I have set up an ec2 instance with a java web application running on a tomcat server and an aws application load balancer which directs port 80 and 443 to port 8080 on the ec2 instance.
I have changed the server.xml configuration on tomcat to the following
<Connector port="8080" protocol="HTTP/1.1"
proxyPort="443"
proxyName="sub.mydomain.com"
scheme="https"
secure="true"
connectionTimeout="20000"
redirectPort="8443" />
Now I am able to connect go to "sub.mydomain.com" and "https ://sub.mydomain.com". But how do I redirect all "http ://sub.mydomain.com" requests to "https ://sub.mydomain.com"?
Just add this in your web.xml
<security-constraint>
<web-resource-collection>
<web-resource-name>HTTPSOnly</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
Related
I have configured Hosted zones in Route 53 with external domaine.
I have upload and deploy app express with Elastic Beanstalk.
const express = require("express")
const cors = require('cors');
const app = express()
const PORT = process.env.PORT || 8000
connection()
app.use(cors({
origin: '*'
}));
app.get('/', (req, res) => {
res.send('Hello World')
})
app.listen(PORT, () => console.log(`Listen on port ${PORT}`))
module.exports = app
I have created AWS Certificate Manager with success.
In Elastic Beanstalk > Configuration > Load balancer > add listener :
443 | HTTPS : selected my certification
When i make request with http protocol (port 80) that work.
But when i make request with https, i have error timeout.
for information my app work in Heroku with https.
EDIT:
the problem came from Hosted zones. thank for your help
I have a django site hosted on elastic beanstalk. I have obtained a AWS SSL certificate and this has been associated with the load balancer 443 HTTPS port.
In my config file I have:
MIDDLEWARE = [
...
"django.middleware.csrf.CsrfViewMiddleware",
]
CSRF_COOKIE_HTTPONLY = False
SESSION_COOKIE_HTTPONLY = True
With this setup I am able to login to the site but the browser displays 'not secure' in the address bar, and if I prepend 'https://' to the urls I get a page stating the connection is not private.
If I add
SESSION_COOKIE_SECURE = True
CSRF_COOKIE_SECURE = True
Then it becomes impossible to login (the login page just reloads) or if I got to a incognito browser I get a 'CSRF verification failed. Request aborted.' message.
Apologies for the long question, I've just tried to include ay detail that may be relevant
In settings.py
Add IP and domain in ALLOWED_HOSTS list.
You can put *, but it is not recomended. * means all host are allowed here.
ALLOWED_HOSTS = ['your_ip']
I had my load balancer listener configured wrong for port 4443. I had the instance port and instance protocol as 443 and https whereas they should be 80 and http
I configure the gateway cluster follow this guide:https://docs.wso2.com/display/AM210/Clustering+the+Gateway.
172.19.28.71: Gateway Manager Host
172.19.28.84: Gateway Worker Host
Gateway Manager axis2.xml:
<clustering class="org.wso2.carbon.core.clustering.hazelcast.HazelcastClusteringAgent"
enable="true">
<parameter name="membershipScheme">wka</parameter>
<parameter name="domain">wso2.am.internal.domain</parameter>
<parameter name="localMemberHost">172.19.28.71</parameter>
<parameter name="localMemberPort">4500</parameter>
<members>
<member>
<hostName>172.19.28.71</hostName>
<port>4500</port>
</member>
<member>
<hostName>172.19.28.84</hostName>
<port>4200</port>
</member>
</members>
Gateway Worker axis2.xml:
<clustering class="org.wso2.carbon.core.clustering.hazelcast.HazelcastClusteringAgent"
enable="true">
<parameter name="membershipScheme">wka</parameter>
<parameter name="domain">wso2.am.internal.domain</parameter>
<parameter name="localMemberHost">172.19.28.84</parameter>
<parameter name="localMemberPort">4200</parameter>
<members>
<member>
<hostName>172.19.28.71</hostName>
<port>4500</port>
</member>
<member>
<hostName>172.19.28.84</hostName>
<port>4200</port>
</member>
</members>
Publiser and Store api-manager.xml:
<Environment type="hybrid" api-console="true">
<Name>Internal</Name>
<Description>This is a hybrid gateway that handles both production and sandbox token traffic.</Description>
<ServerURL>https://172.19.28.71:9443/services/</ServerURL>
<Username>${admin.username}</Username>
<Password>${admin.password}</Password>
<GatewayEndpoint>http://172.19.28.84:8280,https://172.19.28.84:8243</GatewayEndpoint>
</Environment>
But When I test in API Console(Gateway Worker URL:https://172.19.28.84:8243/pizzashack/3.0.0), nothing response, following is Gateway Worker's log:
[2017-05-16 10:15:57,996] INFO {org.apache.synapse.mediators.builtin.LogMediator} - STATUS = Message dispatched to the main sequence. Invalid URL., RESOURCE = /pizzashack/3.0.0/menu {org.apache.synapse.mediators.builtin.LogMediator}
Gateway Manager URL (172.19.28.71:8243/pizzashack/3.0.0) is working.
You need to enable SVN based deployment synchronizer between gateways. Otherwise, pizzashack API won't be deployed in all the gateways.
Following below URLs, I successfully redirect website http://www.example.com (I bought from AWS Route 53, real domain name is replaced) to http://abc.wix.com/xyz/ via www.example.com.au.s3-website-ap-southeast-2.amazonaws.com
Refer: Set up DNS based URL forwarding in Amazon Route53 and Redirect subdomain URL to URL subdirectory on Amazon AWS
Redirection rules:
<RoutingRules>
<RoutingRule>
<Redirect>
<Protocol>http</Protocol>
<HostName>abc.wix.com</HostName>
<ReplaceKeyPrefixWith>xyz/</ReplaceKeyPrefixWith>
<HttpRedirectCode>301</HttpRedirectCode>
</Redirect>
</RoutingRule>
</RoutingRules>
The problem is, when I click http://www.example.com, it redirects the url to http://abc.wix.com/xyz/ in browser and show the web content.
What I need is: in the browser, should be always showed as http://www.example.com , but contents are in http://abc.wix.com/xyz/.
i have a web service that i want to enable for use to all users (web service is written as java class). I use realm to configure my website security. How can i enable this resource in web.xml?
thanks
This allows everyone (without login) to access the resource (there is no auth-constraint tag):
<security-constraint>
<web-resource-collection>
<web-resource-name>MyWebService</web-resource-name>
<url-pattern>/public/webservice</url-pattern>
</web-resource-collection>
</security-constraint>
This allows the logged in users (which has at least one role from the security-role list) to access the resource:
<security-constraint>
<web-resource-collection>
<web-resource-name>MyWebService</web-resource-name>
<url-pattern>/public/webservice</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>*</role-name>
</auth-constraint>
</security-constraint>
<security-role>
<role-name>user</role-name>
<role-name>admin</role-name>
<role-name>manager</role-name>
</security-role>