them -- likely > making > > >>>> > > >>>> > > >>>> things > > >>>> > > >>>> > > >>>> confusing and, probably, worse. > > >>>> > > >>>> > > >>>> In the end our goal to makesure that the links are not always > > >>>> > > >>>> dead as > > >>>> > > >>>> > > >>>> soon > > >>>> > > >>>> > > >>>> as the towl is moved to a new machine. Can you pelase assit me > > >>>> > > >>>> how > > >>>> > > >>>> to do > > >>>> > > >>>> > > >>>> that? > > >>>> > > >>>> > > >>>> > > >>>> The goal should be that "moving" the application only means > > >>>> > > >>>> > > >>>> changing > > >>>> > > >>>> > > >>>> DNS > > >>>> > > >>>> > > >>>> and everything else works as expected. > > >>>> > > >>>> > > >>>> If you: > > >>>> > > >>>> 1. Deploy the application with a single context (e.g. /towl, > > >>>> which > > >>>> > > >>>> I > > >>>> > > >>>> > > >>>> recommend) > > >>>> > > >>>> > > >>>> 2. Re-direct / to /towl (this requires a reverse-proxy or a > ROOT > > >>>> application that does nothing but redirect ; my personal > > >>>> > > >>>> preference) > > >>>> > > >>>> > > >>>> > > >>>> 3. Do not define any <Host> other than "localhost" and make it > > >>>> the > > >>>> default. Do not bother with any <Alias> elements since they are > > >>>> not > > >>>> necessary. > > >>>> > > >>>> Moving the application should only require that you: > > >>>> > > >>>> 4. Deploy the same application with the same configuration in > the > > >>>> > > >>>> new > > >>>> > > >>>> > > >>>> location > > >>>> > > >>>> > > >>>> 5. Change DNS to point example.lbg.com > > <http://example.lbg.com> and server.lbg.com <http://server.lbg.com> > > to the > > >>>> > > >>>> new > > >>>> > > >>>> > > >>>> location of the service > > >>>> > > >>>> > > >>>> Hope that helps, > > >>>> -chris > > >>>> > > >>>> On Tue, Apr 30, 2024 at 5:44 PM Christopher Schultz < > > >>>> ch...@christopherschultz.net > > <mailto:ch...@christopherschultz.net>> wrote: > > >>>> > > >>>> Lavanya, > > >>>> > > >>>> On 4/30/24 07:10, lavanya tech wrote: > > >>>> > > >>>> Can you tell me how to do the below ? How should I setup Tomcat > > >>>> in > > >>>> server.xml ? > > >>>> > > >>>> > > >>>> If you want to use port 443 (the default port for HTTPS) then > you > > >>>> > > >>>> will > > >>>> > > >>>> > > >>>> need to change Tomcat to bind to port 443 (if that's allowed on > > >>>> > > >>>> > > >>>> your > > >>>> > > >>>> > > >>>> OS) > > >>>> > > >>>> > > >>>> or arrange to have port 443 routed to port 8443. You may need > > >>>> > > >>>> > > >>>> additional > > >>>> > > >>>> > > >>>> configuration in Tomcat (specifically: proxyPort) to avoid > having > > >>>> > > >>>> > > >>>> Tomcat > > >>>> > > >>>> > > >>>> generate URLs with ":8443" in them. > > >>>> > > >>>> > > >>>> Looking forward to your reply. > > >>>> > > >>>> > > >>>> If Tomcat is listening on port 8443 then you will need to > include > > >>>> > > >>>> that > > >>>> > > >>>> > > >>>> in your URL, period. If you want to allow URLs without a port > > >>>> > > >>>> > > >>>> number, > > >>>> > > >>>> > > >>>> you will have to arrange to have something listening on port > 443. > > >>>> > > >>>> > > >>>> On Windows, Tomcat can listen directly on port 443. On UNIX and > > >>>> UNIX-like systems, you won't be able to do this without running > > >>>> > > >>>> Tomcat > > >>>> > > >>>> > > >>>> as root WHICH YOU ABSOLUTELY SHOULD NOT DO. > > >>>> > > >>>> > > >>>> There are other ways to get port 443 working, but I'll need to > > >>>> know > > >>>> > > >>>> more > > >>>> > > >>>> > > >>>> about your environment. The port issue is "easier" than > figuring > > >>>> > > >>>> > > >>>> out > > >>>> > > >>>> > > >>>> whatever is going on with your DNS, aliases, etc. so I would > > >>>> > > >>>> > > >>>> recommend > > >>>> > > >>>> > > >>>> we fix one thing at a time. > > >>>> > > >>>> > > >>>> -chris > > >>>> > > >>>> On Mon, Apr 29, 2024 at 2:03 PM lavanya tech < > > >>>> > > >>>> lavanyatech...