Our Bamboo application hosted on AWS ec2 instance and frontend configuration as a classic load balancer. Recently we upgraded the from ubuntu 14 to ubuntu 18 with higher bamboo version(7.0.4) after that does not work HTTP to https redirect.
Could you please help me with this matter?
Server xml configuration:
<Connector URIEncoding="UTF-8" acceptCount="100" connectionTimeout="20000" disableUploadTimeout="true" enableLookups="false" maxHttpHeaderSize="8192" maxThreads="10" minSpareThreads="5" port="8081" protocol="HTTP/1.1" proxyName="example.com" proxyPort="80" redirectPort="443" scheme="http" secure="false" useBodyEncodingForURI="true"/>
<Connector URIEncoding="UTF-8" acceptCount="100" connectionTimeout="20000" disableUploadTimeout="true" enableLookups="false" maxHttpHeaderSize="8192" maxThreads="150" minSpareThreads="25" port="8080" protocol="HTTP/1.1" proxyName="example.com" proxyPort="443" scheme="https" secure="true" useBodyEncodingForURI="true"/>
LB setting:
Regards,
Nataraj.R
I resolved the issue.
A Older tomcat version contains value(http://java.sun.com/xml/ns/j2ee). but the latest tomcat version contains with http://xmlns.jcp.org/xml/ns/javaee. because of that our ansible script skipped.
- name: Adapt {{ path }}/atlassian-bamboo/WEB-INF/web.xml
xml:
path: "{{ path }}/atlassian-bamboo/WEB-INF/web.xml"
namespaces:
x: http://java.sun.com/xml/ns/j2ee
xpath: "/x:web-app"
input_type: yaml
add_children: "{{ bamboo_configuration_webapp_additions }}"
pretty_print: True
state: present
changed_when: False
We added the below value to the web.xml file under tomcat location.
<security-constraint>
<web-resource-collection>
<web-resource-name>Bamboo</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
Related
I'm using Tomcat 8.5.73 v
On tomcat,
<Connector URIEncoding="UTF-8" connectionTimeout="999999" port="8090" protocol="HTTP/1.1" redirectPort="8443"/>
<Connector port="8443" protocol="org.apache.coyote.http11.Http11AprProtocol" maxThreads="150" SSLEnabled="true" >
<SSLHostConfig>
<Certificate certificateKeyFile="E:/OpenSSL/key/test2/private.key" certificateFile="E:/OpenSSL/key/test2/certificate.crt" certificateChainFile="E:/OpenSSL/key/test2/ca_bundle.crt" type="RSA" />
</SSLHostConfig>
</Connector>
I wrote above code on server.xml and
this code in web.xml
<security-constraint>
<web-resource-collection>
<web-resource-name>HTTP</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
Redirecting is perfectly working and I thought there was no problem.
When I enter in http://localhost:8080 or https://localhost:8443, it works perfectly.
However, when I enter in http://myip(192.xxx.xx.xx):8080, it work when https://myip(192.xxx.xx.xx):8443 doesn't work with ERR_CONNECTION_REFUSED.
P.S. I added in-bound rule in firewall with 443/8443 port
I am able to convert http to https by adding below entry in server.xml of the tomcat. My truststore is having password and I don't want to leave like this.
<Connector port="8443" maxHttpHeaderSize="8192"
maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
enableLookups="false" disableUploadTimeout="true"
acceptCount="100" scheme="https" secure="true"
keystoreFile="/Users/myapp/tomcat/conf/apptruststore.jks" keystorePassword="myP#ssw0rd"
clientAuth="false" sslProtocol="TLS" />
My question is any other way to implement this ? like keeping it in a server side java code or adding encryption in server.xml.
HTTPS works fine in nginx front-end but login refused.HTTP also works fine.
This is the Error shown in chrome console
Failed to load resource: net::ERR_SSL_PROTOCOL_ERROR favicon.ico:1 Failed to load resource: the server responded with a status of 500 ().
I have created abc.jks file.
My server.xml configuration looks like this
<Connector port="8080" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="8443" />
<!-- A "Connector" using the shared thread pool-->
<Connector executor="tomcatThreadPool"
port="8080" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="8443" />
<Connector protocol="org.apache.coyote.http11.Http11NioProtocol"
port="8443" maxThreads="200"
scheme="https" secure="true" SSLEnabled="true"
keystoreFile="/etc/ssl/certs/abc.jks" keystorePass="MYPASSWORD"
clientAuth="false" sslProtocol="TLS"/>
<!-- Define a SSL/TLS HTTP/1.1 Connector on port 8443
This connector uses the NIO implementation that requires the JSSE
style configuration. When using the APR/native implementation, the
OpenSSL style configuration is required as described in theAPR/native
documentation -->
<!-- <Connector
port="8443"protocol="org.apache.coyote.http11.Http11NioProtocol"
maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS" />
--> `
Tried with lot of configuration provided as answers but not working. Following one is very common solution at lot of answers.
To enable SSL open apache-tomcat-7.0.62\conf\server.xml file and uncomment following line:
<Connector port="8443" maxHttpHeaderSize="8192" maxThreads="150"
minSpareThreads="25" maxSpareThreads="75"
enableLookups="false" disableUploadTimeout="true"
acceptCount="100" scheme="https" secure="true"
keystoreFile="/apache-tomcat-7.0.62/conf/SSLcertificate.cert"
clientAuth="false" sslProtocol="TLS" />
apache-tomcat-7.0.62\conf\web.xml file
<security-constraint>
<web-resource-collection>
<web-resource-name>Entire Application</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
I am having Spring application and I like to set only one page from my application to run on https , all the other pages to run on http.
I have this configuration in my web.xml file:
<security-constraint>
<web-resource-collection>
<web-resource-name>SSL Pages</web-resource-name>
<url-pattern>/external/success</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
I have this configuration in server.xml file:
<Connector port="443" protocol="org.apache.coyote.http11.Http11NioProtocol"
maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLSv1.2" keystoreFile="/opt/apache/apache-tomcat-7.0.55-test/conf/test.jks" keystorePass="changeit" keyAlias="test" />
My application is still running on both http and https and the desired page is open only on https. How can I make restrictions to my application.