Hi Chris, Sorry, If I did confuse. It’s important that https://server.lbg.com:8443/towl is always working. Goal is not to disable /towl, but just redirect or aliasing
https//example.lbg.com/ to https://server.lbg.com:8443/towl Thanks, Lavanya On Monday, May 13, 2024, Christopher Schultz <ch...@christopherschultz.net> wrote: > Lavanya, > > On 5/13/24 05:57, lavanya tech wrote: > >> Somehow made it work now i can only access urls as you mentioned before >> https://example.lbg.com and https://server.lbg.com with port 8443 and >> with >> out >> >> https://example.lbg.com/towl and https://server.lbg.com/towl --> I >> have an >> error now File not found. >> >> So i think we need to make work https://example.lbg.com/ to >> https://server.lbg.com/towl >> > > I'm sorry, I'm still confused as to which way you want things. > > Do you want to redirect /towl -> / or do you want to redirect / - > /towl? > > Or does it depend upon the hostname? It would really be better if you > could settle on one specific beahvior. > > -chris > > On Mon, May 13, 2024 at 9:41 AM lavanya tech <lavanyatech...@gmail.com> >> wrote: >> >> Hi Chris, >>> >>> Where are you defining the RewriteValve itself? >>> >>> Defined rewritevalve here >>> <Host name="localhost" appBase="webapps" >>> unpackWARs="true" autoDeploy="true"> >>> >>> <Valve >>> className="org.apache.catalina.valves.rewrite.RewriteValve" /> >>> resource="conf/rewrite.config" /> >>> >>> 2) reated rewrite.config and added as below under conf/ >>> >>> RewriteCond %{REQUEST_URI} ^/towl/(.*) >>> RewriteRule ^/towl/(.*) https://example.lbg.com/%1 [R] >>> >>> 3) After renaming towl to ROOT -> /webapps/ROOT/WEB-INF/web.xml ( I >>> already have this mappings /* in web.xml file) >>> >>> <security-constraint> >>> <web-resource-collection> >>> <web-resource-name>Logging Area</web-resource-name> >>> <description> >>> Authentication for registered users. >>> </description> >>> <url-pattern>/*</url-pattern> >>> <url-pattern>/api/v1/search</url-pattern> <!-- protect search >>> endpoint whitelisted above --> >>> <url-pattern>/api/v1/suggest/*</url-pattern> <!-- protect >>> suggest >>> endpoint whitelisted above --> >>> </web-resource-collection> >>> <auth-constraint> >>> <role-name>LDAP_USER</role-name> >>> <role-name>api</role-name> >>> </auth-constraint> >>> </security-constraint> >>> >>> 4) Restarted Tomcat, Then I cannot access https://server.lbg.com:8443/to >>> wl >>> --> Have below error >>> >>> Message java.nio.file.NoSuchFileException: >>> /git/apache-tomcat-10.1.11/webapps/towl/WEB-INF/lib/xss-1.0.8.jar >>> >>> Description The server encountered an unexpected condition that prevented >>> it from fulfilling the request. >>> >>> 5) Also https://example.lbg.com doesnot work anymore >>> >>> Before you do anything with redirecting, can you just make sure you are >>> only deploying ROOT.war and nothing else? >>> How can I do that. I already changed towl.war to ROOT.war >>> >>> But still both the urls have error as mentioned above. >>> >>> >>> Si I revereted back the changes. >>> That's weird. Try stopping, deleting the work/ directory and restarting. >>> --> I have this wierd behavior for some reason, thoudh index.jsp is >>> located >>> no changes were made to file. After deleting cookies url works >>> >>> where Am I going wrong. >>> >>> Thanks, >>> Lavanya >>> >>> >>> On Fri, May 10, 2024 at 6:50 PM Christopher Schultz < >>> ch...@christopherschultz.net> wrote: >>> >>> Lavanya, >>>> >>>> On 5/10/24 04:37, lavanya tech wrote: >>>> >>>>> I tried the below and have the issues. >>>>> >>>>> 1)proxyPort="443" and proxyName="example.lbg.com" to the connector >>>>> 2) remanmed towl.war to ROOT.war >>>>> 3) created rewrite.config and added as below under conf/ >>>>> >>>> >>>> Where are you defining the RewriteValve itself? >>>> >>>> RewriteCond %{REQUEST_URI} ^/towl/(.*) >>>>> RewriteRule ^/towl/(.*) https://example.lbg.com/%1 [R] >>>>> >>>> >>>> If this is being handled by the ROOT servlet then I think it's right. >>>> >>>> 4) added this in web.xml file of /webapps/towl/web.xml/ >>>>> >>>>> <!-- Servlet mappings --> >>>>> <!-- Add your existing servlet mappings here --> >>>>> >>>>> <!-- Security constraint to restrict access to /towl path --> >>>>> <security-constraint> >>>>> <web-resource-collection> >>>>> <web-resource-name>Restricted Access to >>>>> /towl</web-resource-name> >>>>> <url-pattern>/towl/*</url-pattern> >>>>> >>>> >>>> No, this is wrong. Since this is the "towl" application and not ROOT, >>>> you want to map /* and not /towl/* because the application will never >>>> see the /towl/ as it's an application/context prefix that Tomcat will >>>> remove. >>>> >>>> </web-resource-collection> >>>>> <auth-constraint> >>>>> <!