Hi I have a Tomcat 8.5 with Java 1.8 on Windows with Nginx reverse proxy.
When I access https://joe:p4zzw...@example.org/manager/ the request goes to Nginx, which proxy_pass it to http://srv321.local:8080/ Authentication appears right away but the first response from Tomcat is Location: http://example.org/manager/html?....NONCE... note the SSL has been cut off. I can then manually go to the URL and change 'http' to 'https' and then it works fine with SSL all the way around. The location redirect has been seen on the network with "tcpdump -X", to make sure it was not Nginx which was redirecting something. In webapps/WEB-INF/web.xml I have tried add: <security-constraint> <web-resource-collection> <web-resource-name>HTTPSOnly</web-resource-name> <url-pattern>/*</url-pattern> </web-resource-collection> <user-data-constraint> <transport-guarantee>CONFIDENTIAL</transport-guarantee> </user-data-constraint> </security-constraint> but that did not work either. Is there a way to avoid being redirected from HTTPS to HTTP? Thanks. -- Venlig hilsen - best regards Hans Schou
