gunasekharyalamuri
asked on
SSL redirect in Jboss7 in Linux (Cent OS)
How to redirect page in jboss7 to HTTPS.
Description: I have a Http page... Whenever I click on login page, it should be redirected to a secure page in JBoss7
Environment : Centos, Jboss7AS Final.
Description: I have a Http page... Whenever I click on login page, it should be redirected to a secure page in JBoss7
Environment : Centos, Jboss7AS Final.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Below one i am using in same your.conf but i am not able to redirect
<VirtualHost 192.168.1.2:80>
ServerName ab.your.com
ErrorLog /var/log/httpd/ab.your.com -error.log
# Log everything in common format, except events tagged with dontlog - see end of httpd.conf for details
CustomLog /var/log/httpd/ab.your.com -access.lo g common env=!dontlog
# Redirect to proper start page.
RewriteEngine On
RewriteRule ^/$ /Project2/login2.action [R=301,L]
ProxyRequests Off
ProxyPreserveHost On
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
# ProxyPass to the jboss instance
ProxyPass / http://localhost:8080/
ProxyPassReverse / http://localhost:8080/
<Location />
Order allow,deny
Allow from all
</Location>
</VirtualHost>
NameVirtualHost 192.168.1.2:443
<VirtualHost 192.168.1.2:443>
ServerAlias ab.your.com
SSLEngine On
SSLCertificateFile /etc/pki/tls/certs/www.your.com.x509
SSLCertificateKeyFile /etc/pki/tls/private/your. com.key
SSLCertificateChainFile /etc/pki/tls/certs/verisig n.intermed iate.crt
ErrorLog /var/log/httpd/your-ssl.er ror.log
# Log everything in common format, except events tagged with dontlog - see end of httpd.conf for details
CustomLog /var/log/httpd/your-ssl.ac cess.log common env=!dontlog
# Redirect to proper start page.
RewriteEngine On
RewriteRule ^/$ /Project2/login2.action [R=301,L]
ProxyRequests Off
ProxyPreserveHost On
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
# ProxyPass to the jboss instance
ProxyPass / http://localhost:8080/
ProxyPassReverse / http://localhost:8080/
<Location />
Order allow,deny
Allow from all
</Location>
</VirtualHost>
<VirtualHost 192.168.1.2:80>
ServerName ab.your.com
ErrorLog /var/log/httpd/ab.your.com
# Log everything in common format, except events tagged with dontlog - see end of httpd.conf for details
CustomLog /var/log/httpd/ab.your.com
# Redirect to proper start page.
RewriteEngine On
RewriteRule ^/$ /Project2/login2.action [R=301,L]
ProxyRequests Off
ProxyPreserveHost On
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
# ProxyPass to the jboss instance
ProxyPass / http://localhost:8080/
ProxyPassReverse / http://localhost:8080/
<Location />
Order allow,deny
Allow from all
</Location>
</VirtualHost>
NameVirtualHost 192.168.1.2:443
<VirtualHost 192.168.1.2:443>
ServerAlias ab.your.com
SSLEngine On
SSLCertificateFile /etc/pki/tls/certs/www.your.com.x509
SSLCertificateKeyFile /etc/pki/tls/private/your.
SSLCertificateChainFile /etc/pki/tls/certs/verisig
ErrorLog /var/log/httpd/your-ssl.er
# Log everything in common format, except events tagged with dontlog - see end of httpd.conf for details
CustomLog /var/log/httpd/your-ssl.ac
# Redirect to proper start page.
RewriteEngine On
RewriteRule ^/$ /Project2/login2.action [R=301,L]
ProxyRequests Off
ProxyPreserveHost On
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
# ProxyPass to the jboss instance
ProxyPass / http://localhost:8080/
ProxyPassReverse / http://localhost:8080/
<Location />
Order allow,deny
Allow from all
</Location>
</VirtualHost>
You are rewriting access to one file to apear as another.
Why are you proxying from both?
