We Keep Coding

Applying SSL in tomcat doesn't work with ip address

I'm using Tomcat 8.5.73 v
On tomcat,
<Connector URIEncoding="UTF-8" connectionTimeout="999999" port="8090" protocol="HTTP/1.1" redirectPort="8443"/>
<Connector port="8443" protocol="org.apache.coyote.http11.Http11AprProtocol" maxThreads="150" SSLEnabled="true" >
<SSLHostConfig>
<Certificate certificateKeyFile="E:/OpenSSL/key/test2/private.key" certificateFile="E:/OpenSSL/key/test2/certificate.crt" certificateChainFile="E:/OpenSSL/key/test2/ca_bundle.crt" type="RSA" />
</SSLHostConfig>
</Connector>
I wrote above code on server.xml and
this code in web.xml
<security-constraint>
<web-resource-collection>
<web-resource-name>HTTP</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
Redirecting is perfectly working and I thought there was no problem.
When I enter in http://localhost:8080 or https://localhost:8443, it works perfectly.
However, when I enter in http://myip(192.xxx.xx.xx):8080, it work when https://myip(192.xxx.xx.xx):8443 doesn't work with ERR_CONNECTION_REFUSED.
P.S. I added in-bound rule in firewall with 443/8443 port

http to https in TOMCAT

I am able to convert http to https by adding below entry in server.xml of the tomcat. My truststore is having password and I don't want to leave like this.
<Connector port="8443" maxHttpHeaderSize="8192"
maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
enableLookups="false" disableUploadTimeout="true"
acceptCount="100" scheme="https" secure="true"
keystoreFile="/Users/myapp/tomcat/conf/apptruststore.jks" keystorePassword="myP#ssw0rd"
clientAuth="false" sslProtocol="TLS" />
My question is any other way to implement this ? like keeping it in a server side java code or adding encryption in server.xml.

Ciphers Configuration in server.xml

I configured server.xml like below:
<Connector SSLEnabled="true" URIEncoding="UTF-8" acceptCount="100" ciphers="TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA256" clientAuth="false" connectionTimeout="20000" disableUploadTimeout="true" enableLookups="false" keystoreFile="conf/server.p12" keystorePass="${xxxx.keystorePass}" keystoreType="PKCS12" maxHttpHeaderSize="65535" maxParameterCount="-1" maxPostSize="-1" maxThreads="150" minSpareThreads="25" name="SSL" port="8443" scheme="https" secure="true" server="XXXX" sslEnabledProtocols="TLSv1,TLSv1.1,TLSv1.2" sslProtocol="TLS"/>
But my application is not started. Why the ciphers I configured are not accepted during tls handshake?

Http to https redirect issue

Our Bamboo application hosted on AWS ec2 instance and frontend configuration as a classic load balancer. Recently we upgraded the from ubuntu 14 to ubuntu 18 with higher bamboo version(7.0.4) after that does not work HTTP to https redirect.
Could you please help me with this matter?
Server xml configuration:
<Connector URIEncoding="UTF-8" acceptCount="100" connectionTimeout="20000" disableUploadTimeout="true" enableLookups="false" maxHttpHeaderSize="8192" maxThreads="10" minSpareThreads="5" port="8081" protocol="HTTP/1.1" proxyName="example.com" proxyPort="80" redirectPort="443" scheme="http" secure="false" useBodyEncodingForURI="true"/>
<Connector URIEncoding="UTF-8" acceptCount="100" connectionTimeout="20000" disableUploadTimeout="true" enableLookups="false" maxHttpHeaderSize="8192" maxThreads="150" minSpareThreads="25" port="8080" protocol="HTTP/1.1" proxyName="example.com" proxyPort="443" scheme="https" secure="true" useBodyEncodingForURI="true"/>
LB setting:
Regards,
Nataraj.R

I resolved the issue.
A Older tomcat version contains value(http://java.sun.com/xml/ns/j2ee). but the latest tomcat version contains with http://xmlns.jcp.org/xml/ns/javaee. because of that our ansible script skipped.
- name: Adapt {{ path }}/atlassian-bamboo/WEB-INF/web.xml
xml:
path: "{{ path }}/atlassian-bamboo/WEB-INF/web.xml"
namespaces:
x: http://java.sun.com/xml/ns/j2ee
xpath: "/x:web-app"
input_type: yaml
add_children: "{{ bamboo_configuration_webapp_additions }}"
pretty_print: True
state: present
changed_when: False
We added the below value to the web.xml file under tomcat location.
<security-constraint>
<web-resource-collection>
<web-resource-name>Bamboo</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTAL</transport-guarantee>
</user-data-constraint>
</security-constraint>

Set ssl only on one page on apache tomcat

I am having Spring application and I like to set only one page from my application to run on https , all the other pages to run on http.
I have this configuration in my web.xml file:
<security-constraint>
<web-resource-collection>
<web-resource-name>SSL Pages</web-resource-name>
<url-pattern>/external/success</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
I have this configuration in server.xml file:
<Connector port="443" protocol="org.apache.coyote.http11.Http11NioProtocol"
maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLSv1.2" keystoreFile="/opt/apache/apache-tomcat-7.0.55-test/conf/test.jks" keystorePass="changeit" keyAlias="test" />
My application is still running on both http and https and the desired page is open only on https. How can I make restrictions to my application.