> On 01 Feb 2016, at 16:29, Jeffrey Janner <[email protected]> wrote:
>
>> -----Original Message-----
>> From: Mark Thomas [mailto:[email protected]]
>> Sent: Monday, February 01, 2016 9:21 AM
>> To: Tomcat Users List <[email protected]>
>> Subject: Re: Virtual Hosting, HTTP 302 to HTTPS?
>>
>> On 1 February 2016 14:07:57 GMT+00:00, "Björn Raupach" <[email protected]>
>> wrote:
>>> Dear group,
>>>
>>> I have two web applications (a,b) that are both reachable via
>>> subdomains:
>>>
>>> a.example.com <http://a.example.com/>
>>> b.example.com <http://b.example.com/>
>>>
>>> For b.example.com <http://b.example.com/> exists a SSL certificate.
>>> a.example.com <http://a.example.com/> does not need SSL.
>>> The HTTPS connector uses a a Java keystore with the certificate.
>>>
>>> I configured Apache Tomcat 8.0.20 with Virtual Hosting.
>>>
>>> CATALINA_HOME/webapps_a
>>> CATALINA_HOME/webapps_b
>>>
>>> The server.xml has been adjusted.
>>>
>>> <Engine name="Catalina" defaultHost="b">
>>>
>>> <Host name="a" appBase="webapps_a" unpackWARs="true" autoDeploy="true">
>>> ...
>>> </Host>
>>>
>>> <Host name="b" appBase="webapps_b" unpackWARs="true" autoDeploy="true">
>>> ...
>>> </Host>
>>>
>>> </Engine>
>>>
>>> Both web apps are deployed using ROOT.war. They get unpacked and there
>>> are no errors in the log files.
>>>
>>> Here is my problem. b works fine, but I can't reach a.
>>>
>>> curl -I http://a.example.com <http://a.example.com/>
>>> HTTP/1.1 302 Found
>>> Server: Apache-Coyote/1.1
>>> Cache-Control: private
>>> Expires: Thu, 01 Jan 1970 01:00:00 CET
>>> Location: https://a.example.com <https://a.example.com/>
>>> Content-Length: 0
>>> Date: Mon, 01 Feb 2016 13:52:32 GMT
>>>
>>> curl -I http://b.example.com <http://b.example.com/>
>>> HTTP/1.1 302 Found
>>> Server: Apache-Coyote/1.1
>>> Cache-Control: private
>>> Expires: Thu, 01 Jan 1970 01:00:00 CET
>>> Location: https://b.example.com <https://b.example.com/>
>>> Content-Length: 0
>>> Date: Mon, 01 Feb 2016 13:52:54 GMT
>>>
>>> The redirect sets Location to https. I know this can't work because I
>>> have no
>>> certificate for srv.grasmueck.de <http://srv.grasmueck.de/> nor do I
>>> need https.
>>>
>>> And I see the web application `b` instead of `a` despite the error.
>>>
>>> Do I need a Apache HTTPD fronted?
>>
>> No. The name of your virtual host (or one of its aliases) must match
>> the host header. If they don't match the default host will be used.
>>
>> Given that you've already told us one of the real host names, you might
>> as well show us the real configuration and the real request if you need
>> help spotting the configuration error.
>>
>> Mark
>>
> Since the information provided shows that both URLs are responding with a 302
> redirect to the HTTPS connector with the same hostname as provided, I'd say
> that his server.xml configuration is working correctly.
> Obviously, there is something in both webapps that is forcing the redirect.
> Might I suggest the OP take a look at the web.xml file for the A host to see
> if he can see that it is indeed requesting the redirect? (hint:
> <security-constraint> section.)
> Jeff
Hi Jeff,
the web application with the certificate does have a security constraint in the
web.xml.
<security-constraint>
<web-resource-collection>
<url-pattern>/index.xhtml</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [email protected]
> <mailto:[email protected]>
> For additional commands, e-mail: [email protected]
> <mailto:[email protected]>