Do you need to access jboss in a non-secure method?
mod_alias and the example I provided would do what you want.
http://httpd.apache.org/docs/2.0/mod/mod_alias.html
NameVirtual host needs only be defined once and is only referencing an IP not port.
An SSL can not be name based and should use the IP:443 in the virutalhost entry.
use httpd -M to see whether mod_alias or alias_module is loaded on your server since this is the module on which RedirectMatch relies.
you could also use redirectpermanent if the only access to port 80 should auto redirect all requests to a secure connection.
http://httpd.apache.org/docs/2.0/mod/mod_alias.html
Why are you proxying from both?
Do you need to access jboss in a non-secure method?
mod_alias and the example I provided would do what you want.
http://httpd.apache.org/docs/2.0/mod/mod_alias.html
NameVirtual host needs only be defined once and is only referencing an IP not port.
An SSL can not be name based and should use the IP:443 in the virutalhost entry.
use httpd -M to see whether mod_alias or alias_module is loaded on your server since this is the module on which RedirectMatch relies.
you could also use redirectpermanent if the only access to port 80 should auto redirect all requests to a secure connection.
http://httpd.apache.org/docs/2.0/mod/mod_alias.html
NameHosts 192.168.1.2
<VirtualHost *:80>
ServerName ab.your.com
ErrorLog /var/log/httpd/ab.your.com-error.log
# Log everything in common format, except events tagged with dontlog - see end of httpd.conf for details
CustomLog /var/log/httpd/ab.your.com-access.log common env=!dontlog
# Redirect to proper start page.
# RewriteEngine On
# RewriteRule ^/$ /Project2/login2.action [R=301,L]
RedirectMatch ^/.*$ https://ab.yourdomain.com/Project2/login2.action
# ProxyRequests Off
# ProxyPreserveHost On
#
# <Proxy *>
# Order deny,allow
# Allow from all
# </Proxy>
#
# # ProxyPass to the jboss instance
# ProxyPass / http://localhost:8080/
# ProxyPassReverse / http://localhost:8080/
<Location />
Order allow,deny
Allow from all
</Location>
</VirtualHost>
<VirtualHost 192.168.1.2:443>
ServerAlias ab.your.com
SSLEngine On
SSLCertificateFile /etc/pki/tls/certs/www.your.com.x509
SSLCertificateKeyFile /etc/pki/tls/private/your.com.key
SSLCertificateChainFile /etc/pki/tls/certs/verisign.intermediate.crt
ErrorLog /var/log/httpd/your-ssl.error.log
# Log everything in common format, except events tagged with dontlog - see end of httpd.conf for details
CustomLog /var/log/httpd/your-ssl.access.log common env=!dontlog
# Redirect to proper start page.
RewriteEngine On
RewriteRule ^/$ /Project2/login2.action [R=301,L]
ProxyRequests Off
ProxyPreserveHost On
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
# ProxyPass to the jboss instance
ProxyPass / http://localhost:8080/
ProxyPassReverse / http://localhost:8080/
<Location />
Order allow,deny
Allow from all
</Location>
</VirtualHost>
ASKER
Is this example will work, why because i have tried with similar example,My question is their any other setting we need to do in JBoos& for thsi redirecting.
No since JBOSS is being proxied the enforcement has to occur through apache.
Access the site and see whether any responses reference the jboss application directly i.e. http://ab.your.com:8080
Did you disable the proxying on the unsecured virtualHost entry as I have?
your inclusion of the proxy within the :80 entries may overtake the redirect.
Check the access_log for port 80
/var/log/httpd/your-ssl.ac cess.log and see what it is reporting when you access, does it redirect or does it proxy the request?
Access the site and see whether any responses reference the jboss application directly i.e. http://ab.your.com:8080
Did you disable the proxying on the unsecured virtualHost entry as I have?
your inclusion of the proxy within the :80 entries may overtake the redirect.
Check the access_log for port 80
/var/log/httpd/your-ssl.ac
ASKER
Thanks,Let me conform once i have checked with redirecting.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER