GeeCON Prague 2014*
The moose likes Tomcat and the fly likes Redirecting Port 80 to 443 for External Traffic Only Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


JavaRanch » Java Forums » Products » Tomcat
Bookmark "Redirecting Port 80 to 443 for External Traffic Only" Watch "Redirecting Port 80 to 443 for External Traffic Only" New topic
Author

Redirecting Port 80 to 443 for External Traffic Only

Kris van der Starren
Greenhorn

Joined: Oct 25, 2010
Posts: 6
Is it possible to set Tomcat to redirect port 80 to 443 for external (i.e. WAN) traffic only?

Cheers, Kris
Tim Holloway
Saloon Keeper

Joined: Jun 25, 2001
Posts: 16095
    
  21

Port 443 is normally used for https traffic. HTTPS is completely different than HTTP (it's encrypted HTTP), so simply changing port numbers is likely to cause serious problems.

However, what puzzles me is that I don't understand exactly what you mean here by "redirecting". What is the benefit you're hoping to receive?


Customer surveys are for companies who didn't pay proper attention to begin with.
Kris van der Starren
Greenhorn

Joined: Oct 25, 2010
Posts: 6
I have a web application that is accessed by both local and remote users. Local users access it through port 80 and remote users access it through 443. For example:

http://10.0.0.200/mysite/
https://mydomain.com/mysite/

Maybe there's an easier way to do what I'm trying to do, but the reason I did it this way is so that:
(a) there's no reliance on the Internet connection for internal users (my firewall does not support loopback / reflection - which is what I understand would be required to automatically redirect mydomain.com back to the internal IP for internal users)
(b) internal users will not receive an SSL warning by accessing the https site using the internal IP (the certificate is registered for mydomain.com)

What I would like is for external users only to be automatically redirected from 80 to 443. That way they will not have to remember to enter https every time - they could simply enter mydomain.com/mysite/ and be redirected to https automgically.

Am I over complicating things?


Thanks! Kris
Tim Holloway
Saloon Keeper

Joined: Jun 25, 2001
Posts: 16095
    
  21

Well, my preferred application architecture usually has a non-secured welcome page, so that's on Port 80. Even if the rest of the app is secured, I just like to have sort of a "signpost" that leads into things. The welcome page would then typically link to the secured URLS, would could be HTTP or HTTPS. With Tomcat container-managed security, Tomcat itself would typically respond to secured resource requests on port 80 by sending back a "302" challenge that would tell the browser to switch to 443.

As for the cert "error" part, that sort of depends on your larger network architecture. Often a proxy such as Apache HTTP is used to frontend Tomcat, and typically the internal users would simply use the same URL/IP address as the external users.

I'll admit, I'm hazy on some of this, because, yes, normally I don't have to worry about the details. I just follow standard practices and it more or less "Just Works".

One thing you can do if it's more friendly to your network setup is to simply define 2 separate virtual hosts in Tomcat for the 2 different IP addresses, but that wouldn't affect the protocols required. Then again, it's not such a bad idea to encrypt internal traffic as well. Especially if you're Sony.

 
GeeCON Prague 2014
 
subject: Redirecting Port 80 to 443 for External Traffic Only