I have one subdomain(test.XXXX.com) pointed to AWS ELB that accepts HTTP(80) and HTTPS(443) requests. I have configured SSL certificated for for 443 for HTTPS connection. I have tried doing HTTP to HTTPS redirects at Tomcat level by changing web.xml and server.xml as mentioned in
http://www.journaldev.com/160/steps-to-configure-ssl-on-tomcat-and-setup-auto-redirect-from-http-to-https
But the problem is that I need one endpoint for AWS ELB health check that does not do the HTTP to HTTPS redirect. I have tried different solution but no success.I also tried
<security-constraint>
<web-resource-collection>
<web-resource-name>Protected Context</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
<security-constraint>
<web-resource-collection>
<web-resource-name>Protected Context</web-resource-name>
<url-pattern>/XXXXX/XXXXXX.html</url-pattern>
</web-resource-collection>
</security-constraint>
And my server server.xml has following configuration as
<Connector port="80" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="443" />
<Connector port="443" maxThreads="2000" scheme="https" secure="true" SSLEnabled="true" keystoreFile="/home/XXXXX/XXXXX.keystore"
keystorePass="XXXXX" clientAuth="false" keyAlias="XXXX"
sslProtocol="TLS" protocol="org.apache.coyote.http11.Http11Protocol"/>
But when try to access it through browser it gives exception as ERR_TOO_MANY_REDIRECTS.
Select a load balancer, and then choose HTTP Listener. Under Rules, choose View/edit rules. Choose Edit Rule to modify the existing default rule to redirect all HTTP requests to HTTPS. Or, insert a rule between the existing rules (if appropriate for your use case).
Classic Load Balancers can't redirect HTTP traffic to HTTPS by default. Instead, configure your rewrite rules for the web servers instances behind the Classic Load Balancer. You must configure your rewrite rules to use the X-Forwarded-Proto header and redirect only HTTP clients.
Now AWS ELB supports two new actions: redirect and fixed-response. You can configure these actions as part of the content-based routing rules, enabling you to offload this functionality to the load balancer
With redirect actions, the load balancer can redirect incoming requests from one URL to another URL. This includes the capability to redirect HTTP requests to HTTPS requests.
I have a solution to your problem but it does not concern tomcat.
You could use a Cloudfront distribution.
Let me underline a few key configs for achieving this through a Cloudfront Distribution:
So effectively what this does is, it takes the redirection off of tomcat and is handled at the cloudfront level. All requests by default are redirected to HTTPS while just for the /healthcheck path HTTP requests are allowed. Redirection need not be handled at lower levels. Please let me know if this works for you. Also, please note that route53 and cloudfront changes take time to propogate. so please wait sufficiently enough for a successful test
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With