-- Deny access to all roles --> >>>>> </auth-constraint> >>>>> </security-constraint> >>>>> >>>>> Also I noticed that even if I rename the towl application to ROOT, when >>>>> >>>> i >>>> >>>>> call the url with https://example.lbg.com/towl --> this towl directory >>>>> >>>> is >>>> >>>>> getting created under webapps by default >>>>> >>>> >>>> If webapps/towl is being created, then it's happening for some other >>>> reason. Do you have anything under conf/Catalina/*/towl.xml which points >>>> to a WAR file or something? If so, remove that. >>>> >>>> 5) Resarted tomcat and I have the below error and all the urls have the >>>>> same issue >>>>> >>>>> Message org.apache.jasper.JasperException: >>>>> java.lang.ClassNotFoundException: org.apache.jsp.index_jsp >>>>> >>>> >>>> That's weird. Try stopping, deleting the work/ directory and restarting. >>>> >>>> Description The server encountered an unexpected condition that >>>>> >>>> prevented >>>> >>>>> it from fulfilling the request. >>>>> >>>>> Exception >>>>> >>>>> org.apache.jasper.JasperException: org.apache.jasper.JasperException: >>>>> java.lang.ClassNotFoundException: org.apache.jsp.index_jsp >>>>> >>>>> org.apache.jasper.servlet.JspServletWrapper.handleJspExcepti >>>> on(JspServletWrapper.java:578) >>>> >>>>> >>>>> org.apache.jasper.servlet.JspServletWrapper.service(JspServl >>>> etWrapper.java:422) >>>> >>>>> org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServl >>>>> et.java:380) >>>>> org.apache.jasper.servlet.JspServlet.service(JspServlet.java:328) >>>>> jakarta.servlet.http.HttpServlet.service(HttpServlet.java:658) >>>>> org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:51) >>>>> >>>> >>>> Before you do anything with redirecting, can you just make sure you are >>>> only deploying ROOT.war and nothing else? >>>> >>>> This should allow you to reach the application at both >>>> https://example.lbg.com/ and https://server.lbg.com/ as well as both of >>>> those with port 8443. >>>> >>>> Then use the applications and make sure they are working as expected. >>>> Then, we'll add the /towl handling. >>>> >>>> -chris >>>> >>>> On Thu, May 9, 2024 at 11:20 PM Christopher Schultz < >>>>> ch...@christopherschultz.net> wrote: >>>>> >>>>> Lavanya, >>>>>> >>>>>> On 5/9/24 13:48, lavanya tech wrote: >>>>>> >>>>>>> Thank you so much for your explanation. I will try these options. >>>>>>> >>>>>>> Do server and example both resolve to the same IP? >>>>>>> -yes >>>>>>> >>>>>> >>>>>> Good, that significantly reduces the complexity required, since you >>>>>> can >>>>>> do it will a single process (Tomcat) in a single environment. >>>>>> >>>>>> So I need follow both 4a/b and 5a/b steps here or any of them ? >>>>>>> >>>>>>> If I setup exactly by using below steps , then I should access both >>>>>>> >>>>>> the >>>> >>>>> urls right ? https://server.lbg.com:8443/towl and >>>>>>> >>>>>> https://example.lbg.com >>>>>> >>>>>> If you visit either hostname with /towl, you will be redirected to >>>>>> example.lbg.com/ with no port number. example:8443 will still work >>>>>> and >>>>>> no redirect will take place... unless you specifically make >>>>>> >>>>> arrangements >>>> >>>>> for that. We can do that later if you really want to. >>>>>> >>>>>> Let's get the other things working, first. >>>>>> >>>>>> -chris >>>>>> >>>>>> On Thursday, May 9, 2024, Christopher Schultz < >>>>>>> >>>>>> ch...@christopherschultz.net> >>>>>> >>>>>>> wrote: >>>>>>> >>>>>>> Lavanya, >>>>>>>> >>>>>>>> On 5/9/24 02:58, lavanya tech wrote: >>>>>>>> >>>>>>>> Just giving background again of this topic again. >>>>>>>>> >>>>>>>>> 1) The application team who is working they wanted to access the >>>>>>>>> url >>>>>>>>> https://server.lbg.com:8443/towl —> which should redirect or point >>>>>>>>> >>>>>>>> to >>>> >>>>> https://example.lbg.com >>>>>>>>> >>>>>>>>> Is that a typo? You want specifically https://server.lbg.com/towl >>>>>>>>> >>>>>>>> and >>>> >>>>> https://example.lbg.com/ to point to your application? >>>>>>>>> — It’s not the Typo the requirements are still >>>>>>>>> the >>>>>>>>> >>>>>>>> same. >>>>>> >>>>>>> >>>>>>>>> >>>>>>>> Okay. >>>>>>>> >>>>>>>> Do server and example both resolve to the same IP? >>>>>>>> >>>>>>>> 2) Hence I added firewall rule to redirect port 443 to 8443. And the >>>>>>>> >>>>>>> url >>>> >>>>> https://example.lbg.com started working but its pointing to >>>>>>>>> https://server.lbg.com:8443 indeed and not >>>>>>>>> >>>>>>>> https://server.lbg.com:8443/to >>>>>> >>>>>>> wl >>>>>>>>> >>>>>>>>> But then they wanted the point 1 to have it. If I understood >>>>>>>>> >>>>>>>> correctly. So >>>>>> >>>>>>> basically to achieve this we wanted a reverse proxy setup ? >>>>>>>>> >>>>>>>>> I didnot define any additional host in server.xml file on just left >>>>>>>>> >>>>>>>> to >>>> >>>>> default to local host. >>>>>>>>> >>>>>>>>> >>>>>>>> Here's what you have to do in order to support this odd >>>>>>>> >>>>>>> configuration. >>>> >>>>> >>>>>>>> 1. Configure your firewall to route port 443 -> 8443. I suspect this >>>>>>>> >>>>>>> is >>>> >>>>> already done. >>>>>>>> >>>>>>>> 2. Deploy Tomcat on server.lbg.com with a <Connector> on port 8443. >>>>>>>> >>>>>>> This >>>>>> >>>>>>> is the default, so there shouldn't be anything to do. I suspect this >>>>>>>> >>>>>>> is >>>> >>>>> already done. You should set proxyPort="443" and proxyName=" >>>>>>>> example.lbg.com" in your <Connector>. This will ensure that any >>>>>>>> URLs >>>>>>>> generated by Tomcat or your application will point to >>>>>>>> https://example.lbg.com/ and not to server.lbg.com or have a port >>>>>>>> >>>>>>> number >>>>>> >>>>>>> or whatever. >>>>>>>> >>>>>>>> 3. Re-name your application directory or WAR file from towl -> ROOT >>>>>>>> >>>>>>> (upper >>>>>> >>>>>>> case is important). So if you have tomcat/webapps/towl re-name that >>>>>>>> >>>>>>> to >>>> >>>>> tomcat/webapps/ROOT or if you have tomcat/webapps/towl.war re-name >>>>>>>> >>>>>>> that >>>> >>>>> to >>>>>> >>>>>>> tomcat/webapps/ROOT.war. >>>>>>>> >>>>>>>> The last thing to do is get /towl to re-direct to /. There are a few >>>>>>>> >>>>>>> ways >>>>>> >>>>>>> of doing that. >>>>>>>> >>>>>>>> 4a. Configure your application (now called ROOT and deployed on / >>>>>>>> and >>>>>>>> >>>>>>> not >>>>>> >>>>>>> /towl anymore) to handle the /towl URL and specifically redirect this >>>>>>>> >>>>>>> back >>>>>> >>>>>>> to /. This is oddly specific and has the application trying to >>>>>>>> >>>>>>> redirect >>>> >>>>> to >>>>>> >>>>>>> itself which is weird. >>>>>>>> >>>>>>>> 4b. Create a new application called towl or towl.war which will be >>>>>>>> deployed on /towl and have THAT redirect to /. I think this is >>>>>>>> >>>>>>> cleaner >>>> >>>>> because you can call the application anything you'd like and it will >>>>>>>> >>>>>>> still >>>>>> >>>>>>> work. You don't have to match URL patterns yourself, you just re-name >>>>>>>> >>>>>>> the >>>>>> >>>>>>> WAR file if you suddenly want to use /towl2 instead of /towl. >>>>>>>> >>>>>>>> There are several ways to redirect. >>>>>>>> >>>>>>>> 5a. Use the rewrite valve and map /(*) to (global redirect) /\1. A >>>>>>>> >>>>>>> few >>>> >>>>> notes: (1) the (*) means "capture this string" and \1 means "put the >>>>>>>> >>>>>>> string >>>>>> >>>>>>> back. This allows you to redirect /towl/foo/bar to /foo/bar instead >>>>>>>> >>>>>>> of >>>> >>>>> losing the /foo/bar. This syntax may not be perfect, adapt it to your >>>>>>>> needs. (2) Remember that the towl application is deployed on /towl >>>>>>>> so >>>>>>>> >>>>>>> you >>>>>> >>>>>>> don't want to redirect /towl/foo/bar you only want redirect /foo/bar >>>>>>>> >>>>>>> since >>>>>> >>>>>>> the URL will be relative to the current context (/towl). Got that? >>>>>>>> >>>>>>> Finally, >>>>>> >>>>>>> (3) you need to use a global redirect that does *NOT* redirect back >>>>>>>> >>>>>>> to >>>> >>>>> the >>>>>> >>>>>>> /towl application. Normally, if you redirect to /foo you'll get an >>>>>>>> application-relative redirect from something like a rewrite >>>>>>>> valve/filter/whatever. Take care to redirect relative to the SERVER >>>>>>>> >>>>>>> and >>>> >>>>> not >>>>>> >>>>>>> to the application. >>>>>>>> >>>>>>>> 5b. Write your own servlet to do a specific redirect. >>>>>>>> >>>>>>>> I hope that helps, >>>>>>>> -chris >>>>>>>> >>>>>>>> On Wednesday, May 8, 2024, Christopher Schultz < >>>>>>>> >>>>>>>>> ch...@christopherschultz.net> >>>>>>>>> wrote: >>>>>>>>> >>>>>>>>> Lavanya, >>>>>>>>> >>>>>>>>>> >>>>>>>>>> On 5/8/24 06:48, lavanya tech wrote: >>>>>>>>>> >>>>>>>>>> I figured out how I can it make it work with 443. Now the URls are >>>>>>>>>> >>>>>>>>>>> working. >>>>>>>>>>> I added iptables route 443 to 8443 and it started working. >>>>>>>>>>> >>>>>>>>>>> nslookup example.lbg.com >>>>>>>>>>> >>>>>>>>>>> Non-authoritative answer: >>>>>>>>>>> Name: server.lbg.com >>>>>>>>>>> Address: 192.168.200.105 >>>>>>>>>>> Aliases: example.lbg.com >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> I have some application towl running with apache tomcat. I have >>>>>>>>>>> >>>>>>>>>> the >>>> >>>>> below >>>>>>>>>>> URLs working. >>>>>>>>>>> >>>>>>>>>>> https://server.lbg.com:8443/towl >>>>>>>>>>> https://server.lbg.com >>>>>>>>>>> https://example.lbg.com >>>>>>>>>>> https://example.lbg.com/towl >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> Now i wanted to disable the url https://example.lbg.com/towl and >>>>>>>>>>> https://server.lbg.com and access only the other remaining two. >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>> >>>>>>>>> >>>>>>>>> I would *highly* recommend that you pick either /towl or / and not >>>>>>>>>> >>>>>>>>> try to >>>>>> >>>>>>> do both, unless you want to deploy the application twice (which is >>>>>>>>>> >>>>>>>>> fine, >>>>>> >>>>>>> just deploy towl.war and ROOT.war as copies of each other). If you >>>>>>>>>> >>>>>>>>> try to >>>>>> >>>>>>> re-write /towl to / or / to /towl, you'll find you spend the rest >>>>>>>>>> >>>>>>>>> of >>>> >>>>> your >>>>>> >>>>>>> days tracking-down edge-cases and "fixing" them -- likely making >>>>>>>>>> >>>>>>>>> things >>>>>> >>>>>>> confusing and, probably, worse. >>>>>>>>>> >>>>>>>>>> In the end our goal to makesure that the links are not always >>>>>>>>>> >>>>>>>>> dead as >>>> >>>>> soon >>>>>>>>>> >>>>>>>>>> as the towl is moved to a new machine. Can you pelase assit me how >>>>>>>>>>> >>>>>>>>>> to do >>>>>> >>>>>>> that? >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> The goal should be that "moving" the application only means >>>>>>>>>> >>>>>>>>> changing >>>> >>>>> DNS >>>>>> >>>>>>> and everything else works as expected. >>>>>>>>>> >>>>>>>>>> If you: >>>>>>>>>> >>>>>>>>>> 1. Deploy the application with a single context (e.g. /towl, which >>>>>>>>>> >>>>>>>>> I >>>> >>>>> recommend) >>>>>>>>>> >>>>>>>>>> 2. Re-direct / to /towl (this requires a reverse-proxy or a ROOT >>>>>>>>>> application that does nothing but redirect ; my personal >>>>>>>>>> >>>>>>>>> preference) >>>> >>>>> >>>>>>>>>> 3. Do not define any <Host> other than "localhost" and make it the >>>>>>>>>> default. Do not bother with any <Alias> elements since they are >>>>>>>>>> not >>>>>>>>>> necessary. >>>>>>>>>> >>>>>>>>>> Moving the application should only require that you: >>>>>>>>>> >>>>>>>>>> 4. Deploy the same application with the same configuration in the >>>>>>>>>> >>>>>>>>> new >>>> >>>>> location >>>>>>>>>> >>>>>>>>>> 5. Change DNS to point example.lbg.com and server.lbg.com to the >>>>>>>>>> >>>>>>>>> new >>>> >>>>> location of the service >>>>>>>>>> >>>>>>>>>> Hope that helps, >>>>>>>>>> -chris >>>>>>>>>> >>>>>>>>>> On Tue, Apr 30, 2024 at 5:44 PM Christopher Schultz < >>>>>>>>>> ch...