Tomcat – How to configure tomcat to use both http and https in the same application

configurationhttphttpstomcat

I understand that URL patterns can be used to have some handled under HTTP and others under HTTPS.

Let's imagine a web application with two servlets, each accessed with different URL patters (for example …/myapp/servlet1 and …/myapp/servlet2), how can I have to first one handled by HTTP and the second with HTTPS?

Can you provide a configuration example?

Thanks!

Best Answer

The main idea here is that you want to specify which pages are using SSL

Using SSL in Tomcat requires 3 main step:

You first need to create a SSL certificate. For instance you can use the tool provided with the JDK: keytool. For instance: keytool -genkey -alias tomcat -keyalg RSA -keystore keystore.ssl. You will be asked for a password, and once you filled all information needed, press RETURN to use the same password. Move the file created under CATALINA_HOME.
You then need to enable the SSL connector in tomcat. To do so, in conf/server.xml, for instance: http://fpaste.org/w3yu/ (SECTION 1)
You need to specify in your application which URL require the usage of SSL. As an example, let's take the manager application. In WEB-INF/web.xml just before </security-constraint>, add the following: Same link as above but see SECTION 2.

I know this is very brief but that should give you a lead of what to do :)

Related Solutions

nginx HTTPS – How to Serve HTTPS with Same Config as HTTP

You can combine this into one server block like so:

server {
    listen 80;
    listen 443 default_server ssl;

    # other directives
}

Official How-To

Nginx – Handling http and https requests using a single port with nginx

According to wikipedia article on status codes, Nginx has a custom error code when http traffic is sent to https port(error code 497)

And according to nginx docs on error_page, you can define a URI that will be shown for a specific error.
Thus we can create a uri that clients will be sent to when error code 497 is raised.

nginx.conf

#lets assume your IP address is 89.89.89.89 and also that you want nginx to listen on port 7000 and your app is running on port 3000

server {
    listen 7000 ssl;
 
    ssl_certificate /path/to/ssl_certificate.cer;
    ssl_certificate_key /path/to/ssl_certificate_key.key;
    ssl_client_certificate /path/to/ssl_client_certificate.cer;

    error_page 497 301 =307 https://89.89.89.89:7000$request_uri;

    location / {
        proxy_pass http://89.89.89.89:3000/;

        proxy_pass_header Server;
        proxy_set_header Host $http_host;
        proxy_redirect off;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-Protocol $scheme;
    }
}

However if a client makes a request via any other method except a GET, that request will be turned into a GET. Thus to preserve the request method that the client came in via; we use error processing redirects as shown in nginx docs on error_page

And thats why we use the 301 =307 redirect.

Using the nginx.conf file shown here, we are able to have http and https listen in on the same port

Best Answer

Related Solutions

nginx HTTPS – How to Serve HTTPS with Same Config as HTTP

Nginx – Handling http and https requests using a single port with nginx

nginx.conf

Related Topic