@gmail.com <mailto:lavanyatech...@gmail.com>> > > >>>> > > >>>> > > >>>> wrote: > > >>>> > > >>>> > > >>>> Hi Chris, > > >>>> > > >>>> There is no issues with browser, because I tested with > different > > >>>> > > >>>> browsers > > >>>> > > >>>> and it all works fine. I am sure that there is no issue with > the > > >>>> certificate. > > >>>> Because I was able to establish successful > connections > > >>>> with > > >>>> > > >>>> port > > >>>> > > >>>> > > >>>> > > >>>> 8443, it > > >>>> > > >>>> just doesnot work with out port > > >>>> > > >>>> curl https://example.lbg.com/towl > > <https://example.lbg.com/towl> > > >>>> curl: (56) Received HTTP code 504 from proxy after CONNECT > > >>>> curl: (56) Received HTTP code 504 from proxy after CONNECT > > >>>> > > >>>> > > >>>> If you want to use port 443 (the default port for HTTPS) then > you > > >>>> > > >>>> will > > >>>> > > >>>> > > >>>> need to change Tomcat to bind to port 443 (if that's allowed on > > >>>> > > >>>> > > >>>> your > > >>>> > > >>>> > > >>>> OS) > > >>>> > > >>>> > > >>>> or arrange to have port 443 routed to port 8443. You may need > > >>>> > > >>>> > > >>>> additional > > >>>> > > >>>> > > >>>> configuration in Tomcat (specifically: proxyPort) to avoid > having > > >>>> > > >>>> > > >>>> Tomcat > > >>>> > > >>>> > > >>>> generate URLs with ":8443" in them. > > >>>> > > >>>> > > >>>> <Connector port="443" protocol="HTTP/1.1" > > >>>> connectionTimeout="20000" > > >>>> redirectPort="8443" > > >>>> maxThreads="150" > > >>>> scheme="https" secure="true" > SSLEnabled="true" > > >>>> keystoreFile="path_to_your_keystore_file" > > >>>> keystorePass="your_keystore_password" > > >>>> keystoreType="PKCS12" > > >>>> clientAuth="false" sslProtocol="TLS" > > >>>> proxyPort="443"/> > > >>>> > > >>>> should i use connect port like the above ? But you mentioned > > >>>> > > >>>> before > > >>>> > > >>>> > > >>>> we > > >>>> > > >>>> > > >>>> dont need any configuration changes. Please clarify I am not > able > > >>>> > > >>>> > > >>>> to > > >>>> > > >>>> > > >>>> > > >>>> figure > > >>>> > > >>>> this out and I have this issue many days pending. How to make > it > > >>>> > > >>>> work > > >>>> > > >>>> > > >>>> > > >>>> with > > >>>> > > >>>> port 8443 and with out port > > >>>> > > >>>> Also I wanted to use weburl with alias name permanently instead > > >>>> of > > >>>> > > >>>> the > > >>>> > > >>>> > > >>>> hostname. How can I achieve both > > >>>> > > >>>> > > >>>> Thanks, > > >>>> Lavanya > > >>>> > > >>>> > > >>>> --> > > >>>> > > >>>> > > >>>> On Fri, Apr 26, 2024 at 9:28 PM Christopher Schultz < > > >>>> ch...@christopherschultz.net > > <mailto:ch...@christopherschultz.net>> wrote: > > >>>> > > >>>> Lavanya, > > >>>> > > >>>> On 4/25/24 07:24, lavanya tech wrote: > > >>>> > > >>>> Hi Chris, > > >>>> > > >>>> One question / doubt: > > >>>> > > >>>> As I mentioned earlier, the below URLS already working in the > > >>>> > > >>>> browser > > >>>> > > >>>> > > >>>> > > >>>> https://server.lbg.com:8443/towl > > <https://server.lbg.com:8443/towl> > > >>>> https://example.lbg.com:8443/towl > > <https://example.lbg.com:8443/towl> -> redirect ( which means > > >>>> when I > > >>>> > > >>>> hit in > > >>>> > > >>>> browser) it points to https://server.lbg.com:8443/towl > > <https://server.lbg.com:8443/towl> ---> To > > >>>> be > > >>>> > > >>>> frank, > > >>>> > > >>>> even I donot need redirect here, not sure why it redirects. > > >>>> > > >>>> My question is why its working even though SAN is not > registered > > >>>> > > >>>> with > > >>>> > > >>>> > > >>>> > > >>>> the > > >>>> > > >>>> certificate ? It doesnot even throw warning in the browser. > > >>>> > > >>>> > > >>>> I'm not sure. Is it possible you have dismissed this error in > the > > >>>> > > >>>> past > > >>>> > > >>>> > > >>>> and the browser is remembering that? Try this with a different > web > > >>>> > > >>>> browser or maybe with curl from the command-line to see what > > >>>> > > >>>> happens. > > >>>> > > >>>> > > >>>> > > >>>> Why https://server.lbg.com/towl <https://server.lbg.com/towl> > > or https://example.lbg.com/towl <https://example.lbg.com/towl> > > >>>> > > >>>> --> > > >>>> > > >>>> > > >>>> > > >>>> How it > > >>>> > > >>>> should work with New SAN certificate ? > > >>>> > > >>>> > > >>>> You don't need to worry about the port number or application > > >>>> name, > > >>>> > > >>>> only > > >>>> > > >>>> > > >>>> the hostname is a part of the SAN. > > >>>> > > >>>> > > >>>> -chris > > >>>> > > >>>> On Thu, Apr 25, 2024 at 10:16 AM lavanya tech < > > >>>> > > >>>> lavanyatech...@gmail.com <mailto:lavanyatech...@gmail.com> > > >>>> > > >>>> > > >>>> wrote: > > >>>> > > >>>> Hi Chris, > > >>>> > > >>>> > > >>>> Thanks I will request new certificate with SANs and I will try > to > > >>>> > > >>>> fix > > >>>> > > >>>> > > >>>> > > >>>> the > > >>>> > > >>>> things from our end. > > >>>> > > >>>> Best Regards, > > >>>> Lavanya > > >>>> > > >>>> On Wed, Apr 24, 2024 at 11:12 PM Christopher Schultz < > > >>>> ch...@christopherschultz.net > > <mailto:ch...@christopherschultz.net>> wrote: > > >>>> > > >>>> Lavanya, > > >>>> > > >>>> On 4/24/24 15:39, lavanya tech wrote: > > >>>> > > >>>> Local host means the machine i am logged in to server.lbg.com > > <http://server.lbg.com> > > >>>> > > >>>> You are right, example.lbg.com <http://example.lbg.com> is > > CNAME record. > > >>>> > > >>>> > > >>>> Okay, thanks for clearing that up. > > >>>> > > >>>> I dont have any SAN configured for the certificate. The > > >>>> certificate > > >>>> > > >>>> is > > >>>> > > >>>> requested for only server.lbg.com <http://server.lbg.com> > > >>>> > > >>>> > > >>>> You will never be able to make a secure request to anything > other > > >>>> > > >>>> than > > >>>> > > >>>> server.lbg.com <http://server.lbg.com> without seeing an > > error. I highly recommend > > >>>> adding > > >>>> > > >>>> the > > >>>> > > >>>> other hostname as a SAN to your certificate if you really want > to > > >>>> support this. > > >>>> > > >>>> Even if you wanted https://example.lbg.com/whatever > > <https://example.lbg.com/whatever> to return an > > >>>> > > >>>> HTTP > > >>>> > > >>>> 302 redirect to https://server.lbg.com/whatever > > <https://server.lbg.com/whatever>, the user would > > >>>> > > >>>> see a > > >>>> > > >>>> certificate hostname mismatch error which is ugly. It's best to > > >>>> > > >>>> make > > >>>> > > >>>> > > >>>> > > >>>> it > > >>>> > > >>>> work without users seeing ugly things. > > >>>> > > >>>> So if i just request new certificate with SAN it should work ? > If > > >>>> > > >>>> yes, I > > >>>> > > >>>> will request for it and follow your steps as below suggested. > > >>>> > > >>>> > > >>>> Yes, it should. > > >>>> > > >>>> Should i use CName record or DNS? Does it make difference? > > >>>> > > >>>> > > >>>> CNAME *is* DNS. > > >>>> > > >>>> Whenever possible, use hostnames and not IP addresses as SANs. > > >>>> It's > > >>>> > > >>>> more > > >>>> > > >>>> flexible that way, and users get to see hostnames instead of IP > > >>>> > > >>>> addresses. > > >>>> > > >>>> > > >>>> -chris > > >>>> > > >>>> On Wednesday, April 24, 2024, Christopher Schultz < > > >>>> ch...@christopherschultz.net > > <mailto:ch...@christopherschultz.net>> wrote: > > >>>> > > >>>> Lavanya, > > >>>> > > >>>> On 4/24/24 07:37, lavanya tech wrote: > > >>>> > > >>>> Sorry I understood wrongly here with regards to my environment, > > >>>> > > >>>> Let me > > >>>> > > >>>> start from the beginning. I donot want to use redirect at all. > I > > >>>> > > >>>> simply > > >>>> > > >>>> wanted to force apache tomcat to use both localhost and dns > name > > >>>> > > >>>> of > > >>>> > > >>>> the > > >>>> > > >>>> localhost via url. > > >>>> > > >>>> > > >>>> When you say "force" what do you mean? > > >>>> > > >>>> When you say "use both localhost and DNS name" what do you > mean? > > >>>> > > >>>> When you say "localhost" do you mean 127.0.0.1 or "the machine > > >>>> I'm > > >>>> logged-into right now"? > > >>>> > > >>>> I have DNS resollution as below. > > >>>> > > >>>> > > >>>> server.lbg.com <http://server.lbg.com> --> localhost > > >>>> > > >>>> > > >>>> Is that a CNAME record? > > >>>> > > >>>> nslookup server.lbg.com <http://server.lbg.com> (localhost) > > >>>> > > >>>> Name: server.lbg.com <http://server.lbg.com> > > >>>> Address: 192.168.100.20 > > >>>> alias: example.lbg.com <http://example.lbg.com> > > >>>> > > >>>> > > >>>> That's a weird DNS response. The DNS name "localhost" should > > >>>> > > >>>> *always* > > >>>> > > >>>> return 127.0.0.1 for IPv4 and ::1 for IPv6. It shouldn't return > > >>>> 191.168.100.20. > > >>>> > > >>>> We have working the below urls working: > > >>>> > > >>>> https://server.lbg.com:8443/towl > > <https://server.lbg.com:8443/towl> > > >>>> https://example.lbg.com:8443/towl > > <https://example.lbg.com:8443/towl> --> redirects to > > >>>> > > >>>> > > >>>> What do you mean "redirect"? Does it return a 30x response that > > >>>> > > >>>> causes > > >>>> > > >>>> the > > >>>> > > >>>> browser to make a new request to \/ > > >>>> > > >>>> https://server.lbg.com:8443/towl > > <https://server.lbg.com:8443/towl> --> still works --> we have > > >>>> SSL > > >>>> > > >>>> configured for the same but this SSL certificate doesnot have > > >>>> > > >>>> additional > > >>>> > > >>>> DNS setup. > > >>>> > > >>>> > > >>>> What SANs are in your certificate? How many certificates do you > > >>>> > > >>>> have? > > >>>> > > >>>> > > >>>> But I would need to somehow access https://example.lbg.com > > <https://example.lbg.com> --> > > >>>> > > >>>> which > > >>>> > > >>>> means > > >>>> I would need to access via 443 here ? > > >>>> > > >>>> > > >>>> I'm so confused. What needs to access what? > > >>>> > > >>>> I tried to adding the below to server.xml as below, but that > > >>>> > > >>>> doesnot > > >>>> > > >>>> seems > > >>>> > > >>>> to work. > > >>>> > > >>>> <Connector port="80" > > >>>> protocol="org.apache.coyote.http11.Http11NioProtocol" > > >>>> connectionTimeout="20000" > > >>>> redirectPort="443" /> > > >>>> > > >>>> > > >>>> This will only redirect (HTTP 302) requests to > > >>>> > > >>>> http://yourhost/anything <http://yourhost/anything> > > >>>> > > >>>> to https://yourhost/anything <https://yourhost/anything> *if > > the application specifically > > >>>> > > >>>> requests > > >>>> > > >>>> CONFIDENTIAL transport*. It doesn't just redirect everything by > > >>>> > > >>>> default. If > > >>>> > > >>>> you want it to redirect everything, you'll need to set that up > > >>>> > > >>>> e.g. > > >>>> > > >>>> using > > >>>> > > >>>> RewriteValve. There are other options, too. > > >>>> > > >>>> Do i need additional SSL certificate for the > > >>>> > > >>>> https://example.lbg.com <https://example.lbg.com> > > >>>> > > >>>> to > > >>>> > > >>>> make it work ? > > >>>> > > >>>> > > >>>> If you don't want your browser to complain, you will need at > > >>>> least > > >>>> > > >>>> one > > >>>> > > >>>> TLS > > >>>> > > >>>> certificate that contains every Subject Alternative Name (SAN) > > >>>> for > > >>>> > > >>>> every > > >>>> > > >>>> possible hostname you expect to use with this service. You ca > do > > >>>> > > >>>> it > > >>>> > > >>>> with > > >>>> > > >>>> multiple certificates as well, but a single cert with multiple > > >>>> > > >>>> SANs > > >>>> > > >>>> is > > >>>> > > >>>> less > > >>>> > > >>>> work. > > >>>> > > >>>> Do i need to set up an additional web server for this like > apache > > >>>> > > >>>> or > > >>>> > > >>>> nginx > > >>>> > > >>>> for redirecting requests? > > >>>> > > >>>> > > >>>> No. > > >>>> > > >>>> Please stop saying "redirect" because it sounds like you almost > > >>>> > > >>>> never > > >>>> > > >>>> mean > > >>>> > > >>>> "HTTP 30x redirect" and that's confusing everything. > > >>>> > > >>>> I *think* you only need the following: > > >>>> > > >>>> 1. A TLS certificate with the following SANs: > > >>>> > > >>>> * server.lbg.com <http://server.lbg.com> > > >>>> * example.lbg.com <http://example.lbg.com> > > >>>> * localhost (you shouldn't do this) > > >>>> > > >>>> 2. DNS configured for all hostnames: > > >>>> > > >>>> * server.lbg.com <http://server.lbg.com> -> A > > 192.168.100.20 > > >>>> * example.lgb.com <http://example.lgb.com> -> A > > 192.168.100.20 > > >>>> > > >>>> 3. Tomcat configured with a single <Host> which is the default > > >>>> > > >>>> virtual > > >>>> > > >>>> host. Note that this is the *default Tomcat configuration* and > > >>>> > > >>>> doesn't > > >>>> > > >>>> need > > >>>> > > >>>> to be changed from the default. > > >>>> > > >>>> 4. Tomcat configured with your certificate like this: > > >>>> > > >>>> <Connector ... > > >>>> SSLEnabled="true"> > > >>>> <SSLHostConfig> > > >>>> <Certificate > > >>>> certificateFile="/path/to/your/cert.crt" > > >>>> > > certificateKeyFile="/path/to/your/key.pem" /> > > >>>> <!-- You may need certificateKeyPassword in > > >>>> > > >>>> <Certificate> > > >>>> > > >>>> --> > > >>>> > > >>>> </SSLHostConfig> > > >>>> </Connector> > > >>>> > > >>>> If your SANs are configured properly, this should allow you to > > >>>> > > >>>> connect > > >>>> > > >>>> using any of these URLs: > > >>>> > > >>>> $ curl https://server.lbg.com/towl/login.jsp > > <https://server.lbg.com/towl/login.jsp> > > >>>> > > >>>> (returns login page) > > >>>> > > >>>> $ curl https://example.lbg.com/towl/login.jsp > > <https://example.lbg.com/towl/login.jsp> > > >>>> > > >>>> (returns login page) > > >>>> > > >>>> If your application's web.xml contains something like this: > > >>>> > > >>>> <security-constraint> > > >>>> <web-resource-collection> > > >>>> <web-resource-name>theapp</web-resource-name> > > >>>> <url-pattern>/*</url-pattern> > > >>>> </web-resource-collection> > > >>>> <user-data-constraint> > > >>>> > > >>>> <transport-guarantee>CONFIDENTIAL</transport-guarantee> > > >>>> > > >>>> > > >>>> </user-data-constraint> > > >>>> > > >>>> </security-constraint> > > >>>> > > >>>> ... then these URLs insecure HTTP URLs should redirect your > > >>>> > > >>>> clients: > > >>>> > > >>>> > > >>>> $ curl http://server.lbg.com/towl/login.jsp > > <http://server.lbg.com/towl/login.jsp> > > >>>> > > >>>> (returns HTTP 302 redirect to > > >>>> > > >>>> https://server.lbg.com/towl/login.jsp > > <https://server.lbg.com/towl/login.jsp> > > >>>> > > >>>> ) > > >>>> > > >>>> > > >>>> $ curl https://server.lbg.com/towl/login.jsp > > <https://server.lbg.com/towl/login.jsp> > > >>>> > > >>>> (returns HTTP 302 redirect to > > >>>> > > >>>> https://example.lbg.com/towl/login.jsp > > <https://example.lbg.com/towl/login.jsp>) > > >>>> > > >>>> > > >>>> I don't think you need any use of the RewriteValve unless you > > >>>> want > > >>>> > > >>>> to > > >>>> > > >>>> handle sending HTTP 302 redirect responses to insecure requests > > >>>> > > >>>> without > > >>>> > > >>>> specifying the CONFIDENTIAL transport-guarantee in your > > >>>> > > >>>> application's > > >>>> > > >>>> web.xml file. But I don't see any reason NOT to have that in > > >>>> > > >>>> there. > > >>>> > > >>>> > > >>>> -chris > > >>>> > > >>>> On Tue, Apr 23, 2024 at 10:52 PM Christopher Schultz < > > >>>> > > >>>> ch...@christopherschultz.net > > <mailto:ch...@christopherschultz.net>> wrote: > > >>>> > > >>>> Lavanya, > > >>>> > > >>>> > > >>>> On 4/22/24 05:21, lavanya tech wrote: > > >>>> > > >>>> Could you please explain, what you exactly mean ? So here > > >>>> > > >>>> redirect > > >>>> > > >>>> is > > >>>> > > >>>> > > >>>> not a > > >>>> > > >>>> solution right ? > > >>>> > > >>>> > > >>>> Redirecting is fine. > > >>>> > > >>>> Perhaps you should take a step back and decide: what do you > > >>>> > > >>>> actually > > >>>> > > >>>> want, here? You might be trying to solve problem X by applying > > >>>> > > >>>> solution > > >>>> > > >>>> Y, and you've already decided that solution Y is correct so you > > >>>> > > >>>> are > > >>>> > > >>>> trying to get help with that. > > >>>> > > >>>> Perhaps ask for help with Problem X? > > >>>> > > >>>> For example, "I don't want users to have to type the name of my > > >>>> application to reach it so I want example.com/ > > <http://example.com/> to go to my > > >>>> > > >>>> application > > >>>> > > >>>> instead of example.com/myapp/ <http://example.com/myapp/>". > > >>>> > > >>>> Or, "I have multiple domains and I want all of them to redirect > > >>>> > > >>>> to > > >>>> > > >>>> the > > >>>> > > >>>> canonical domain example.com <http://example.com> and to go to > > me web application > > >>>> > > >>>> /myapp > > >>>> > > >>>> so > > >>>> > > >>>> everything goes to example.com/myapp/ > > <http://example.com/myapp/>". > > >>>> > > >>>> "You'd have to use a glob/regex if > > >>>> > > >>>> you wanted to check for [anything and maybe nothing.] > > >>>> > > >>>> example.com <http://example.com> > > >>>> > > >>>> ." > > >>>> > > >>>> > > >>>> > > >>>> There is nothing in your configuration or question that > suggests > > >>>> > > >>>> that > > >>>> > > >>>> the hostname in the request is relevant, but you are making it > a > > >>>> *requirement* that the request contains a specific Host header. > > >>>> > > >>>> IF > > >>>> > > >>>> you > > >>>> > > >>>> don't actually need that, why do you have it? > > >>>> > > >>>> -chris > > >>>> > > >>>> On Fri, Apr 19, 2024 at 3:03 PM Christopher Schultz < > > >>>> > > >>>> ch...@christopherschultz.net > > <mailto:ch...@christopherschultz.net>> wrote: > > >>>> > > >>>> Ammu, > > >>>> > > >>>> > > >>>> On 4/19/24 08:32, lavanya tech wrote: > > >>>> > > >>>> Thank you very much. I removed <Host> for example.com > > <http://example.com> as > > >>>> > > >>>> well > > >>>> > > >>>> as > > >>>> > > >>>> > > >>>> adding > > >>>> > > >>>> > > >>>> an > > >>>> > > >>>> > > >>>> <Alias> in server.xml > > >>>> I copied context.xml file > > >>>> > > >>>> > /git/app/apache-tomcat-10.1.11/webapps/towl/META-INF/context.xml > > >>>> > > >>>> Removed < in rewrite.config files. > > >>>> > > >>>> But still I dont redirect the URL. > > >>>> > > >>>> > > >>>> If you have <Context> in server.xml and also your application > > >>>> > > >>>> in > > >>>> > > >>>> the > > >>>> > > >>>> webapps/ directory, then you will be double-deploying your > > >>>> > > >>>> application. > > >>>> > > >>>> > > >>>> Re-name /git/app/apache-tomcat-10.1.11/webapps/towl/ to be > > >>>> /git/app/apache-tomcat-10.1.11/webapps/ROOT (the capitals are > > >>>> important) > > >>>> and remove the <Context> element from your server.xml. > > >>>> > > >>>> Then start your server and read the logs. > > >>>> > > >>>> *nslookup alias.example.com <http://alias.example.com> > > <http://alias.example.com <http://alias.example.com>> > > >>>> > > >>>> gives-->Non-authoritative answer:Name: www.example.com > > <http://www.example.com> > > >>>> <http://www.example.com <http://www.example.com>>Address: > > 192.168.200.10Aliases: > > >>>> > > >>>> alias.example.com <http://alias.example.com> > > >>>> > > >>>> <http://alias.example.com <http://alias.example.com>>* > > >>>> > > >>>> > > >>>> Just to give some information here, *www.example.com > > <http://www.example.com> > > >>>> <http://www.example.com <http://www.example.com>>* has alias* > > "alias.example.com <http://alias.example.com> > > >>>> <http://alias.example.com <http://alias.example.com>>"* > > >>>> But https://www.example.com:7777/example > > <https://www.example.com:7777/example> --> works fine with > > >>>> > > >>>> out > > >>>> > > >>>> > > >>>> issues > > >>>> > > >>>> > > >>>> but > > >>>> > > >>>> > > >>>> the alias doesnot works (https://alias.example.com > > <https://alias.example.com>) > > >>>> So i am not sure if the redirect url helps or if its correct > > >>>> > > >>>> > > >>>> Your rewrite configuration says that you have to be using host > > >>>> "example.com <http://example.com>" but your request goes to > > www.example.com <http://www.example.com>. Your > > >>>> configuration should only redirect a request such as: > > >>>> > > >>>> $ curl -v http://example.com:7777/something > > <http://example.com:7777/something> > > >>>> > > >>>> HTTP/1.1 301 Moved Permanently > > >>>> ... > > >>>> Location: https://www.example.com:7777/example > > <https://www.example.com:7777/example> > > >>>> > > >>>> If you > > >>>> > > >>>> > > >>>> > > >>> > > >> > > --------------------------------------------------------------------- > > >> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > > <mailto:users-unsubscr...@tomcat.apache.org> > > >> For additional commands, e-mail: users-h...@tomcat.apache.org > > <mailto:users-h...@tomcat.apache.org> > > >> > > >> > > > > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > > <mailto:users-unsubscr...@tomcat.apache.org> > > For additional commands, e-mail: users-h...@tomcat.apache.org > > <mailto:users-h...@tomcat.apache.org> > > >