@christopherschultz.net> wrote: >>>>>>>>>> >>>>>>>>>> Lavanya, >>>>>>>>>> >>>>>>>>>> On 4/30/24 07:10, lavanya tech wrote: >>>>>>>>>> >>>>>>>>>> Can you tell me how to do the below ? How should I setup Tomcat in >>>>>>>>>> server.xml ? >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> If you want to use port 443 (the default port for HTTPS) then you >>>>>>>>>> >>>>>>>>> will >>>> >>>>> need to change Tomcat to bind to port 443 (if that's allowed on >>>>>>>>>> >>>>>>>>> your >>>> >>>>> OS) >>>>>> >>>>>>> or arrange to have port 443 routed to port 8443. You may need >>>>>>>>>> >>>>>>>>> additional >>>>>> >>>>>>> configuration in Tomcat (specifically: proxyPort) to avoid having >>>>>>>>>> >>>>>>>>> Tomcat >>>>>> >>>>>>> generate URLs with ":8443" in them. >>>>>>>>>> >>>>>>>>>> Looking forward to your reply. >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> If Tomcat is listening on port 8443 then you will need to include >>>>>>>>>> >>>>>>>>> that >>>> >>>>> in your URL, period. If you want to allow URLs without a port >>>>>>>>>> >>>>>>>>> number, >>>> >>>>> you will have to arrange to have something listening on port 443. >>>>>>>>>> >>>>>>>>>> On Windows, Tomcat can listen directly on port 443. On UNIX and >>>>>>>>>> UNIX-like systems, you won't be able to do this without running >>>>>>>>>> >>>>>>>>> Tomcat >>>> >>>>> as root WHICH YOU ABSOLUTELY SHOULD NOT DO. >>>>>>>>>> >>>>>>>>>> There are other ways to get port 443 working, but I'll need to >>>>>>>>>> know >>>>>>>>>> >>>>>>>>> more >>>>>> >>>>>>> about your environment. The port issue is "easier" than figuring >>>>>>>>>> >>>>>>>>> out >>>> >>>>> whatever is going on with your DNS, aliases, etc. so I would >>>>>>>>>> >>>>>>>>> recommend >>>> >>>>> we fix one thing at a time. >>>>>>>>>> >>>>>>>>>> -chris >>>>>>>>>> >>>>>>>>>> On Mon, Apr 29, 2024 at 2:03 PM lavanya tech < >>>>>>>>>> >>>>>>>>> lavanyatech...@gmail.com> >>>>>> >>>>>>> wrote: >>>>>>>>>> >>>>>>>>>> Hi Chris, >>>>>>>>>> >>>>>>>>>> There is no issues with browser, because I tested with different >>>>>>>>>> >>>>>>>>>> browsers >>>>>>>>>> >>>>>>>>>> and it all works fine. I am sure that there is no issue with the >>>>>>>>>> certificate. >>>>>>>>>> Because I was able to establish successful connections with >>>>>>>>>> >>>>>>>>> port >>>> >>>>> >>>>>>>>>> 8443, it >>>>>>>>>> >>>>>>>>>> just doesnot work with out port >>>>>>>>>> >>>>>>>>>> curl https://example.lbg.com/towl >>>>>>>>>> curl: (56) Received HTTP code 504 from proxy after CONNECT >>>>>>>>>> curl: (56) Received HTTP code 504 from proxy after CONNECT >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> If you want to use port 443 (the default port for HTTPS) then you >>>>>>>>>> >>>>>>>>> will >>>> >>>>> need to change Tomcat to bind to port 443 (if that's allowed on >>>>>>>>>> >>>>>>>>> your >>>> >>>>> OS) >>>>>> >>>>>>> or arrange to have port 443 routed to port 8443. You may need >>>>>>>>>> >>>>>>>>> additional >>>>>> >>>>>>> configuration in Tomcat (specifically: proxyPort) to avoid having >>>>>>>>>> >>>>>>>>> Tomcat >>>>>> >>>>>>> generate URLs with ":8443" in them. >>>>>>>>>> >>>>>>>>>> <Connector port="443" protocol="HTTP/1.1" >>>>>>>>>> connectionTimeout="20000" >>>>>>>>>> redirectPort="8443" >>>>>>>>>> maxThreads="150" >>>>>>>>>> scheme="https" secure="true" SSLEnabled="true" >>>>>>>>>> keystoreFile="path_to_your_keystore_file" >>>>>>>>>> keystorePass="your_keystore_password" >>>>>>>>>> keystoreType="PKCS12" >>>>>>>>>> clientAuth="false" sslProtocol="TLS" >>>>>>>>>> proxyPort="443"/> >>>>>>>>>> >>>>>>>>>> should i use connect port like the above ? But you mentioned >>>>>>>>>> >>>>>>>>> before >>>> >>>>> we >>>>>> >>>>>>> dont need any configuration changes. Please clarify I am not able >>>>>>>>>> >>>>>>>>> to >>>> >>>>> >>>>>>>>>> figure >>>>>>>>>> >>>>>>>>>> this out and I have this issue many days pending. How to make it >>>>>>>>>> >>>>>>>>> work >>>> >>>>> >>>>>>>>>> with >>>>>>>>>> >>>>>>>>>> port 8443 and with out port >>>>>>>>>> >>>>>>>>>> Also I wanted to use weburl with alias name permanently instead of >>>>>>>>>> >>>>>>>>> the >>>> >>>>> hostname. How can I achieve both >>>>>>>>>> >>>>>>>>>> Thanks, >>>>>>>>>> Lavanya >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> --> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> On Fri, Apr 26, 2024 at 9:28 PM Christopher Schultz < >>>>>>>>>> ch...