On 17/12/2014 17:10, Lyallex wrote:
> Tomcat 7.0.42
> jdk1.7.0_51
> Ubuntu 12.04/CentOS dev/deploy
>
> I have been reading more and more about Google and the like
> prioritising sites that employ https/ssl by default. Currently my site
> does not use https but delegates payment to a secure payment provider
> who does, thusly I have avoided going through the pain of
> certification etc, now it appears I have little option but to
> implement https site wide. I have managed to get a keystore going and
> have configured tomcat to serve a self signed certificate when
> accessing the site by https (default port 443)
>
> so http://localhost accesses the home page
> and https://localhost pops up a warning in Firefox regarding an
> unknown certification authority. This is all good and I'm pretty sure
> I understand so far.
>
> I have noticed that if I type http://www.google.co.uk in to a browser
> the address is automatically changed (redirected) to
> https://www.google.co.uk and I would like the same to happen to my
> site.
>
> Here is the question.
> Is this 'redirection' something I need to configure myself , (can it
> be done in server.xml for example) or is this something the people I
> rent my server from need to do at their end.
It depends on exactly how things are set up.
The first thing I would try is adding something like the following to
your web.xml:
<security-constraint>
<web-resource-collection>
<web-resource-name>Everything</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
If I have remembered my syntax correctly, that should route every
request to https if it isn't already.
Mark
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
