> On 01 Feb 2016, at 16:29, Jeffrey Janner <jeffrey.jan...@polydyne.com> wrote: > >> -----Original Message----- >> From: Mark Thomas [mailto:ma...@apache.org] >> Sent: Monday, February 01, 2016 9:21 AM >> To: Tomcat Users List <users@tomcat.apache.org> >> Subject: Re: Virtual Hosting, HTTP 302 to HTTPS? >> >> On 1 February 2016 14:07:57 GMT+00:00, "Björn Raupach" <raup...@me.com> >> wrote: >>> Dear group, >>> >>> I have two web applications (a,b) that are both reachable via >>> subdomains: >>> >>> a.example.com <http://a.example.com/> >>> b.example.com <http://b.example.com/> >>> >>> For b.example.com <http://b.example.com/> exists a SSL certificate. >>> a.example.com <http://a.example.com/> does not need SSL. >>> The HTTPS connector uses a a Java keystore with the certificate. >>> >>> I configured Apache Tomcat 8.0.20 with Virtual Hosting. >>> >>> CATALINA_HOME/webapps_a >>> CATALINA_HOME/webapps_b >>> >>> The server.xml has been adjusted. >>> >>> <Engine name="Catalina" defaultHost="b"> >>> >>> <Host name="a" appBase="webapps_a" unpackWARs="true" autoDeploy="true"> >>> ... >>> </Host> >>> >>> <Host name="b" appBase="webapps_b" unpackWARs="true" autoDeploy="true"> >>> ... >>> </Host> >>> >>> </Engine> >>> >>> Both web apps are deployed using ROOT.war. They get unpacked and there >>> are no errors in the log files. >>> >>> Here is my problem. b works fine, but I can't reach a. >>> >>> curl -I http://a.example.com <http://a.example.com/> >>> HTTP/1.1 302 Found >>> Server: Apache-Coyote/1.1 >>> Cache-Control: private >>> Expires: Thu, 01 Jan 1970 01:00:00 CET >>> Location: https://a.example.com <https://a.example.com/> >>> Content-Length: 0 >>> Date: Mon, 01 Feb 2016 13:52:32 GMT >>> >>> curl -I http://b.example.com <http://b.example.com/> >>> HTTP/1.1 302 Found >>> Server: Apache-Coyote/1.1 >>> Cache-Control: private >>> Expires: Thu, 01 Jan 1970 01:00:00 CET >>> Location: https://b.example.com <https://b.example.com/> >>> Content-Length: 0 >>> Date: Mon, 01 Feb 2016 13:52:54 GMT >>> >>> The redirect sets Location to https. I know this can't work because I >>> have no >>> certificate for srv.grasmueck.de <http://srv.grasmueck.de/> nor do I >>> need https. >>> >>> And I see the web application `b` instead of `a` despite the error. >>> >>> Do I need a Apache HTTPD fronted? >> >> No. The name of your virtual host (or one of its aliases) must match >> the host header. If they don't match the default host will be used. >> >> Given that you've already told us one of the real host names, you might >> as well show us the real configuration and the real request if you need >> help spotting the configuration error. >> >> Mark >> > Since the information provided shows that both URLs are responding with a 302 > redirect to the HTTPS connector with the same hostname as provided, I'd say > that his server.xml configuration is working correctly. > Obviously, there is something in both webapps that is forcing the redirect. > Might I suggest the OP take a look at the web.xml file for the A host to see > if he can see that it is indeed requesting the redirect? (hint: > <security-constraint> section.) > Jeff
Hi Jeff, the web application with the certificate does have a security constraint in the web.xml. <security-constraint> <web-resource-collection> <url-pattern>/index.xhtml</url-pattern> </web-resource-collection> <user-data-constraint> <transport-guarantee>CONFIDENTIAL</transport-guarantee> </user-data-constraint> </security-constraint> > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > <mailto:users-unsubscr...@tomcat.apache.org> > For additional commands, e-mail: users-h...@tomcat.apache.org > <mailto:users-h...@tomcat.apache.org>