tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Björn Raupach <raup...@me.com>
Subject Re: Virtual Hosting, HTTP 302 to HTTPS?
Date Mon, 01 Feb 2016 15:38:14 GMT

> On 01 Feb 2016, at 16:29, Jeffrey Janner <Jeffrey.Janner@PolyDyne.com> wrote:
> 
>> -----Original Message-----
>> From: Mark Thomas [mailto:markt@apache.org]
>> Sent: Monday, February 01, 2016 9:21 AM
>> To: Tomcat Users List <users@tomcat.apache.org>
>> Subject: Re: Virtual Hosting, HTTP 302 to HTTPS?
>> 
>> On 1 February 2016 14:07:57 GMT+00:00, "Björn Raupach" <raupach@me.com>
>> wrote:
>>> Dear group,
>>> 
>>> I have two web applications (a,b) that are both reachable via
>>> subdomains:
>>> 
>>> a.example.com <http://a.example.com/>
>>> b.example.com <http://b.example.com/>
>>> 
>>> For b.example.com <http://b.example.com/> exists a SSL certificate.
>>> a.example.com <http://a.example.com/> does not need SSL.
>>> The HTTPS connector uses a a Java keystore with the certificate.
>>> 
>>> I configured Apache Tomcat 8.0.20 with Virtual Hosting.
>>> 
>>> CATALINA_HOME/webapps_a
>>> CATALINA_HOME/webapps_b
>>> 
>>> The server.xml has been adjusted.
>>> 
>>> <Engine name="Catalina" defaultHost="b">
>>> 
>>> <Host name="a" appBase="webapps_a" unpackWARs="true" autoDeploy="true">
>>>  ...
>>> </Host>
>>> 
>>> <Host name="b" appBase="webapps_b" unpackWARs="true" autoDeploy="true">
>>>  ...
>>> </Host>
>>> 
>>> </Engine>
>>> 
>>> Both web apps are deployed using ROOT.war. They get unpacked and there
>>> are no errors in the log files.
>>> 
>>> Here is my problem. b works fine, but I can't reach a.
>>> 
>>> curl -I http://a.example.com <http://a.example.com/>
>>> HTTP/1.1 302 Found
>>> Server: Apache-Coyote/1.1
>>> Cache-Control: private
>>> Expires: Thu, 01 Jan 1970 01:00:00 CET
>>> Location: https://a.example.com <https://a.example.com/>
>>> Content-Length: 0
>>> Date: Mon, 01 Feb 2016 13:52:32 GMT
>>> 
>>> curl -I http://b.example.com <http://b.example.com/>
>>> HTTP/1.1 302 Found
>>> Server: Apache-Coyote/1.1
>>> Cache-Control: private
>>> Expires: Thu, 01 Jan 1970 01:00:00 CET
>>> Location: https://b.example.com <https://b.example.com/>
>>> Content-Length: 0
>>> Date: Mon, 01 Feb 2016 13:52:54 GMT
>>> 
>>> The redirect sets Location to https. I know this can't work because I
>>> have no
>>> certificate for srv.grasmueck.de <http://srv.grasmueck.de/> nor do I
>>> need https.
>>> 
>>> And I see the web application `b` instead of `a` despite the error.
>>> 
>>> Do I need a Apache HTTPD fronted?
>> 
>> No.  The name of your virtual host (or one of its aliases) must match
>> the host header. If they don't match the default host will be used.
>> 
>> Given that you've already told us one of the real host names, you might
>> as well show us the real configuration and the real request if you need
>> help spotting the configuration error.
>> 
>> Mark
>> 
> Since the information provided shows that both URLs are responding with a 302 redirect
to the HTTPS connector with the same hostname as provided, I'd say that his server.xml configuration
is working correctly.
> Obviously, there is something in both webapps that is forcing the redirect.
> Might I suggest the OP take a look at the web.xml file for the A host to see if he can
see that it is indeed requesting the redirect?  (hint: <security-constraint> section.)
> Jeff

Hi Jeff,

the web application with the certificate does have a security constraint in the web.xml.

<security-constraint>
        <web-resource-collection>
            <url-pattern>/index.xhtml</url-pattern>
        </web-resource-collection>
        <user-data-constraint>
            <transport-guarantee>CONFIDENTIAL</transport-guarantee>
        </user-data-constraint>
</security-constraint>

> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org <mailto:users-unsubscribe@tomcat.apache.org>
> For additional commands, e-mail: users-help@tomcat.apache.org <mailto:users-help@tomcat.apache.org>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message