SSL redirect in Jboss7 in Linux (Cent OS)

gunasekharyalamuri
gunasekharyalamuri used Ask the Experts™
on
How to redirect page in jboss7 to HTTPS.

Description: I have a Http page... Whenever I click on login page, it should be redirected to a secure page in JBoss7

Environment : Centos, Jboss7AS Final.
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Distinguished Expert 2017
Commented:
Within apache's Virtualhost for this site, you can define a redirect to send all requests to https://
You could limit which sub
http://www.yourdomain.com/jboss will auto redirect to https://www.yourdomain.com/jboss

If you have/control the form where the credentials are being submitted, make sure it is using an explicit action=https://.

Author

Commented:
can i get an example regarding this means i can look into it.
Distinguished Expert 2017
Commented:
Do you have two virtualHost entries one for :80 and one for :443?

make sure you have redirect option

<VirtualHost *:80>
Servername www.yoursite.com

RedirectMatch /jboss_path/(.*) https://www.yoursite.com/jboss_path/$1

.
.
.
.
</VirtualHost>


Rowby Goren Makes an Impact on Screen and Online

Learn about longtime user Rowby Goren and his great contributions to the site. We explore his method for posing questions that are likely to yield a solution, and take a look at how his career transformed from a Hollywood writer to a website entrepreneur.

Author

Commented:
Below one i am using in same your.conf but i am not able to redirect

<VirtualHost 192.168.1.2:80>
               ServerName ab.your.com

        ErrorLog /var/log/httpd/ab.your.com-error.log
        # Log everything in common format, except events tagged with dontlog - see end of httpd.conf for details
        CustomLog /var/log/httpd/ab.your.com-access.log common env=!dontlog

        # Redirect to proper start page.
        RewriteEngine On
       RewriteRule ^/$ /Project2/login2.action [R=301,L]


        ProxyRequests Off
        ProxyPreserveHost On

        <Proxy *>
        Order deny,allow
        Allow from all
        </Proxy>

        # ProxyPass to the jboss instance
        ProxyPass / http://localhost:8080/
        ProxyPassReverse / http://localhost:8080/

        <Location />
        Order allow,deny
        Allow from all
       </Location>
</VirtualHost>




NameVirtualHost 192.168.1.2:443
<VirtualHost 192.168.1.2:443>
       ServerAlias ab.your.com

        SSLEngine On
        SSLCertificateFile /etc/pki/tls/certs/www.your.com.x509
        SSLCertificateKeyFile /etc/pki/tls/private/your.com.key
        SSLCertificateChainFile  /etc/pki/tls/certs/verisign.intermediate.crt

        ErrorLog /var/log/httpd/your-ssl.error.log
        # Log everything in common format, except events tagged with dontlog - see end of httpd.conf for details
        CustomLog /var/log/httpd/your-ssl.access.log common env=!dontlog

        # Redirect to proper start page.
        RewriteEngine On
       RewriteRule ^/$ /Project2/login2.action [R=301,L]

        ProxyRequests Off
        ProxyPreserveHost On

        <Proxy *>
        Order deny,allow
        Allow from all
        </Proxy>

        # ProxyPass to the jboss instance
        ProxyPass / http://localhost:8080/
        ProxyPassReverse / http://localhost:8080/

        <Location />
        Order allow,deny
        Allow from all
        </Location>
</VirtualHost>
Distinguished Expert 2017

Commented:
You are rewriting access to one file to apear as another.
Why are you proxying from both?

Do you need to access jboss in a non-secure method?

mod_alias and the example I provided would do what you want.

http://httpd.apache.org/docs/2.0/mod/mod_alias.html

NameVirtual host needs only be defined once and is only referencing an IP not port.

An SSL can not be name based and should use the IP:443 in the virutalhost entry.

use httpd -M to see whether mod_alias or alias_module is loaded on your server since this is the module on which RedirectMatch relies.

you could also use redirectpermanent if the only access to port 80 should auto redirect all requests to a secure connection.

http://httpd.apache.org/docs/2.0/mod/mod_alias.html



NameHosts 192.168.1.2


<VirtualHost *:80>
               ServerName ab.your.com

        ErrorLog /var/log/httpd/ab.your.com-error.log
        # Log everything in common format, except events tagged with dontlog - see end of httpd.conf for details
        CustomLog /var/log/httpd/ab.your.com-access.log common env=!dontlog

        # Redirect to proper start page.
#        RewriteEngine On
#       RewriteRule ^/$ /Project2/login2.action [R=301,L]
RedirectMatch ^/.*$ https://ab.yourdomain.com/Project2/login2.action


#        ProxyRequests Off
#        ProxyPreserveHost On
#
#        <Proxy *>
#        Order deny,allow
#        Allow from all
#        </Proxy>
#
#        # ProxyPass to the jboss instance
#        ProxyPass / http://localhost:8080/
#        ProxyPassReverse / http://localhost:8080/

        <Location />
        Order allow,deny
        Allow from all
       </Location>
</VirtualHost>



<VirtualHost 192.168.1.2:443>
       ServerAlias ab.your.com

        SSLEngine On
        SSLCertificateFile /etc/pki/tls/certs/www.your.com.x509
        SSLCertificateKeyFile /etc/pki/tls/private/your.com.key
        SSLCertificateChainFile  /etc/pki/tls/certs/verisign.intermediate.crt

        ErrorLog /var/log/httpd/your-ssl.error.log
        # Log everything in common format, except events tagged with dontlog - see end of httpd.conf for details
        CustomLog /var/log/httpd/your-ssl.access.log common env=!dontlog

        # Redirect to proper start page.
        RewriteEngine On
       RewriteRule ^/$ /Project2/login2.action [R=301,L]

        ProxyRequests Off
        ProxyPreserveHost On

        <Proxy *>
        Order deny,allow
        Allow from all
        </Proxy>

        # ProxyPass to the jboss instance
        ProxyPass / http://localhost:8080/
        ProxyPassReverse / http://localhost:8080/

        <Location />
        Order allow,deny
        Allow from all
        </Location>
</VirtualHost>

Open in new window

Author

Commented:
Is this example will work, why because i have tried with similar example,My question is their any other setting we need to do in JBoos& for thsi redirecting.
Distinguished Expert 2017

Commented:
No since JBOSS is being proxied the enforcement has to occur through apache.

Access the site and see whether any responses reference the jboss application directly i.e. http://ab.your.com:8080

Did you disable the proxying on the unsecured virtualHost entry as I have?

your inclusion of the proxy within the :80 entries may overtake the redirect.
Check the access_log for port 80
/var/log/httpd/your-ssl.access.log and see what it is reporting when you access, does it redirect or does it proxy the request?

Author

Commented:
Thanks,Let me conform once i have checked with redirecting.
Distinguished Expert 2017
Commented:
Also a rewrite merely direct the server to access a different set of files rather than altering the mode of communications from unsecured (http) to secured(https)

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial