Redirect HTTP to HTTPS on Tomcat

April 19, 2010 0 Comments

You’ve bought your secure certificate and successfully installed on Tomcat with the keytool but how do your redirect the entire site to go HTTPS and redirect any HTTP connection straight over to HTTPS.

You need to edit the 2 Tomcat configuration files; server.xml and web.xml and then restart the tomcat service.

Open server.xml typically found in tomcat/conf and change:

Connector port="80?
enableLookups="false"
redirectPort="8443?

to

Connector port="80?
enableLookups="false"
redirectPort="443?

Then openweb.xml (same directory) and add before the closing tag of /web-app:

<security-constraint>
<web-resource-collection>
<web-resource-name>Protected Context</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<!-- auth-constraint goes here if you requre authentication -->
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>

Restart tomcat and all pages should redirect to https.

Related posts:

  1. Redirecting HTTP to HTTPS on OS X 10.6 Server Snow Leopard
  2. Sort out your Canonical URLs in Drupal – Force http://www
Open Source, Operating Systems
, , , ,