SET UP TOMCAT TO REDIRECT HTTP REQUESTS TO HTTPS

 

 
We had Tomcat app server,
accepting both HTTP and HTTPS requests. We wanted to restrict it so
that all JIRA access was only via SSL. The config changes were pretty
simple.
1. Change Tomcat’s server.xml.
Edit the non-SSL <Connector> entry listening on port 80 and add or
edit the redirectPort atribute to point to the port on which the SSL
<Connector> is listening. By default, the redirectPort was pointing
to port 443.
Was:
<Connector port=”80″
enableLookups=”false” redirectPort=”8443
maxThreads=”100″ minSpareThreads=”100″ maxSpareThreads=”100″/>

Changed to:
<Connector port=”80″
enableLookups=”false” redirectPort=”443
maxThreads=”100″ minSpareThreads=”100″ maxSpareThreads=”100″/>
Because the SSL entry was:

2. In the Tomcat web.xml file the following <security-constraint> has
to be added within the <web-app> element. This new element must be
added after the <servlet-mapping> element:

<!– SSL settings. only allow HTTPS access to JIRA –>
<security-constraint>
<web-resource-collection>
<web-resource-name>Entire Application</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s