tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From André Warnier (tomcat) ...@ice-sa.com>
Subject Re: http to https redirect 301
Date Wed, 03 May 2017 08:10:52 GMT
On 03.05.2017 09:23, Yuval Schwartz wrote:
> Thanks, comments below.
>
> On Tue, May 2, 2017 at 10:43 AM, Mark Thomas <markt@apache.org> wrote:
>
>> On 02/05/2017 07:51, Yuval Schwartz wrote:
>>> Thanks, remarks below.
>>>
>>> On Tue, May 2, 2017 at 12:12 AM, Mark Thomas <markt@apache.org> wrote:
>>>
>>>> On 01/05/17 14:23, Yuval Schwartz wrote:
>>>>> Tomcat version: 8.0.22
>>>>> jdk: 1.8.0_05
>>>>>
>>>>> I have a webapp that uses a tomcat server behind a load balancer.
>>>>>
>>>>> I recently added a the option to connect to my webapp via https.
>>>>>
>>>>> I would like to redirect all http requests to https.
>>>>> I achieved this by implementing the instruction outlined here:
>>>>> https://elastx.zendesk.com/hc/en-us/articles/214238826-
>>>> Force-https-with-Tomcat
>>>>>
>>>>> However, I notice that this performs a redirect with repsonse code 302
>>>>> (moved temporarily). I would like the response code to be 301.
>>>>>
>>>>> I found this bug report on the matter:
>>>>> https://bz.apache.org/bugzilla/show_bug.cgi?id=59399
>>>>>
>>>>> Does this mean that in order to achieve a 301 redirect, I need to
>> update
>>>> my
>>>>> tomcat version?
>>>>
>>>> Yes.
>>>>
>>>
>>> Will this automatically make the redirect use a 301 response code, or is
>>> there a setting that I need to set?
>>
>> https://tomcat.apache.org/tomcat-8.0-doc/config/realm.
>> html#Common_Attributes
>> transportGuaranteeRedirectStatus
>>
>>>>> Is there anyway to achieve a 301 redirect without updating
>>>>> the tomcat version?
>>>>
>>>> Without patching Tomcat, no. And that isn't recommended.
>>
>
> Just to be clear, what "isn't recommended"? Not upgrading regularly?

Double negative interrogative forms are hard to answer.
What is not recommended is patching tomcat, for the reason detailed in Mark's next 
paragraph below : new minor releases would overwrite your patch.
What is recommended is to keep your tomcat installation such, that installing a new minor

release does not cause grief.
There is information about that in the "/RUNNING.txt" file which comes with every tomcat 
release.


>
>>>>
>>>>
>>> I actually didn't know that I should be updating minor versions
>> regularly.
>>> Is there any recommendation as to the frequency that I should be doing
>> this?
>>
>> There is no fixed recommendation. However, the Tomcat team does not
>> produce patch releases, only new minor versions. It comes down to
>> whenever there is a bug or security vulnerability fixed that you care
>> about.
>>
>> Mark
>>
>
> Thank you.
>
>
>>
>>
>>>
>>>
>>>> Mark
>>>>
>>>
>>> Thank you.
>>>
>>>
>>>>
>>>>
>>>> ---------------------------------------------------------------------
>>>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>>>> For additional commands, e-mail: users-help@tomcat.apache.org
>>>>
>>>>
>>>
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>> For additional commands, e-mail: users-help@tomcat.apache.org
>>
>>
>


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message