Redirecting HTTP to HTTPS

Gabriel · May 10, 2018, 8:00pm

I am struggling with this issue and cannot get it work. I have added the following to modules/web/web/WEB-INF/web.xml file:

<security-constraint>
    <web-resource-collection>
        <web-resource-name>Everything in the webapp</web-resource-name>
        <url-pattern>/*</url-pattern>
    </web-resource-collection>
    <user-data-constraint>
        <transport-guarantee>CONFIDENTIAL</transport-guarantee>
    </user-data-constraint>
</security-constraint>

The redirection is happening but it goes to port 8443 and I’m getting a timeout on https://mydomain.com:8443

Then I have edited server.xml and this connector to redirect to 443:

<Connector port="80" protocol="HTTP/1.1" connectionTimeout="20000" redirectPort="443"/>

But now I’m getting this error: “mydomain.com redirected you too many times” in the (Chrome) browser.

I feel that I’m missing something here. I hope someone can help me out.

rabkesov · May 11, 2018, 8:41pm

Hi @Gabriel,

the best option is to have Nginx proxy to manage HTTPS-requests.

Please consider to use Nginx, especially in production mode. The following post can help to configure it.

Best regards,
Ivan

Gabriel · May 14, 2018, 1:50am

I found a solution without using Nginx.

On top of the above mentioned changes, I just had to add the following to server.xml:

<Valve className="org.apache.catalina.valves.RemoteIpValve" remoteIpHeader="x-forwarded-for" protocolHeader="x-forwarded-proto" protocolHeaderHttpsValue="https" />

Using the X-Forwarded-Proto header of the HTTP request, changes the web server’s rewrite rule to apply only if the client protocol is HTTP and ignore the rewrite rule for all other protocols used by the client. This solved my issue and hopefully will help others.

Further on, the question is if would be possible to have this written somewhere in the cuba-platform files and have this line generated into server.xml during deployment. I’m new to cuba-platform, so I’m not sure if my question make sense.

rabkesov · May 14, 2018, 1:24pm

Thank you for your valuable solution, Gabriel! We’ll add this to our documentation. In the near future we are planning to add How-to category, so I think your post will appear there one of the first.

artamonov · March 11, 2019, 7:41am

5 posts were split to a new topic: Redirecting to HTTPs with IDP