[SOLVED] Redirect http to https

[rwjblue]

I would like to setup tomcat to redirect any requests for http://myserver.domain.com to https://myserver.domain.com. I have Zimbra setup using https mode only (because of HIPAA), and would like my users to be able to simply type myserver.domain.com and get a secure Zimbra login page.

I assume this is a fairly simple thing to do, but I am not familiar enough with tomcat to be able to get it done...

Any help is appreciated,

Robert Jackson

[KevinH]

If zimbra is in https mode, then it should do this for you. At least is should not accept login's on http. What are you seeing now?

[rwjblue]

You are absolutely correct. Currently if I try to navigate to http://myserver.mydomain.com/ the page times out. This is because tomcat is not listening on port 80. When I navigate to https://myserver.mydomain.com/ the Zimbra login is displayed as you would expect.

What I would like to have happen is when a request is made for port 80 to respond with an html redirect to https://myserver.mydomain.com. This way I am only accepting https connections for access to Zimbra, but the user doesn't have to remember to type https.

I have a similar situation that I have handled in apache with simple html code to redirect the request.

Here is the code:

Code:

<html>
<head>
 <title>Redirect Page</title>

 <meta HTTP-EQUIV="REFRESH" CONTENT="0;
 URL=https://myserver.mydomain.com/index.php">
 </head>
<BODY/>
</HTML>

So basically what I am asking is how to do this with Zimbra? I assumed that I would have to tell tomcat to listen to port 80 and redirect the request, but I suppose I could install apache and have it do the redirect.

Thanks for your help,

Robert Jackson

[KevinH]

I think you could configure this in tomcat's server.xml or web.xml. In general we just close off port 80 to outside traffic so folks can't even get to the port.

[rwjblue]

That makes sense.

Any pointers on how to do this? Or on which sections to change in server.xml.in?

Thanks again,

Robert

[marcmac]

I THINK this is what you want:

First, back up server.xml.in

Next, you'll want to remove two comment lines:
<!-- HTTPBEGIN -->
<!-- HTTPEND -->

Then, restart tomcat. You'll see the new server.xml written, with the http port not commented out.

What I'm not sure of is if you'll then have http access open.

[dillera]

If you are using Linux, just redirect them at the kernel level, using iptables:

# iptables -t nat -A PREROUTING -p tcp --dport 80 -i eth0 -j REDIRECT --to-port 443

do that as root and leave poor zimbra alone!

Hint: put it in /etc/rc.local to survive reboots.



Also, I found this page with other methods:
http://www-128.ibm.com/developerwork.../l-secjav.html

[Kevin Krause]

I'm trying to do the same, and none of these tips work for me...
I want to make the Web interface fool proof by redirecting to https://<my host> when the user types in http://<my host>. The iptables thing doesn't work for me as it gives me an empty response (no headers) when I try to connect to port 80. I don't have any other iptables rules on the machine.
So I guess the way to go would be via the tomcat configuration. I'd be grateful for more hints.

[KevinH]

I did a few google searches:

try adding redirectPort="<your SSL port>" in server.xml to the HTTP connector.

[Kevin Krause]

Quote:

try adding redirectPort="<your SSL port>" in server.xml to the HTTP connector.

Interestingly enough, that's already there in the default Zimbra generated server.xml... here's a snippet:

Code:

    <!-- HTTPBEGIN -->
    <Connector port="80"
        enableLookups="false" redirectPort="443"
        maxThreads="100" minSpareThreads="100" maxSpareThreads="100"/>
<!-- HTTPEND -->

I have to admit that I have quite close to zero knowledge about Tomcat, otherwise I'd probably be able to figure out a solution on my own.