@christopherschultz.net> wrote: >>>>>>>>>> >>>>>>>>>> Lavanya, >>>>>>>>>> >>>>>>>>>> On 4/25/24 07:24, lavanya tech wrote: >>>>>>>>>> >>>>>>>>>> Hi Chris, >>>>>>>>>> >>>>>>>>>> One question / doubt: >>>>>>>>>> >>>>>>>>>> As I mentioned earlier, the below URLS already working in the >>>>>>>>>> >>>>>>>>> browser >>>> >>>>> >>>>>>>>>> https://server.lbg.com:8443/towl >>>>>>>>>> https://example.lbg.com:8443/towl -> redirect ( which means when >>>>>>>>>> I >>>>>>>>>> >>>>>>>>>> hit in >>>>>>>>>> >>>>>>>>>> browser) it points to https://server.lbg.com:8443/towl ---> To be >>>>>>>>>> >>>>>>>>>> frank, >>>>>>>>>> >>>>>>>>>> even I donot need redirect here, not sure why it redirects. >>>>>>>>>> >>>>>>>>>> My question is why its working even though SAN is not registered >>>>>>>>>> >>>>>>>>> with >>>> >>>>> >>>>>>>>>> the >>>>>>>>>> >>>>>>>>>> certificate ? It doesnot even throw warning in the browser. >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> I'm not sure. Is it possible you have dismissed this error in the >>>>>>>>>> >>>>>>>>> past >>>> >>>>> and the browser is remembering that? Try this with a different web >>>>>>>>>> browser or maybe with curl from the command-line to see what >>>>>>>>>> >>>>>>>>> happens. >>>> >>>>> >>>>>>>>>> Why https://server.lbg.com/towl or https://example.lbg.com/towl >>>>>>>>>> >>>>>>>>> --> >>>> >>>>> >>>>>>>>>> How it >>>>>>>>>> >>>>>>>>>> should work with New SAN certificate ? >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> You don't need to worry about the port number or application name, >>>>>>>>>> >>>>>>>>> only >>>>>> >>>>>>> the hostname is a part of the SAN. >>>>>>>>>> >>>>>>>>>> -chris >>>>>>>>>> >>>>>>>>>> On Thu, Apr 25, 2024 at 10:16 AM lavanya tech < >>>>>>>>>> >>>>>>>>>> lavanyatech...@gmail.com >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> wrote: >>>>>>>>>> >>>>>>>>>> Hi Chris, >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> Thanks I will request new certificate with SANs and I will try to >>>>>>>>>> >>>>>>>>> fix >>>> >>>>> >>>>>>>>>> the >>>>>>>>>> >>>>>>>>>> things from our end. >>>>>>>>>> >>>>>>>>>> Best Regards, >>>>>>>>>> Lavanya >>>>>>>>>> >>>>>>>>>> On Wed, Apr 24, 2024 at 11:12 PM Christopher Schultz < >>>>>>>>>> ch...@christopherschultz.net> wrote: >>>>>>>>>> >>>>>>>>>> Lavanya, >>>>>>>>>> >>>>>>>>>> On 4/24/24 15:39, lavanya tech wrote: >>>>>>>>>> >>>>>>>>>> Local host means the machine i am logged in to server.lbg.com >>>>>>>>>> >>>>>>>>>> You are right, example.lbg.com is CNAME record. >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> Okay, thanks for clearing that up. >>>>>>>>>> >>>>>>>>>> I dont have any SAN configured for the certificate. The >>>>>>>>>> certificate >>>>>>>>>> >>>>>>>>>> is >>>>>>>>>> >>>>>>>>>> requested for only server.lbg.com >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> You will never be able to make a secure request to anything other >>>>>>>>>> >>>>>>>>>> than >>>>>>>>>> >>>>>>>>>> server.lbg.com without seeing an error. I highly recommend adding >>>>>>>>>> >>>>>>>>>> the >>>>>>>>>> >>>>>>>>>> other hostname as a SAN to your certificate if you really want to >>>>>>>>>> support this. >>>>>>>>>> >>>>>>>>>> Even if you wanted https://example.lbg.com/whatever to return an >>>>>>>>>> >>>>>>>>>> HTTP >>>>>>>>>> >>>>>>>>>> 302 redirect to https://server.lbg.com/whatever, the user would >>>>>>>>>> >>>>>>>>>> see a >>>>>>>>>> >>>>>>>>>> certificate hostname mismatch error which is ugly. It's best to >>>>>>>>>> >>>>>>>>> make >>>> >>>>> >>>>>>>>>> it >>>>>>>>>> >>>>>>>>>> work without users seeing ugly things. >>>>>>>>>> >>>>>>>>>> So if i just request new certificate with SAN it should work ? If >>>>>>>>>> >>>>>>>>>> yes, I >>>>>>>>>> >>>>>>>>>> will request for it and follow your steps as below suggested. >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> Yes, it should. >>>>>>>>>> >>>>>>>>>> Should i use CName record or DNS? Does it make difference? >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> CNAME *is* DNS. >>>>>>>>>> >>>>>>>>>> Whenever possible, use hostnames and not IP addresses as SANs. >>>>>>>>>> It's >>>>>>>>>> >>>>>>>>>> more >>>>>>>>>> >>>>>>>>>> flexible that way, and users get to see hostnames instead of IP >>>>>>>>>> >>>>>>>>>> addresses. >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> -chris >>>>>>>>>> >>>>>>>>>> On Wednesday, April 24, 2024, Christopher Schultz < >>>>>>>>>> ch...@christopherschultz.net> wrote: >>>>>>>>>> >>>>>>>>>> Lavanya, >>>>>>>>>> >>>>>>>>>> On 4/24/24 07:37, lavanya tech wrote: >>>>>>>>>> >>>>>>>>>> Sorry I understood wrongly here with regards to my environment, >>>>>>>>>> >>>>>>>>>> Let me >>>>>>>>>> >>>>>>>>>> start from the beginning. I donot want to use redirect at all. I >>>>>>>>>> >>>>>>>>>> simply >>>>>>>>>> >>>>>>>>>> wanted to force apache tomcat to use both localhost and dns name >>>>>>>>>> >>>>>>>>>> of >>>>>>>>>> >>>>>>>>>> the >>>>>>>>>> >>>>>>>>>> localhost via url. >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> When you say "force" what do you mean? >>>>>>>>>> >>>>>>>>>> When you say "use both localhost and DNS name" what do you mean? >>>>>>>>>> >>>>>>>>>> When you say "localhost" do you mean 127.0.0.1 or "the machine I'm >>>>>>>>>> logged-into right now"? >>>>>>>>>> >>>>>>>>>> I have DNS resollution as below. >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> server.lbg.com --> localhost >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> Is that a CNAME record? >>>>>>>>>> >>>>>>>>>> nslookup server.lbg.com (localhost) >>>>>>>>>> >>>>>>>>>> Name: server.lbg.com >>>>>>>>>> Address: 192.168.100.20 >>>>>>>>>> alias: example.lbg.com >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> That's a weird DNS response. The DNS name "localhost" should >>>>>>>>>> >>>>>>>>>> *always* >>>>>>>>>> >>>>>>>>>> return 127.0.0.1 for IPv4 and ::1 for IPv6. It shouldn't return >>>>>>>>>> 191.168.100.20. >>>>>>>>>> >>>>>>>>>> We have working the below urls working: >>>>>>>>>> >>>>>>>>>> https://server.lbg.com:8443/towl >>>>>>>>>> https://example.lbg.com:8443/towl --> redirects to >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> What do you mean "redirect"? Does it return a 30x response that >>>>>>>>>> >>>>>>>>>> causes >>>>>>>>>> >>>>>>>>>> the >>>>>>>>>> >>>>>>>>>> browser to make a new request to \/ >>>>>>>>>> >>>>>>>>>> https://server.lbg.com:8443/towl --> still works --> we have SSL >>>>>>>>>> >>>>>>>>>> configured for the same but this SSL certificate doesnot have >>>>>>>>>> >>>>>>>>>> additional >>>>>>>>>> >>>>>>>>>> DNS setup. >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> What SANs are in your certificate? How many certificates do you >>>>>>>>>> >>>>>>>>>> have? >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> But I would need to somehow access https://example.lbg.com --> >>>>>>>>>> >>>>>>>>>> which >>>>>>>>>> >>>>>>>>>> means >>>>>>>>>> I would need to access via 443 here ? >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> I'm so confused. What needs to access what? >>>>>>>>>> >>>>>>>>>> I tried to adding the below to server.xml as below, but that >>>>>>>>>> >>>>>>>>>> doesnot >>>>>>>>>> >>>>>>>>>> seems >>>>>>>>>> >>>>>>>>>> to work. >>>>>>>>>> >>>>>>>>>> <Connector port="80" >>>>>>>>>> protocol="org.apache.coyote.http11.Http11NioProtocol" >>>>>>>>>> connectionTimeout="20000" >>>>>>>>>> redirectPort="443" /> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> This will only redirect (HTTP 302) requests to >>>>>>>>>> >>>>>>>>>> http://yourhost/anything >>>>>>>>>> >>>>>>>>>> to https://yourhost/anything *if the application specifically >>>>>>>>>> >>>>>>>>>> requests >>>>>>>>>> >>>>>>>>>> CONFIDENTIAL transport*. It doesn't just redirect everything by >>>>>>>>>> >>>>>>>>>> default. If >>>>>>>>>> >>>>>>>>>> you want it to redirect everything, you'll need to set that up >>>>>>>>>> >>>>>>>>>> e.g. >>>>>>>>>> >>>>>>>>>> using >>>>>>>>>> >>>>>>>>>> RewriteValve. There are other options, too. >>>>>>>>>> >>>>>>>>>> Do i need additional SSL certificate for the >>>>>>>>>> >>>>>>>>>> https://example.lbg.com >>>>>>>>>> >>>>>>>>>> to >>>>>>>>>> >>>>>>>>>> make it work ? >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> If you don't want your browser to complain, you will need at least >>>>>>>>>> >>>>>>>>>> one >>>>>>>>>> >>>>>>>>>> TLS >>>>>>>>>> >>>>>>>>>> certificate that contains every Subject Alternative Name (SAN) for >>>>>>>>>> >>>>>>>>>> every >>>>>>>>>> >>>>>>>>>> possible hostname you expect to use with this service. You ca do >>>>>>>>>> >>>>>>>>>> it >>>>>>>>>> >>>>>>>>>> with >>>>>>>>>> >>>>>>>>>> multiple certificates as well, but a single cert with multiple >>>>>>>>>> >>>>>>>>>> SANs >>>>>>>>>> >>>>>>>>>> is >>>>>>>>>> >>>>>>>>>> less >>>>>>>>>> >>>>>>>>>> work. >>>>>>>>>> >>>>>>>>>> Do i need to set up an additional web server for this like apache >>>>>>>>>> >>>>>>>>>> or >>>>>>>>>> >>>>>>>>>> nginx >>>>>>>>>> >>>>>>>>>> for redirecting requests? >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> No. >>>>>>>>>> >>>>>>>>>> Please stop saying "redirect" because it sounds like you almost >>>>>>>>>> >>>>>>>>>> never >>>>>>>>>> >>>>>>>>>> mean >>>>>>>>>> >>>>>>>>>> "HTTP 30x redirect" and that's confusing everything. >>>>>>>>>> >>>>>>>>>> I *think* you only need the following: >>>>>>>>>> >>>>>>>>>> 1. A TLS certificate with the following SANs: >>>>>>>>>> >>>>>>>>>> * server.lbg.com >>>>>>>>>> * example.lbg.com >>>>>>>>>> * localhost (you shouldn't do this) >>>>>>>>>> >>>>>>>>>> 2. DNS configured for all hostnames: >>>>>>>>>> >>>>>>>>>> * server.lbg.com -> A 192.168.100.20 >>>>>>>>>> * example.lgb.com -> A 192.168.100.20 >>>>>>>>>> >>>>>>>>>> 3. Tomcat configured with a single <Host> which is the default >>>>>>>>>> >>>>>>>>>> virtual >>>>>>>>>> >>>>>>>>>> host. Note that this is the *default Tomcat configuration* and >>>>>>>>>> >>>>>>>>>> doesn't >>>>>>>>>> >>>>>>>>>> need >>>>>>>>>> >>>>>>>>>> to be changed from the default. >>>>>>>>>> >>>>>>>>>> 4. Tomcat configured with your certificate like this: >>>>>>>>>> >>>>>>>>>> <Connector ... >>>>>>>>>> SSLEnabled="true"> >>>>>>>>>> <SSLHostConfig> >>>>>>>>>> <Certificate >>>>>>>>>> certificateFile="/path/to/your/cert.crt" >>>>>>>>>> certificateKeyFile="/path/to/your/key.pem" /> >>>>>>>>>> <!-- You may need certificateKeyPassword in >>>>>>>>>> >>>>>>>>>> <Certificate> >>>>>>>>>> >>>>>>>>>> --> >>>>>>>>>> >>>>>>>>>> </SSLHostConfig> >>>>>>>>>> </Connector> >>>>>>>>>> >>>>>>>>>> If your SANs are configured properly, this should allow you to >>>>>>>>>> >>>>>>>>>> connect >>>>>>>>>> >>>>>>>>>> using any of these URLs: >>>>>>>>>> >>>>>>>>>> $ curl https://server.lbg.com/towl/login.jsp >>>>>>>>>> >>>>>>>>>> (returns login page) >>>>>>>>>> >>>>>>>>>> $ curl https://example.lbg.com/towl/login.jsp >>>>>>>>>> >>>>>>>>>> (returns login page) >>>>>>>>>> >>>>>>>>>> If your application's web.xml contains something like this: >>>>>>>>>> >>>>>>>>>> <security-constraint> >>>>>>>>>> <web-resource-collection> >>>>>>>>>> <web-resource-name>theapp</web-resource-name> >>>>>>>>>> <url-pattern>/*</url-pattern> >>>>>>>>>> </web-resource-collection> >>>>>>>>>> <user-data-constraint> >>>>>>>>>> >>>>>>>>>> <transport-guarantee>CONFIDENTIAL</transport-guarantee> >>>> >>>>> </user-data-constraint> >>>>>>>>>> </security-constraint> >>>>>>>>>> >>>>>>>>>> ... then these URLs insecure HTTP URLs should redirect your >>>>>>>>>> >>>>>>>>>> clients: >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> $ curl http://server.lbg.com/towl/login.jsp >>>>>>>>>> >>>>>>>>>> (returns HTTP 302 redirect to >>>>>>>>>> >>>>>>>>>> https://server.lbg.com/towl/login.jsp >>>>>>>>>> >>>>>>>>>> ) >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> $ curl https://server.lbg.com/towl/login.jsp >>>>>>>>>> >>>>>>>>>> (returns HTTP 302 redirect to >>>>>>>>>> >>>>>>>>>> https://example.lbg.com/towl/login.jsp) >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> I don't think you need any use of the RewriteValve unless you want >>>>>>>>>> >>>>>>>>>> to >>>>>>>>>> >>>>>>>>>> handle sending HTTP 302 redirect responses to insecure requests >>>>>>>>>> >>>>>>>>>> without >>>>>>>>>> >>>>>>>>>> specifying the CONFIDENTIAL transport-guarantee in your >>>>>>>>>> >>>>>>>>>> application's >>>>>>>>>> >>>>>>>>>> web.xml file. But I don't see any reason NOT to have that in >>>>>>>>>> >>>>>>>>>> there. >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> -chris >>>>>>>>>> >>>>>>>>>> On Tue, Apr 23, 2024 at 10:52 PM Christopher Schultz < >>>>>>>>>> >>>>>>>>>> ch...@christopherschultz.net> wrote: >>>>>>>>>> >>>>>>>>>> Lavanya, >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> On 4/22/24 05:21, lavanya tech wrote: >>>>>>>>>> >>>>>>>>>> Could you please explain, what you exactly mean ? So here >>>>>>>>>> >>>>>>>>>> redirect >>>>>>>>>> >>>>>>>>>> is >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> not a >>>>>>>>>> >>>>>>>>>> solution right ? >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> Redirecting is fine. >>>>>>>>>> >>>>>>>>>> Perhaps you should take a step back and decide: what do you >>>>>>>>>> >>>>>>>>>> actually >>>>>>>>>> >>>>>>>>>> want, here? You might be trying to solve problem X by applying >>>>>>>>>> >>>>>>>>>> solution >>>>>>>>>> >>>>>>>>>> Y, and you've already decided that solution Y is correct so you >>>>>>>>>> >>>>>>>>>> are >>>>>>>>>> >>>>>>>>>> trying to get help with that. >>>>>>>>>> >>>>>>>>>> Perhaps ask for help with Problem X? >>>>>>>>>> >>>>>>>>>> For example, "I don't want users to have to type the name of my >>>>>>>>>> application to reach it so I want example.com/ to go to my >>>>>>>>>> >>>>>>>>>> application >>>>>>>>>> >>>>>>>>>> instead of example.com/myapp/". >>>>>>>>>> >>>>>>>>>> Or, "I have multiple domains and I want all of them to redirect >>>>>>>>>> >>>>>>>>>> to >>>>>>>>>> >>>>>>>>>> the >>>>>>>>>> >>>>>>>>>> canonical domain example.com and to go to me web application >>>>>>>>>> >>>>>>>>>> /myapp >>>>>>>>>> >>>>>>>>>> so >>>>>>>>>> >>>>>>>>>> everything goes to example.com/myapp/". >>>>>>>>>> >>>>>>>>>> "You'd have to use a glob/regex if >>>>>>>>>> >>>>>>>>>> you wanted to check for [anything and maybe nothing.] >>>>>>>>>> >>>>>>>>>> example.com >>>>>>>>>> >>>>>>>>>> ." >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> There is nothing in your configuration or question that suggests >>>>>>>>>> >>>>>>>>>> that >>>>>>>>>> >>>>>>>>>> the hostname in the request is relevant, but you are making it a >>>>>>>>>> *requirement* that the request contains a specific Host header. >>>>>>>>>> >>>>>>>>>> IF >>>>>>>>>> >>>>>>>>>> you >>>>>>>>>> >>>>>>>>>> don't actually need that, why do you have it? >>>>>>>>>> >>>>>>>>>> -chris >>>>>>>>>> >>>>>>>>>> On Fri, Apr 19, 2024 at 3:03 PM Christopher Schultz < >>>>>>>>>> >>>>>>>>>> ch...@christopherschultz.net> wrote: >>>>>>>>>> >>>>>>>>>> Ammu, >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> On 4/19/24 08:32, lavanya tech wrote: >>>>>>>>>> >>>>>>>>>> Thank you very much. I removed <Host> for example.com as >>>>>>>>>> >>>>>>>>>> well >>>>>>>>>> >>>>>>>>>> as >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> adding >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> an >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> <Alias> in server.xml >>>>>>>>>> I copied context.xml file >>>>>>>>>> >>>>>>>>>> /git/app/apache-tomcat-10.1.11/webapps/towl/META-INF/context.xml >>>>>>>>>> >>>>>>>>>> Removed < in rewrite.config files. >>>>>>>>>> >>>>>>>>>> But still I dont redirect the URL. >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> If you have <Context> in server.xml and also your application >>>>>>>>>> >>>>>>>>>> in >>>>>>>>>> >>>>>>>>>> the >>>>>>>>>> >>>>>>>>>> webapps/ directory, then you will be double-deploying your >>>>>>>>>> >>>>>>>>>> application. >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> Re-name /git/app/apache-tomcat-10.1.11/webapps/towl/ to be >>>>>>>>>> /git/app/apache-tomcat-10.1.11/webapps/ROOT (the capitals are >>>>>>>>>> important) >>>>>>>>>> and remove the <Context> element from your server.xml. >>>>>>>>>> >>>>>>>>>> Then start your server and read the logs. >>>>>>>>>> >>>>>>>>>> *nslookup alias.example.com <http://alias.example.com> >>>>>>>>>> >>>>>>>>>> gives-->Non-authoritative answer:Name: www.example.com >>>>>>>>>> <http://www.example.com>Address: 192.168.200.10Aliases: >>>>>>>>>> >>>>>>>>>> alias.example.com >>>>>>>>>> >>>>>>>>>> <http://alias.example.com>* >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> Just to give some information here, *www.example.com >>>>>>>>>> <http://www.example.com>* has alias* "alias.example.com >>>>>>>>>> <http://alias.example.com>"* >>>>>>>>>> But https://www.example.com:7777/example --> works fine with >>>>>>>>>> >>>>>>>>>> out >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> issues >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> but >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> the alias doesnot works (https://alias.example.com) >>>>>>>>>> So i am not sure if the redirect url helps or if its correct >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> Your rewrite configuration says that you have to be using host >>>>>>>>>> "example.com" but your request goes to www.example.com. Your >>>>>>>>>> configuration should only redirect a request such as: >>>>>>>>>> >>>>>>>>>> $ curl -v http://example.com:7777/something >>>>>>>>>> >>>>>>>>>> HTTP/1.1 301 Moved Permanently >>>>>>>>>> ... >>>>>>>>>> Location: https://www.example.com:7777/example >>>>>>>>>> >>>>>>>>>> If you make a request like: >>>>>>>>>> >>>>>>>>>> $ curl -v http://www.example.com:7777/something >>>>>>>>>> >>>>>>>>>> I wouldn't expect a redirect because of your "host" condition. >>>>>>>>>> >>>>>>>>>> The >>>>>>>>>> >>>>>>>>>> "%{HTTP_HOST} example.com" looks at the entire Host header >>>>>>>>>> >>>>>>>>>> and >>>>>>>>>> >>>>>>>>>> not >>>>>>>>>> >>>>>>>>>> just >>>>>>>>>> anything that ends in "example.com". You'd have to use a >>>>>>>>>> >>>>>>>>>> glob/regex if >>>>>>>>>> >>>>>>>>>> you wanted to check for [anything and maybe nothing.] >>>>>>>>>> >>>>>>>>>> example.com. >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> You'd also have to make sure that your application is serving >>>>>>>>>> >>>>>>>>>> responses >>>>>>>>>> >>>>>>>>>> to requests to / which is why I'm recommending you use the >>>>>>>>>> >>>>>>>>>> ROOT >>>>>>>>>> >>>>>>>>>> web >>>>>>>>>> >>>>>>>>>> application name instead of "towl". >>>>>>>>>> >>>>>>>>>> -chris >>>>>>>>>> >>>>>>>>>> On Fri, Apr 19, 2024 at 1:21 PM Christopher Schultz < >>>>>>>>>> >>>>>>>>>> ch...@christopherschultz.net> wrote: >>>>>>>>>> >>>>>>>>>> Ammu, >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> On 4/18/24 09:34, lavanya tech wrote: >>>>>>>>>> >>>>>>>>>> I am attaching server.xml and context.xml and >>>>>>>>>> >>>>>>>>>> rewrite.config >>>>>>>>>> >>>>>>>>>> files. >>>>>>>>>> >>>>>>>>>> The paths are >>>>>>>>>> >>>>>>>>>> /git/app/apache-tomcat-10.1.11/webapps/towl/context.xml >>>>>>>>>> <Context> >>>>>>>>>> <Valve >>>>>>>>>> >>>>>>>>>> className="org.apache.catalina.valves.rewrite.RewriteValve" >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> /> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> <!-- Other context configuration --> >>>>>>>>>> </Context> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> This file ^^^ is in the wrong place. It should be in >>>>>>>>>> >>>>>>>>>> /git/app/apache-tomcat-10.1.11/webapps/towl/META-INF/context.xml >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> /git/app/apache-tomcat-10.1.11/webapps/towl/WEB-INF/rewrite. >>>>>>>>>> config >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> <RewriteCond %{HTTP_HOST} example.com [NC] >>>>>>>>>> <RewriteRule ^/(.*)$ https://www.example.com:7777/example >>>>>>>>>> >>>>>>>>>> [R=301,L] >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> Why do you have < symbols at the beginning of these lines? >>>>>>>>>> >>>>>>>>>> server.xml >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> > [...] >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> <Host name="example.com" appBase="webapps" >>>>>>>>>> >>>>>>>>>> unpackWARs="true" >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> autoDeploy="true"> >>>>>>>>>> >>>>>>>>>> <Context path="" docBase="towl" /> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> It's best not to define any <Context> in server.xml. I would >>>>>>>>>> >>>>>>>>>> remove >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> this >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> <Context> entirely and allow Tomcat to auto-reploy from your >>>>>>>>>> >>>>>>>>>> webapps/towl directory. If you need this application to be >>>>>>>>>> >>>>>>>>>> deployed >>>>>>>>>> >>>>>>>>>> as >>>>>>>>>> the ROOT context (on / and not /towl) then you should >>>>>>>>>> >>>>>>>>>> re-name >>>>>>>>>> >>>>>>>>>> /git/app/apache-tomcat-10.1.11/webapps/towl to >>>>>>>>>> /git/app/apache-tomcat-10.1.11/webapps/ROOT >>>>>>>>>> >>>>>>>>>> You also don't need a <Host> for example.com as well as >>>>>>>>>> >>>>>>>>>> adding >>>>>>>>>> >>>>>>>>>> an >>>>>>>>>> >>>>>>>>>> <Alias> for the same domain (though this is probably to >>>>>>>>>> >>>>>>>>>> anonymize the >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>> ------------------------------------------------------------ >>>>>>>> --------- >>>>>>>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >>>>>>>> For additional commands, e-mail: users-h...@tomcat.apache.org >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>> >>>>>> --------------------------------------------------------------------- >>>>>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >>>>>> For additional commands, e-mail: users-h...@tomcat.apache.org >>>>>> >>>>>> >>>>>> >>>>> >>>> --------------------------------------------------------------------- >>>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >>>> For additional commands, e-mail: users-h...@tomcat.apache.org >>>> >>>> >>>> >> > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > >
