Hi Chris, Tried the below steps. I have the redirection working. But the URL is not in the browser anymore.
1) <Host name="localhost" appBase="webapps" unpackWARs="true" autoDeploy="true"> <Valve className="org.apache.catalina.valves.rewrite.RewriteValve" /> 2) /conf/Catalina/localhost --> I added the below in rewrite.config RewriteCond %{HTTP_HOST} ^example\.lbg\.com$ RewriteCond %{REQUEST_URI} !^/towl$ RewriteRule ^/(.*) https://server.lbg.com:8443/towl [R=301,L] Then it redirects from https://example.lbg.com --> https://server.lbg.com:8443/towl but the application team raised a concern the - alias https://example.lbg.com/--> url stays in the browser - towl indexer uses the internal address https:// <https://denue-lp-build001.nbg.nokia.net/grok>server.lbg.com.8443/towl rsp. localhost:8443/towl can we achieve this with tomcat or we need to setup an reverse proxy here. Pleaes kindly suggest Thanks, Lavanya On Mon, May 13, 2024 at 10:17 PM lavanya tech <lavanyatech...@gmail.com> wrote: > Hi Chris, > > Sorry, If I did confuse. It’s important that > https://server.lbg.com:8443/towl is always working. Goal is not to > disable /towl, but just redirect or aliasing > > https//example.lbg.com/ to https://server.lbg.com:8443/towl > > > > > Thanks, > Lavanya > > On Monday, May 13, 2024, Christopher Schultz <ch...@christopherschultz.net> > wrote: > >> Lavanya, >> >> On 5/13/24 05:57, lavanya tech wrote: >> >>> Somehow made it work now i can only access urls as you mentioned before >>> https://example.lbg.com and https://server.lbg.com with port 8443 and >>> with >>> out >>> >>> https://example.lbg.com/towl and https://server.lbg.com/towl --> I >>> have an >>> error now File not found. >>> >>> So i think we need to make work https://example.lbg.com/ to >>> https://server.lbg.com/towl >>> >> >> I'm sorry, I'm still confused as to which way you want things. >> >> Do you want to redirect /towl -> / or do you want to redirect / - > /towl? >> >> Or does it depend upon the hostname? It would really be better if you >> could settle on one specific beahvior. >> >> -chris >> >> On Mon, May 13, 2024 at 9:41 AM lavanya tech <lavanyatech...@gmail.com> >>> wrote: >>> >>> Hi Chris, >>>> >>>> Where are you defining the RewriteValve itself? >>>> >>>> Defined rewritevalve here >>>> <Host name="localhost" appBase="webapps" >>>> unpackWARs="true" autoDeploy="true"> >>>> >>>> <Valve >>>> className="org.apache.catalina.valves.rewrite.RewriteValve" /> >>>> resource="conf/rewrite.config" /> >>>> >>>> 2) reated rewrite.config and added as below under conf/ >>>> >>>> RewriteCond %{REQUEST_URI} ^/towl/(.*) >>>> RewriteRule ^/towl/(.*) https://example.lbg.com/%1 [R] >>>> >>>> 3) After renaming towl to ROOT -> /webapps/ROOT/WEB-INF/web.xml ( I >>>> already have this mappings /* in web.xml file) >>>> >>>> <security-constraint> >>>> <web-resource-collection> >>>> <web-resource-name>Logging Area</web-resource-name> >>>> <description> >>>> Authentication for registered users. >>>> </description> >>>> <url-pattern>/*</url-pattern> >>>> <url-pattern>/api/v1/search</url-pattern> <!-- protect search >>>> endpoint whitelisted above --> >>>> <url-pattern>/api/v1/suggest/*</url-pattern> <!-- protect >>>> suggest >>>> endpoint whitelisted above --> >>>> </web-resource-collection> >>>> <auth-constraint> >>>> <role-name>LDAP_USER</role-name> >>>> <role-name>api</role-name> >>>> </auth-constraint> >>>> </security-constraint> >>>> >>>> 4) Restarted Tomcat, Then I cannot access >>>> https://server.lbg.com:8443/towl >>>> --> Have below error >>>> >>>> Message java.nio.file.NoSuchFileException: >>>> /git/apache-tomcat-10.1.11/webapps/towl/WEB-INF/lib/xss-1.0.8.jar >>>> >>>> Description The server encountered an unexpected condition that >>>> prevented >>>> it from fulfilling the request. >>>> >>>> 5) Also https://example.lbg.com doesnot work anymore >>>> >>>> Before you do anything with redirecting, can you just make sure you are >>>> only deploying ROOT.war and nothing else? >>>> How can I do that. I already changed towl.war to ROOT.war >>>> >>>> But still both the urls have error as mentioned above. >>>> >>>> >>>> Si I revereted back the changes. >>>> That's weird. Try stopping, deleting the work/ directory and restarting. >>>> --> I have this wierd behavior for some reason, thoudh index.jsp is >>>> located >>>> no changes were made to file. After deleting cookies url works >>>> >>>> where Am I going wrong. >>>> >>>> Thanks, >>>> Lavanya >>>> >>>> >>>> On Fri, May 10, 2024 at 6:50 PM Christopher Schultz < >>>> ch...@christopherschultz.net> wrote: >>>> >>>> Lavanya, >>>>> >>>>> On 5/10/24 04:37, lavanya tech wrote: >>>>> >>>>>> I tried the below and have the issues. >>>>>> >>>>>> 1)proxyPort="443" and proxyName="example.lbg.com" to the connector >>>>>> 2) remanmed towl.war to ROOT.war >>>>>> 3) created rewrite.config and added as below under conf/ >>>>>> >>>>> >>>>> Where are you defining the RewriteValve itself? >>>>> >>>>> RewriteCond %{REQUEST_URI} ^/towl/(.*) >>>>>> RewriteRule ^/towl/(.*) https://example.lbg.com/%1 [R] >>>>>> >>>>> >>>>> If this is being handled by the ROOT servlet then I think it's right. >>>>> >>>>> 4) added this in web.xml file of /webapps/towl/web.xml/ >>>>>> >>>>>> <!-- Servlet mappings --> >>>>>> <!-- Add your existing servlet mappings here --> >>>>>> >>>>>> <!-- Security constraint to restrict access to /towl path --> >>>>>> <security-constraint> >>>>>> <web-resource-collection> >>>>>> <web-resource-name>Restricted Access to >>>>>> /towl</web-resource-name> >>>>>> <url-pattern>/towl/*</url-pattern> >>>>>> >>>>> >>>>> No, this is wrong. Since this is the "towl" application and not ROOT, >>>>> you want to map /* and not /towl/* because the application will never >>>>> see the /towl/ as it's an application/context prefix that Tomcat will >>>>> remove. >>>>> >>>>> </web-resource-collection> >>>>>> <auth-constraint> >>>>>> <!-- Deny access to all roles --> >>>>>> </auth-constraint> >>>>>> </security-constraint> >>>>>> >>>>>> Also I noticed that even if I rename the towl application to ROOT, >>>>>> when >>>>>> >>>>> i >>>>> >>>>>> call the url with https://example.lbg.com/towl --> this towl >>>>>> directory >>>>>> >>>>> is >>>>> >>>>>> getting created under webapps by default >>>>>> >>>>> >>>>> If webapps/towl is being created, then it's happening for some other >>>>> reason. Do you have anything under conf/Catalina/*/towl.xml which >>>>> points >>>>> to a WAR file or something? If so, remove that. >>>>> >>>>> 5) Resarted tomcat and I have the below error and all the urls have the >>>>>> same issue >>>>>> >>>>>> Message org.apache.jasper.JasperException: >>>>>> java.lang.ClassNotFoundException: org.apache.jsp.index_jsp >>>>>> >>>>> >>>>> That's weird. Try stopping, deleting the work/ directory and >>>>> restarting. >>>>> >>>>> Description The server encountered an unexpected condition that >>>>>> >>>>> prevented >>>>> >>>>>> it from fulfilling the request. >>>>>> >>>>>> Exception >>>>>> >>>>>> org.apache.jasper.JasperException: org.apache.jasper.JasperException: >>>>>> java.lang.ClassNotFoundException: org.apache.jsp.index_jsp >>>>>> >>>>>> >>>>> org.apache.jasper.servlet.JspServletWrapper.handleJspException(JspServletWrapper.java:578) >>>>> >>>>>> >>>>>> >>>>> org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:422) >>>>> >>>>>> >>>>>> org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:380) >>>>>> org.apache.jasper.servlet.JspServlet.service(JspServlet.java:328) >>>>>> jakarta.servlet.http.HttpServlet.service(HttpServlet.java:658) >>>>>> org.apache.tomcat.websocket.se >>>>>> rver.WsFilter.doFilter(WsFilter.java:51) >>>>>> >>>>> >>>>> Before you do anything with redirecting, can you just make sure you are >>>>> only deploying ROOT.war and nothing else? >>>>> >>>>> This should allow you to reach the application at both >>>>> https://example.lbg.com/ and https://server.lbg.com/ as well as both >>>>> of >>>>> those with port 8443. >>>>> >>>>> Then use the applications and make sure they are working as expected. >>>>> Then, we'll add the /towl handling. >>>>> >>>>> -chris >>>>> >>>>> On Thu, May 9, 2024 at 11:20 PM Christopher Schultz < >>>>>> ch...@christopherschultz.net> wrote: >>>>>> >>>>>> Lavanya, >>>>>>> >>>>>>> On 5/9/24 13:48, lavanya tech wrote: >>>>>>> >>>>>>>> Thank you so much for your explanation. I will try these options. >>>>>>>> >>>>>>>> Do server and example both resolve to the same IP? >>>>>>>> -yes >>>>>>>> >>>>>>> >>>>>>> Good, that significantly reduces the complexity required, since you >>>>>>> can >>>>>>> do it will a single process (Tomcat) in a single environment. >>>>>>> >>>>>>> So I need follow both 4a/b and 5a/b steps here or any of them ? >>>>>>>> >>>>>>>> If I setup exactly by using below steps , then I should access both >>>>>>>> >>>>>>> the >>>>> >>>>>> urls right ? https://server.lbg.com:8443/towl and >>>>>>>> >>>>>>> https://example.lbg.com >>>>>>> >>>>>>> If you visit either hostname with /towl, you will be redirected to >>>>>>> example.lbg.com/ with no port number. example:8443 will still work >>>>>>> and >>>>>>> no redirect will take place... unless you specifically make >>>>>>> >>>>>> arrangements >>>>> >>>>>> for that. We can do that later if you really want to. >>>>>>> >>>>>>> Let's get the other things working, first. >>>>>>> >>>>>>> -chris >>>>>>> >>>>>>> On Thursday, May 9, 2024, Christopher Schultz < >>>>>>>> >>>>>>> ch...@christopherschultz.net> >>>>>>> >>>>>>>> wrote: >>>>>>>> >>>>>>>> Lavanya, >>>>>>>>> >>>>>>>>> On 5/9/24 02:58, lavanya tech wrote: >>>>>>>>> >>>>>>>>> Just giving background again of this topic again. >>>>>>>>>> >>>>>>>>>> 1) The application team who is working they wanted to access the >>>>>>>>>> url >>>>>>>>>> https://server.lbg.com:8443/towl —> which should redirect or >>>>>>>>>> point >>>>>>>>>> >>>>>>>>> to >>>>> >>>>>> https://example.lbg.com >>>>>>>>>> >>>>>>>>>> Is that a typo? You want specifically https://server.lbg.com/towl >>>>>>>>>> >>>>>>>>> and >>>>> >>>>>> https://example.lbg.com/ to point to your application? >>>>>>>>>> — It’s not the Typo the requirements are still >>>>>>>>>> the >>>>>>>>>> >>>>>>>>> same. >>>>>>> >>>>>>>> >>>>>>>>>> >>>>>>>>> Okay. >>>>>>>>> >>>>>>>>> Do server and example both resolve to the same IP? >>>>>>>>> >>>>>>>>> 2) Hence I added firewall rule to redirect port 443 to 8443. And >>>>>>>>> the >>>>>>>>> >>>>>>>> url >>>>> >>>>>> https://example.lbg.com started working but its pointing to >>>>>>>>>> https://server.lbg.com:8443 indeed and not >>>>>>>>>> >>>>>>>>> https://server.lbg.com:8443/to >>>>>>> >>>>>>>> wl >>>>>>>>>> >>>>>>>>>> But then they wanted the point 1 to have it. If I understood >>>>>>>>>> >>>>>>>>> correctly. So >>>>>>> >>>>>>>> basically to achieve this we wanted a reverse proxy setup ? >>>>>>>>>> >>>>>>>>>> I didnot define any additional host in server.xml file on just >>>>>>>>>> left >>>>>>>>>> >>>>>>>>> to >>>>> >>>>>> default to local host. >>>>>>>>>> >>>>>>>>>> >>>>>>>>> Here's what you have to do in order to support this odd >>>>>>>>> >>>>>>>> configuration. >>>>> >>>>>> >>>>>>>>> 1. Configure your firewall to route port 443 -> 8443. I suspect >>>>>>>>> this >>>>>>>>> >>>>>>>> is >>>>> >>>>>> already done. >>>>>>>>> >>>>>>>>> 2. Deploy Tomcat on server.lbg.com with a <Connector> on port >>>>>>>>> 8443. >>>>>>>>> >>>>>>>> This >>>>>>> >>>>>>>> is the default, so there shouldn't be anything to do. I suspect this >>>>>>>>> >>>>>>>> is >>>>> >>>>>> already done. You should set proxyPort="443" and proxyName=" >>>>>>>>> example.lbg.com" in your <Connector>. This will ensure that any >>>>>>>>> URLs >>>>>>>>> generated by Tomcat or your application will point to >>>>>>>>> https://example.lbg.com/ and not to server.lbg.com or have a port >>>>>>>>> >>>>>>>> number >>>>>>> >>>>>>>> or whatever. >>>>>>>>> >>>>>>>>> 3. Re-name your application directory or WAR file from towl -> ROOT >>>>>>>>> >>>>>>>> (upper >>>>>>> >>>>>>>> case is important). So if you have tomcat/webapps/towl re-name that >>>>>>>>> >>>>>>>> to >>>>> >>>>>> tomcat/webapps/ROOT or if you have tomcat/webapps/towl.war re-name >>>>>>>>> >>>>>>>> that >>>>> >>>>>> to >>>>>>> >>>>>>>> tomcat/webapps/ROOT.war. >>>>>>>>> >>>>>>>>> The last thing to do is get /towl to re-direct to /. There are a >>>>>>>>> few >>>>>>>>> >>>>>>>> ways >>>>>>> >>>>>>>> of doing that. >>>>>>>>> >>>>>>>>> 4a. Configure your application (now called ROOT and deployed on / >>>>>>>>> and >>>>>>>>> >>>>>>>> not >>>>>>> >>>>>>>> /towl anymore) to handle the /towl URL and specifically redirect >>>>>>>>> this >>>>>>>>> >>>>>>>> back >>>>>>> >>>>>>>> to /. This is oddly specific and has the application trying to >>>>>>>>> >>>>>>>> redirect >>>>> >>>>>> to >>>>>>> >>>>>>>> itself which is weird. >>>>>>>>> >>>>>>>>> 4b. Create a new application called towl or towl.war which will be >>>>>>>>> deployed on /towl and have THAT redirect to /. I think this is >>>>>>>>> >>>>>>>> cleaner >>>>> >>>>>> because you can call the application anything you'd like and it will >>>>>>>>> >>>>>>>> still >>>>>>> >>>>>>>> work. You don't have to match URL patterns yourself, you just >>>>>>>>> re-name >>>>>>>>> >>>>>>>> the >>>>>>> >>>>>>>> WAR file if you suddenly want to use /towl2 instead of /towl. >>>>>>>>> >>>>>>>>> There are several ways to redirect. >>>>>>>>> >>>>>>>>> 5a. Use the rewrite valve and map /(*) to (global redirect) /\1. A >>>>>>>>> >>>>>>>> few >>>>> >>>>>> notes: (1) the (*) means "capture this string" and \1 means "put the >>>>>>>>> >>>>>>>> string >>>>>>> >>>>>>>> back. This allows you to redirect /towl/foo/bar to /foo/bar instead >>>>>>>>> >>>>>>>> of >>>>> >>>>>> losing the /foo/bar. This syntax may not be perfect, adapt it to your >>>>>>>>> needs. (2) Remember that the towl application is deployed on /towl >>>>>>>>> so >>>>>>>>> >>>>>>>> you >>>>>>> >>>>>>>> don't want to redirect /towl/foo/bar you only want redirect /foo/bar >>>>>>>>> >>>>>>>> since >>>>>>> >>>>>>>> the URL will be relative to the current context (/towl). Got that? >>>>>>>>> >>>>>>>> Finally, >>>>>>> >>>>>>>> (3) you need to use a global redirect that does *NOT* redirect back >>>>>>>>> >>>>>>>> to >>>>> >>>>>> the >>>>>>> >>>>>>>> /towl application. Normally, if you redirect to /foo you'll get an >>>>>>>>> application-relative redirect from something like a rewrite >>>>>>>>> valve/filter/whatever. Take care to redirect relative to the SERVER >>>>>>>>> >>>>>>>> and >>>>> >>>>>> not >>>>>>> >>>>>>>> to the application. >>>>>>>>> >>>>>>>>> 5b. Write your own servlet to do a specific redirect. >>>>>>>>> >>>>>>>>> I hope that helps, >>>>>>>>> -chris >>>>>>>>> >>>>>>>>> On Wednesday, May 8, 2024, Christopher Schultz < >>>>>>>>> >>>>>>>>>> ch...@christopherschultz.net> >>>>>>>>>> wrote: >>>>>>>>>> >>>>>>>>>> Lavanya, >>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> On 5/8/24 06:48, lavanya tech wrote: >>>>>>>>>>> >>>>>>>>>>> I figured out how I can it make it work with 443. Now the URls >>>>>>>>>>> are >>>>>>>>>>> >>>>>>>>>>>> working. >>>>>>>>>>>> I added iptables route 443 to 8443 and it started working. >>>>>>>>>>>> >>>>>>>>>>>> nslookup example.lbg.com >>>>>>>>>>>> >>>>>>>>>>>> Non-authoritative answer: >>>>>>>>>>>> Name: server.lbg.com >>>>>>>>>>>> Address: 192.168.200.105 >>>>>>>>>>>> Aliases: example.lbg.com >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> I have some application towl running with apache tomcat. I have >>>>>>>>>>>> >>>>>>>>>>> the >>>>> >>>>>> below >>>>>>>>>>>> URLs working. >>>>>>>>>>>> >>>>>>>>>>>> https://server.lbg.com:8443/towl >>>>>>>>>>>> https://server.lbg.com >>>>>>>>>>>> https://example.lbg.com >>>>>>>>>>>> https://example.lbg.com/towl >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> Now i wanted to disable the url https://example.lbg.com/towl >>>>>>>>>>>> and >>>>>>>>>>>> https://server.lbg.com and access only the other remaining two. >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>> >>>>>>>>>> I would *highly* recommend that you pick either /towl or / and not >>>>>>>>>>> >>>>>>>>>> try to >>>>>>> >>>>>>>> do both, unless you want to deploy the application twice (which is >>>>>>>>>>> >>>>>>>>>> fine, >>>>>>> >>>>>>>> just deploy towl.war and ROOT.war as copies of each other). If you >>>>>>>>>>> >>>>>>>>>> try to >>>>>>> >>>>>>>> re-write /towl to / or / to /towl, you'll find you spend the rest >>>>>>>>>>> >>>>>>>>>> of >>>>> >>>>>> your >>>>>>> >>>>>>>> days tracking-down edge-cases and "fixing" them -- likely making >>>>>>>>>>> >>>>>>>>>> things >>>>>>> >>>>>>>> confusing and, probably, worse. >>>>>>>>>>> >>>>>>>>>>> In the end our goal to makesure that the links are not always >>>>>>>>>>> >>>>>>>>>> dead as >>>>> >>>>>> soon >>>>>>>>>>> >>>>>>>>>>> as the towl is moved to a new machine. Can you pelase assit me >>>>>>>>>>>> how >>>>>>>>>>>> >>>>>>>>>>> to do >>>>>>> >>>>>>>> that? >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> The goal should be that "moving" the application only means >>>>>>>>>>> >>>>>>>>>> changing >>>>> >>>>>> DNS >>>>>>> >>>>>>>> and everything else works as expected. >>>>>>>>>>> >>>>>>>>>>> If you: >>>>>>>>>>> >>>>>>>>>>> 1. Deploy the application with a single context (e.g. /towl, >>>>>>>>>>> which >>>>>>>>>>> >>>>>>>>>> I >>>>> >>>>>> recommend) >>>>>>>>>>> >>>>>>>>>>> 2. Re-direct / to /towl (this requires a reverse-proxy or a ROOT >>>>>>>>>>> application that does nothing but redirect ; my personal >>>>>>>>>>> >>>>>>>>>> preference) >>>>> >>>>>> >>>>>>>>>>> 3. Do not define any <Host> other than "localhost" and make it >>>>>>>>>>> the >>>>>>>>>>> default. Do not bother with any <Alias> elements since they are >>>>>>>>>>> not >>>>>>>>>>> necessary. >>>>>>>>>>> >>>>>>>>>>> Moving the application should only require that you: >>>>>>>>>>> >>>>>>>>>>> 4. Deploy the same application with the same configuration in the >>>>>>>>>>> >>>>>>>>>> new >>>>> >>>>>> location >>>>>>>>>>> >>>>>>>>>>> 5. Change DNS to point example.lbg.com and server.lbg.com to the >>>>>>>>>>> >>>>>>>>>> new >>>>> >>>>>> location of the service >>>>>>>>>>> >>>>>>>>>>> Hope that helps, >>>>>>>>>>> -chris >>>>>>>>>>> >>>>>>>>>>> On Tue, Apr 30, 2024 at 5:44 PM Christopher Schultz < >>>>>>>>>>> ch...@christopherschultz.net> wrote: >>>>>>>>>>> >>>>>>>>>>> Lavanya, >>>>>>>>>>> >>>>>>>>>>> On 4/30/24 07:10, lavanya tech wrote: >>>>>>>>>>> >>>>>>>>>>> Can you tell me how to do the below ? How should I setup Tomcat >>>>>>>>>>> in >>>>>>>>>>> server.xml ? >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> If you want to use port 443 (the default port for HTTPS) then you >>>>>>>>>>> >>>>>>>>>> will >>>>> >>>>>> need to change Tomcat to bind to port 443 (if that's allowed on >>>>>>>>>>> >>>>>>>>>> your >>>>> >>>>>> OS) >>>>>>> >>>>>>>> or arrange to have port 443 routed to port 8443. You may need >>>>>>>>>>> >>>>>>>>>> additional >>>>>>> >>>>>>>> configuration in Tomcat (specifically: proxyPort) to avoid having >>>>>>>>>>> >>>>>>>>>> Tomcat >>>>>>> >>>>>>>> generate URLs with ":8443" in them. >>>>>>>>>>> >>>>>>>>>>> Looking forward to your reply. >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> If Tomcat is listening on port 8443 then you will need to include >>>>>>>>>>> >>>>>>>>>> that >>>>> >>>>>> in your URL, period. If you want to allow URLs without a port >>>>>>>>>>> >>>>>>>>>> number, >>>>> >>>>>> you will have to arrange to have something listening on port 443. >>>>>>>>>>> >>>>>>>>>>> On Windows, Tomcat can listen directly on port 443. On UNIX and >>>>>>>>>>> UNIX-like systems, you won't be able to do this without running >>>>>>>>>>> >>>>>>>>>> Tomcat >>>>> >>>>>> as root WHICH YOU ABSOLUTELY SHOULD NOT DO. >>>>>>>>>>> >>>>>>>>>>> There are other ways to get port 443 working, but I'll need to >>>>>>>>>>> know >>>>>>>>>>> >>>>>>>>>> more >>>>>>> >>>>>>>> about your environment. The port issue is "easier" than figuring >>>>>>>>>>> >>>>>>>>>> out >>>>> >>>>>> whatever is going on with your DNS, aliases, etc. so I would >>>>>>>>>>> >>>>>>>>>> recommend >>>>> >>>>>> we fix one thing at a time. >>>>>>>>>>> >>>>>>>>>>> -chris >>>>>>>>>>> >>>>>>>>>>> On Mon, Apr 29, 2024 at 2:03 PM lavanya tech < >>>>>>>>>>> >>>>>>>>>> lavanyatech...@gmail.com> >>>>>>> >>>>>>>> wrote: >>>>>>>>>>> >>>>>>>>>>> Hi Chris, >>>>>>>>>>> >>>>>>>>>>> There is no issues with browser, because I tested with different >>>>>>>>>>> >>>>>>>>>>> browsers >>>>>>>>>>> >>>>>>>>>>> and it all works fine. I am sure that there is no issue with the >>>>>>>>>>> certificate. >>>>>>>>>>> Because I was able to establish successful connections >>>>>>>>>>> with >>>>>>>>>>> >>>>>>>>>> port >>>>> >>>>>> >>>>>>>>>>> 8443, it >>>>>>>>>>> >>>>>>>>>>> just doesnot work with out port >>>>>>>>>>> >>>>>>>>>>> curl https://example.lbg.com/towl >>>>>>>>>>> curl: (56) Received HTTP code 504 from proxy after CONNECT >>>>>>>>>>> curl: (56) Received HTTP code 504 from proxy after CONNECT >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> If you want to use port 443 (the default port for HTTPS) then you >>>>>>>>>>> >>>>>>>>>> will >>>>> >>>>>> need to change Tomcat to bind to port 443 (if that's allowed on >>>>>>>>>>> >>>>>>>>>> your >>>>> >>>>>> OS) >>>>>>> >>>>>>>> or arrange to have port 443 routed to port 8443. You may need >>>>>>>>>>> >>>>>>>>>> additional >>>>>>> >>>>>>>> configuration in Tomcat (specifically: proxyPort) to avoid having >>>>>>>>>>> >>>>>>>>>> Tomcat >>>>>>> >>>>>>>> generate URLs with ":8443" in them. >>>>>>>>>>> >>>>>>>>>>> <Connector port="443" protocol="HTTP/1.1" >>>>>>>>>>> connectionTimeout="20000" >>>>>>>>>>> redirectPort="8443" >>>>>>>>>>> maxThreads="150" >>>>>>>>>>> scheme="https" secure="true" SSLEnabled="true" >>>>>>>>>>> keystoreFile="path_to_your_keystore_file" >>>>>>>>>>> keystorePass="your_keystore_password" >>>>>>>>>>> keystoreType="PKCS12" >>>>>>>>>>> clientAuth="false" sslProtocol="TLS" >>>>>>>>>>> proxyPort="443"/> >>>>>>>>>>> >>>>>>>>>>> should i use connect port like the above ? But you mentioned >>>>>>>>>>> >>>>>>>>>> before >>>>> >>>>>> we >>>>>>> >>>>>>>> dont need any configuration changes. Please clarify I am not able >>>>>>>>>>> >>>>>>>>>> to >>>>> >>>>>> >>>>>>>>>>> figure >>>>>>>>>>> >>>>>>>>>>> this out and I have this issue many days pending. How to make it >>>>>>>>>>> >>>>>>>>>> work >>>>> >>>>>> >>>>>>>>>>> with >>>>>>>>>>> >>>>>>>>>>> port 8443 and with out port >>>>>>>>>>> >>>>>>>>>>> Also I wanted to use weburl with alias name permanently instead >>>>>>>>>>> of >>>>>>>>>>> >>>>>>>>>> the >>>>> >>>>>> hostname. How can I achieve both >>>>>>>>>>> >>>>>>>>>>> Thanks, >>>>>>>>>>> Lavanya >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> --> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> On Fri, Apr 26, 2024 at 9:28 PM Christopher Schultz < >>>>>>>>>>> ch...@christopherschultz.net> wrote: >>>>>>>>>>> >>>>>>>>>>> Lavanya, >>>>>>>>>>> >>>>>>>>>>> On 4/25/24 07:24, lavanya tech wrote: >>>>>>>>>>> >>>>>>>>>>> Hi Chris, >>>>>>>>>>> >>>>>>>>>>> One question / doubt: >>>>>>>>>>> >>>>>>>>>>> As I mentioned earlier, the below URLS already working in the >>>>>>>>>>> >>>>>>>>>> browser >>>>> >>>>>> >>>>>>>>>>> https://server.lbg.com:8443/towl >>>>>>>>>>> https://example.lbg.com:8443/towl -> redirect ( which means >>>>>>>>>>> when I >>>>>>>>>>> >>>>>>>>>>> hit in >>>>>>>>>>> >>>>>>>>>>> browser) it points to https://server.lbg.com:8443/towl ---> To >>>>>>>>>>> be >>>>>>>>>>> >>>>>>>>>>> frank, >>>>>>>>>>> >>>>>>>>>>> even I donot need redirect here, not sure why it redirects. >>>>>>>>>>> >>>>>>>>>>> My question is why its working even though SAN is not registered >>>>>>>>>>> >>>>>>>>>> with >>>>> >>>>>> >>>>>>>>>>> the >>>>>>>>>>> >>>>>>>>>>> certificate ? It doesnot even throw warning in the browser. >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> I'm not sure. Is it possible you have dismissed this error in the >>>>>>>>>>> >>>>>>>>>> past >>>>> >>>>>> and the browser is remembering that? Try this with a different web >>>>>>>>>>> browser or maybe with curl from the command-line to see what >>>>>>>>>>> >>>>>>>>>> happens. >>>>> >>>>>> >>>>>>>>>>> Why https://server.lbg.com/towl or https://example.lbg.com/towl >>>>>>>>>>> >>>>>>>>>> --> >>>>> >>>>>> >>>>>>>>>>> How it >>>>>>>>>>> >>>>>>>>>>> should work with New SAN certificate ? >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> You don't need to worry about the port number or application >>>>>>>>>>> name, >>>>>>>>>>> >>>>>>>>>> only >>>>>>> >>>>>>>> the hostname is a part of the SAN. >>>>>>>>>>> >>>>>>>>>>> -chris >>>>>>>>>>> >>>>>>>>>>> On Thu, Apr 25, 2024 at 10:16 AM lavanya tech < >>>>>>>>>>> >>>>>>>>>>> lavanyatech...@gmail.com >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> wrote: >>>>>>>>>>> >>>>>>>>>>> Hi Chris, >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> Thanks I will request new certificate with SANs and I will try to >>>>>>>>>>> >>>>>>>>>> fix >>>>> >>>>>> >>>>>>>>>>> the >>>>>>>>>>> >>>>>>>>>>> things from our end. >>>>>>>>>>> >>>>>>>>>>> Best Regards, >>>>>>>>>>> Lavanya >>>>>>>>>>> >>>>>>>>>>> On Wed, Apr 24, 2024 at 11:12 PM Christopher Schultz < >>>>>>>>>>> ch...@christopherschultz.net> wrote: >>>>>>>>>>> >>>>>>>>>>> Lavanya, >>>>>>>>>>> >>>>>>>>>>> On 4/24/24 15:39, lavanya tech wrote: >>>>>>>>>>> >>>>>>>>>>> Local host means the machine i am logged in to server.lbg.com >>>>>>>>>>> >>>>>>>>>>> You are right, example.lbg.com is CNAME record. >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> Okay, thanks for clearing that up. >>>>>>>>>>> >>>>>>>>>>> I dont have any SAN configured for the certificate. The >>>>>>>>>>> certificate >>>>>>>>>>> >>>>>>>>>>> is >>>>>>>>>>> >>>>>>>>>>> requested for only server.lbg.com >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> You will never be able to make a secure request to anything other >>>>>>>>>>> >>>>>>>>>>> than >>>>>>>>>>> >>>>>>>>>>> server.lbg.com without seeing an error. I highly recommend >>>>>>>>>>> adding >>>>>>>>>>> >>>>>>>>>>> the >>>>>>>>>>> >>>>>>>>>>> other hostname as a SAN to your certificate if you really want to >>>>>>>>>>> support this. >>>>>>>>>>> >>>>>>>>>>> Even if you wanted https://example.lbg.com/whatever to return an >>>>>>>>>>> >>>>>>>>>>> HTTP >>>>>>>>>>> >>>>>>>>>>> 302 redirect to https://server.lbg.com/whatever, the user would >>>>>>>>>>> >>>>>>>>>>> see a >>>>>>>>>>> >>>>>>>>>>> certificate hostname mismatch error which is ugly. It's best to >>>>>>>>>>> >>>>>>>>>> make >>>>> >>>>>> >>>>>>>>>>> it >>>>>>>>>>> >>>>>>>>>>> work without users seeing ugly things. >>>>>>>>>>> >>>>>>>>>>> So if i just request new certificate with SAN it should work ? If >>>>>>>>>>> >>>>>>>>>>> yes, I >>>>>>>>>>> >>>>>>>>>>> will request for it and follow your steps as below suggested. >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> Yes, it should. >>>>>>>>>>> >>>>>>>>>>> Should i use CName record or DNS? Does it make difference? >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> CNAME *is* DNS. >>>>>>>>>>> >>>>>>>>>>> Whenever possible, use hostnames and not IP addresses as SANs. >>>>>>>>>>> It's >>>>>>>>>>> >>>>>>>>>>> more >>>>>>>>>>> >>>>>>>>>>> flexible that way, and users get to see hostnames instead of IP >>>>>>>>>>> >>>>>>>>>>> addresses. >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> -chris >>>>>>>>>>> >>>>>>>>>>> On Wednesday, April 24, 2024, Christopher Schultz < >>>>>>>>>>> ch...@christopherschultz.net> wrote: >>>>>>>>>>> >>>>>>>>>>> Lavanya, >>>>>>>>>>> >>>>>>>>>>> On 4/24/24 07:37, lavanya tech wrote: >>>>>>>>>>> >>>>>>>>>>> Sorry I understood wrongly here with regards to my environment, >>>>>>>>>>> >>>>>>>>>>> Let me >>>>>>>>>>> >>>>>>>>>>> start from the beginning. I donot want to use redirect at all. I >>>>>>>>>>> >>>>>>>>>>> simply >>>>>>>>>>> >>>>>>>>>>> wanted to force apache tomcat to use both localhost and dns name >>>>>>>>>>> >>>>>>>>>>> of >>>>>>>>>>> >>>>>>>>>>> the >>>>>>>>>>> >>>>>>>>>>> localhost via url. >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> When you say "force" what do you mean? >>>>>>>>>>> >>>>>>>>>>> When you say "use both localhost and DNS name" what do you mean? >>>>>>>>>>> >>>>>>>>>>> When you say "localhost" do you mean 127.0.0.1 or "the machine >>>>>>>>>>> I'm >>>>>>>>>>> logged-into right now"? >>>>>>>>>>> >>>>>>>>>>> I have DNS resollution as below. >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> server.lbg.com --> localhost >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> Is that a CNAME record? >>>>>>>>>>> >>>>>>>>>>> nslookup server.lbg.com (localhost) >>>>>>>>>>> >>>>>>>>>>> Name: server.lbg.com >>>>>>>>>>> Address: 192.168.100.20 >>>>>>>>>>> alias: example.lbg.com >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> That's a weird DNS response. The DNS name "localhost" should >>>>>>>>>>> >>>>>>>>>>> *always* >>>>>>>>>>> >>>>>>>>>>> return 127.0.0.1 for IPv4 and ::1 for IPv6. It shouldn't return >>>>>>>>>>> 191.168.100.20. >>>>>>>>>>> >>>>>>>>>>> We have working the below urls working: >>>>>>>>>>> >>>>>>>>>>> https://server.lbg.com:8443/towl >>>>>>>>>>> https://example.lbg.com:8443/towl --> redirects to >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> What do you mean "redirect"? Does it return a 30x response that >>>>>>>>>>> >>>>>>>>>>> causes >>>>>>>>>>> >>>>>>>>>>> the >>>>>>>>>>> >>>>>>>>>>> browser to make a new request to \/ >>>>>>>>>>> >>>>>>>>>>> https://server.lbg.com:8443/towl --> still works --> we have >>>>>>>>>>> SSL >>>>>>>>>>> >>>>>>>>>>> configured for the same but this SSL certificate doesnot have >>>>>>>>>>> >>>>>>>>>>> additional >>>>>>>>>>> >>>>>>>>>>> DNS setup. >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> What SANs are in your certificate? How many certificates do you >>>>>>>>>>> >>>>>>>>>>> have? >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> But I would need to somehow access https://example.lbg.com --> >>>>>>>>>>> >>>>>>>>>>> which >>>>>>>>>>> >>>>>>>>>>> means >>>>>>>>>>> I would need to access via 443 here ? >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> I'm so confused. What needs to access what? >>>>>>>>>>> >>>>>>>>>>> I tried to adding the below to server.xml as below, but that >>>>>>>>>>> >>>>>>>>>>> doesnot >>>>>>>>>>> >>>>>>>>>>> seems >>>>>>>>>>> >>>>>>>>>>> to work. >>>>>>>>>>> >>>>>>>>>>> <Connector port="80" >>>>>>>>>>> protocol="org.apache.coyote.http11.Http11NioProtocol" >>>>>>>>>>> connectionTimeout="20000" >>>>>>>>>>> redirectPort="443" /> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> This will only redirect (HTTP 302) requests to >>>>>>>>>>> >>>>>>>>>>> http://yourhost/anything >>>>>>>>>>> >>>>>>>>>>> to https://yourhost/anything *if the application specifically >>>>>>>>>>> >>>>>>>>>>> requests >>>>>>>>>>> >>>>>>>>>>> CONFIDENTIAL transport*. It doesn't just redirect everything by >>>>>>>>>>> >>>>>>>>>>> default. If >>>>>>>>>>> >>>>>>>>>>> you want it to redirect everything, you'll need to set that up >>>>>>>>>>> >>>>>>>>>>> e.g. >>>>>>>>>>> >>>>>>>>>>> using >>>>>>>>>>> >>>>>>>>>>> RewriteValve. There are other options, too. >>>>>>>>>>> >>>>>>>>>>> Do i need additional SSL certificate for the >>>>>>>>>>> >>>>>>>>>>> https://example.lbg.com >>>>>>>>>>> >>>>>>>>>>> to >>>>>>>>>>> >>>>>>>>>>> make it work ? >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> If you don't want your browser to complain, you will need at >>>>>>>>>>> least >>>>>>>>>>> >>>>>>>>>>> one >>>>>>>>>>> >>>>>>>>>>> TLS >>>>>>>>>>> >>>>>>>>>>> certificate that contains every Subject Alternative Name (SAN) >>>>>>>>>>> for >>>>>>>>>>> >>>>>>>>>>> every >>>>>>>>>>> >>>>>>>>>>> possible hostname you expect to use with this service. You ca do >>>>>>>>>>> >>>>>>>>>>> it >>>>>>>>>>> >>>>>>>>>>> with >>>>>>>>>>> >>>>>>>>>>> multiple certificates as well, but a single cert with multiple >>>>>>>>>>> >>>>>>>>>>> SANs >>>>>>>>>>> >>>>>>>>>>> is >>>>>>>>>>> >>>>>>>>>>> less >>>>>>>>>>> >>>>>>>>>>> work. >>>>>>>>>>> >>>>>>>>>>> Do i need to set up an additional web server for this like apache >>>>>>>>>>> >>>>>>>>>>> or >>>>>>>>>>> >>>>>>>>>>> nginx >>>>>>>>>>> >>>>>>>>>>> for redirecting requests? >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> No. >>>>>>>>>>> >>>>>>>>>>> Please stop saying "redirect" because it sounds like you almost >>>>>>>>>>> >>>>>>>>>>> never >>>>>>>>>>> >>>>>>>>>>> mean >>>>>>>>>>> >>>>>>>>>>> "HTTP 30x redirect" and that's confusing everything. >>>>>>>>>>> >>>>>>>>>>> I *think* you only need the following: >>>>>>>>>>> >>>>>>>>>>> 1. A TLS certificate with the following SANs: >>>>>>>>>>> >>>>>>>>>>> * server.lbg.com >>>>>>>>>>> * example.lbg.com >>>>>>>>>>> * localhost (you shouldn't do this) >>>>>>>>>>> >>>>>>>>>>> 2. DNS configured for all hostnames: >>>>>>>>>>> >>>>>>>>>>> * server.lbg.com -> A 192.168.100.20 >>>>>>>>>>> * example.lgb.com -> A 192.168.100.20 >>>>>>>>>>> >>>>>>>>>>> 3. Tomcat configured with a single <Host> which is the default >>>>>>>>>>> >>>>>>>>>>> virtual >>>>>>>>>>> >>>>>>>>>>> host. Note that this is the *default Tomcat configuration* and >>>>>>>>>>> >>>>>>>>>>> doesn't >>>>>>>>>>> >>>>>>>>>>> need >>>>>>>>>>> >>>>>>>>>>> to be changed from the default. >>>>>>>>>>> >>>>>>>>>>> 4. Tomcat configured with your certificate like this: >>>>>>>>>>> >>>>>>>>>>> <Connector ... >>>>>>>>>>> SSLEnabled="true"> >>>>>>>>>>> <SSLHostConfig> >>>>>>>>>>> <Certificate >>>>>>>>>>> certificateFile="/path/to/your/cert.crt" >>>>>>>>>>> certificateKeyFile="/path/to/your/key.pem" /> >>>>>>>>>>> <!-- You may need certificateKeyPassword in >>>>>>>>>>> >>>>>>>>>>> <Certificate> >>>>>>>>>>> >>>>>>>>>>> --> >>>>>>>>>>> >>>>>>>>>>> </SSLHostConfig> >>>>>>>>>>> </Connector> >>>>>>>>>>> >>>>>>>>>>> If your SANs are configured properly, this should allow you to >>>>>>>>>>> >>>>>>>>>>> connect >>>>>>>>>>> >>>>>>>>>>> using any of these URLs: >>>>>>>>>>> >>>>>>>>>>> $ curl https://server.lbg.com/towl/login.jsp >>>>>>>>>>> >>>>>>>>>>> (returns login page) >>>>>>>>>>> >>>>>>>>>>> $ curl https://example.lbg.com/towl/login.jsp >>>>>>>>>>> >>>>>>>>>>> (returns login page) >>>>>>>>>>> >>>>>>>>>>> If your application's web.xml contains something like this: >>>>>>>>>>> >>>>>>>>>>> <security-constraint> >>>>>>>>>>> <web-resource-collection> >>>>>>>>>>> <web-resource-name>theapp</web-resource-name> >>>>>>>>>>> <url-pattern>/*</url-pattern> >>>>>>>>>>> </web-resource-collection> >>>>>>>>>>> <user-data-constraint> >>>>>>>>>>> >>>>>>>>>>> <transport-guarantee>CONFIDENTIAL</transport-guarantee> >>>>> >>>>>> </user-data-constraint> >>>>>>>>>>> </security-constraint> >>>>>>>>>>> >>>>>>>>>>> ... then these URLs insecure HTTP URLs should redirect your >>>>>>>>>>> >>>>>>>>>>> clients: >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> $ curl http://server.lbg.com/towl/login.jsp >>>>>>>>>>> >>>>>>>>>>> (returns HTTP 302 redirect to >>>>>>>>>>> >>>>>>>>>>> https://server.lbg.com/towl/login.jsp >>>>>>>>>>> >>>>>>>>>>> ) >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> $ curl https://server.lbg.com/towl/login.jsp >>>>>>>>>>> >>>>>>>>>>> (returns HTTP 302 redirect to >>>>>>>>>>> >>>>>>>>>>> https://example.lbg.com/towl/login.jsp) >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> I don't think you need any use of the RewriteValve unless you >>>>>>>>>>> want >>>>>>>>>>> >>>>>>>>>>> to >>>>>>>>>>> >>>>>>>>>>> handle sending HTTP 302 redirect responses to insecure requests >>>>>>>>>>> >>>>>>>>>>> without >>>>>>>>>>> >>>>>>>>>>> specifying the CONFIDENTIAL transport-guarantee in your >>>>>>>>>>> >>>>>>>>>>> application's >>>>>>>>>>> >>>>>>>>>>> web.xml file. But I don't see any reason NOT to have that in >>>>>>>>>>> >>>>>>>>>>> there. >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> -chris >>>>>>>>>>> >>>>>>>>>>> On Tue, Apr 23, 2024 at 10:52 PM Christopher Schultz < >>>>>>>>>>> >>>>>>>>>>> ch...@christopherschultz.net> wrote: >>>>>>>>>>> >>>>>>>>>>> Lavanya, >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> On 4/22/24 05:21, lavanya tech wrote: >>>>>>>>>>> >>>>>>>>>>> Could you please explain, what you exactly mean ? So here >>>>>>>>>>> >>>>>>>>>>> redirect >>>>>>>>>>> >>>>>>>>>>> is >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> not a >>>>>>>>>>> >>>>>>>>>>> solution right ? >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> Redirecting is fine. >>>>>>>>>>> >>>>>>>>>>> Perhaps you should take a step back and decide: what do you >>>>>>>>>>> >>>>>>>>>>> actually >>>>>>>>>>> >>>>>>>>>>> want, here? You might be trying to solve problem X by applying >>>>>>>>>>> >>>>>>>>>>> solution >>>>>>>>>>> >>>>>>>>>>> Y, and you've already decided that solution Y is correct so you >>>>>>>>>>> >>>>>>>>>>> are >>>>>>>>>>> >>>>>>>>>>> trying to get help with that. >>>>>>>>>>> >>>>>>>>>>> Perhaps ask for help with Problem X? >>>>>>>>>>> >>>>>>>>>>> For example, "I don't want users to have to type the name of my >>>>>>>>>>> application to reach it so I want example.com/ to go to my >>>>>>>>>>> >>>>>>>>>>> application >>>>>>>>>>> >>>>>>>>>>> instead of example.com/myapp/". >>>>>>>>>>> >>>>>>>>>>> Or, "I have multiple domains and I want all of them to redirect >>>>>>>>>>> >>>>>>>>>>> to >>>>>>>>>>> >>>>>>>>>>> the >>>>>>>>>>> >>>>>>>>>>> canonical domain example.com and to go to me web application >>>>>>>>>>> >>>>>>>>>>> /myapp >>>>>>>>>>> >>>>>>>>>>> so >>>>>>>>>>> >>>>>>>>>>> everything goes to example.com/myapp/". >>>>>>>>>>> >>>>>>>>>>> "You'd have to use a glob/regex if >>>>>>>>>>> >>>>>>>>>>> you wanted to check for [anything and maybe nothing.] >>>>>>>>>>> >>>>>>>>>>> example.com >>>>>>>>>>> >>>>>>>>>>> ." >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> There is nothing in your configuration or question that suggests >>>>>>>>>>> >>>>>>>>>>> that >>>>>>>>>>> >>>>>>>>>>> the hostname in the request is relevant, but you are making it a >>>>>>>>>>> *requirement* that the request contains a specific Host header. >>>>>>>>>>> >>>>>>>>>>> IF >>>>>>>>>>> >>>>>>>>>>> you >>>>>>>>>>> >>>>>>>>>>> don't actually need that, why do you have it? >>>>>>>>>>> >>>>>>>>>>> -chris >>>>>>>>>>> >>>>>>>>>>> On Fri, Apr 19, 2024 at 3:03 PM Christopher Schultz < >>>>>>>>>>> >>>>>>>>>>> ch...@christopherschultz.net> wrote: >>>>>>>>>>> >>>>>>>>>>> Ammu, >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> On 4/19/24 08:32, lavanya tech wrote: >>>>>>>>>>> >>>>>>>>>>> Thank you very much. I removed <Host> for example.com as >>>>>>>>>>> >>>>>>>>>>> well >>>>>>>>>>> >>>>>>>>>>> as >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> adding >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> an >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> <Alias> in server.xml >>>>>>>>>>> I copied context.xml file >>>>>>>>>>> >>>>>>>>>>> /git/app/apache-tomcat-10.1.11/webapps/towl/META-INF/context.xml >>>>>>>>>>> >>>>>>>>>>> Removed < in rewrite.config files. >>>>>>>>>>> >>>>>>>>>>> But still I dont redirect the URL. >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> If you have <Context> in server.xml and also your application >>>>>>>>>>> >>>>>>>>>>> in >>>>>>>>>>> >>>>>>>>>>> the >>>>>>>>>>> >>>>>>>>>>> webapps/ directory, then you will be double-deploying your >>>>>>>>>>> >>>>>>>>>>> application. >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> Re-name /git/app/apache-tomcat-10.1.11/webapps/towl/ to be >>>>>>>>>>> /git/app/apache-tomcat-10.1.11/webapps/ROOT (the capitals are >>>>>>>>>>> important) >>>>>>>>>>> and remove the <Context> element from your server.xml. >>>>>>>>>>> >>>>>>>>>>> Then start your server and read the logs. >>>>>>>>>>> >>>>>>>>>>> *nslookup alias.example.com <http://alias.example.com> >>>>>>>>>>> >>>>>>>>>>> gives-->Non-authoritative answer:Name: www.example.com >>>>>>>>>>> <http://www.example.com>Address: 192.168.200.10Aliases: >>>>>>>>>>> >>>>>>>>>>> alias.example.com >>>>>>>>>>> >>>>>>>>>>> <http://alias.example.com>* >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> Just to give some information here, *www.example.com >>>>>>>>>>> <http://www.example.com>* has alias* "alias.example.com >>>>>>>>>>> <http://alias.example.com>"* >>>>>>>>>>> But https://www.example.com:7777/example --> works fine with >>>>>>>>>>> >>>>>>>>>>> out >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> issues >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> but >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> the alias doesnot works (https://alias.example.com) >>>>>>>>>>> So i am not sure if the redirect url helps or if its correct >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> Your rewrite configuration says that you have to be using host >>>>>>>>>>> "example.com" but your request goes to www.example.com. Your >>>>>>>>>>> configuration should only redirect a request such as: >>>>>>>>>>> >>>>>>>>>>> $ curl -v http://example.com:7777/something >>>>>>>>>>> >>>>>>>>>>> HTTP/1.1 301 Moved Permanently >>>>>>>>>>> ... >>>>>>>>>>> Location: https://www.example.com:7777/example >>>>>>>>>>> >>>>>>>>>>> If you make a request like: >>>>>>>>>>> >>>>>>>>>>> $ curl -v http://www.example.com:7777/something >>>>>>>>>>> >>>>>>>>>>> I wouldn't expect a redirect because of your "host" condition. >>>>>>>>>>> >>>>>>>>>>> The >>>>>>>>>>> >>>>>>>>>>> "%{HTTP_HOST} example.com" looks at the entire Host header >>>>>>>>>>> >>>>>>>>>>> and >>>>>>>>>>> >>>>>>>>>>> not >>>>>>>>>>> >>>>>>>>>>> just >>>>>>>>>>> anything that ends in "example.com". You'd have to use a >>>>>>>>>>> >>>>>>>>>>> glob/regex if >>>>>>>>>>> >>>>>>>>>>> you wanted to check for [anything and maybe nothing.] >>>>>>>>>>> >>>>>>>>>>> example.com. >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> You'd also have to make sure that your application is serving >>>>>>>>>>> >>>>>>>>>>> responses >>>>>>>>>>> >>>>>>>>>>> to requests to / which is why I'm recommending you use the >>>>>>>>>>> >>>>>>>>>>> ROOT >>>>>>>>>>> >>>>>>>>>>> web >>>>>>>>>>> >>>>>>>>>>> application name instead of "towl". >>>>>>>>>>> >>>>>>>>>>> -chris >>>>>>>>>>> >>>>>>>>>>> On Fri, Apr 19, 2024 at 1:21 PM Christopher Schultz < >>>>>>>>>>> >>>>>>>>>>> ch...@christopherschultz.net> wrote: >>>>>>>>>>> >>>>>>>>>>> Ammu, >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> On 4/18/24 09:34, lavanya tech wrote: >>>>>>>>>>> >>>>>>>>>>> I am attaching server.xml and context.xml and >>>>>>>>>>> >>>>>>>>>>> rewrite.config >>>>>>>>>>> >>>>>>>>>>> files. >>>>>>>>>>> >>>>>>>>>>> The paths are >>>>>>>>>>> >>>>>>>>>>> /git/app/apache-tomcat-10.1.11/webapps/towl/context.xml >>>>>>>>>>> <Context> >>>>>>>>>>> <Valve >>>>>>>>>>> >>>>>>>>>>> className="org.apache.catalina.valves.rewrite.RewriteValve" >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> /> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> <!-- Other context configuration --> >>>>>>>>>>> </Context> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> This file ^^^ is in the wrong place. It should be in >>>>>>>>>>> >>>>>>>>>>> /git/app/apache-tomcat-10.1.11/webapps/towl/META-INF/context.xml >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> /git/app/apache-tomcat-10.1.11/webapps/towl/WEB-INF/rewrite.config >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> <RewriteCond %{HTTP_HOST} example.com [NC] >>>>>>>>>>> <RewriteRule ^/(.*)$ https://www.example.com:7777/example >>>>>>>>>>> >>>>>>>>>>> [R=301,L] >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> Why do you have < symbols at the beginning of these lines? >>>>>>>>>>> >>>>>>>>>>> server.xml >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> > [...] >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> <Host name="example.com" appBase="webapps" >>>>>>>>>>> >>>>>>>>>>> unpackWARs="true" >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> autoDeploy="true"> >>>>>>>>>>> >>>>>>>>>>> <Context path="" docBase="towl" /> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> It's best not to define any <Context> in server.xml. I would >>>>>>>>>>> >>>>>>>>>>> remove >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> this >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> <Context> entirely and allow Tomcat to auto-reploy from your >>>>>>>>>>> >>>>>>>>>>> webapps/towl directory. If you need this application to be >>>>>>>>>>> >>>>>>>>>>> deployed >>>>>>>>>>> >>>>>>>>>>> as >>>>>>>>>>> the ROOT context (on / and not /towl) then you should >>>>>>>>>>> >>>>>>>>>>> re-name >>>>>>>>>>> >>>>>>>>>>> /git/app/apache-tomcat-10.1.11/webapps/towl to >>>>>>>>>>> /git/app/apache-tomcat-10.1.11/webapps/ROOT >>>>>>>>>>> >>>>>>>>>>> You also don't need a <Host> for example.com as well as >>>>>>>>>>> >>>>>>>>>>> adding >>>>>>>>>>> >>>>>>>>>>> an >>>>>>>>>>> >>>>>>>>>>> <Alias> for the same domain (though this is probably to >>>>>>>>>>> >>>>>>>>>>> anonymize the >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>> >>>>>>>>> --------------------------------------------------------------------- >>>>>>>>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >>>>>>>>> For additional commands, e-mail: users-h...@tomcat.apache.org >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>> >>>>>>> --------------------------------------------------------------------- >>>>>>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >>>>>>> For additional commands, e-mail: users-h...@tomcat.apache.org >>>>>>> >>>>>>> >>>>>>> >>>>>> >>>>> --------------------------------------------------------------------- >>>>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >>>>> For additional commands, e-mail: users-h...@tomcat.apache.org >>>>> >>>>> >>>>> >>> >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >> For additional commands, e-mail: users-h...@tomcat.apache.org >> >>