SSL on Jelastic and Jetty 9 - ssl

I created Jelastic environment with Jetty 9. Then I added SSL support - Jelastic created NGinx instance and my solution now available using https and provides certificate. Question is - how to deny access on old non secure way? I mean using ordinary http?

You just need to edit the nginx config. to redirect http requests to https.
Example configs:
NGINX Redirect http to https and non-www to ww
https://serverfault.com/questions/250476/how-to-force-or-redirect-to-ssl-in-nginx

Related

SSL on application in nginx

I am running an nginx web server where I redirect all http requests to https (with a self signed cert).
Problem is - I cannot seem to do so for an app running on a port. Example:
http://my.server.ip:1234
How can I modify the nginx config file to force that url through ssl?
try this:
return 301 https://my.server.ip:1234$request_uri;

Routing subdomains in Apache Tomcat

I have 2 subdomains for my domain: "www" and "hosting". I made 2 WAR applications: one for the "www" site, and another for the "hosting" site.
Is there any way I can configure Tomcat 7 to route subdomains to web applications?
Reverse Proxy set up would enable finer control over how the HTTP requests are handled and directed. You would configure the proxy for each of the subdomains to point to the proper applications.
I use nginx as a reverse proxy in front of my Tomcat webservers.

If I get an ssl certificate - can I still access my web pages using http?

If I get an ssl certificate - can I still access my web pages using http (instead of https) so they'll load faster?
Or perhaps have the ssl for only certain pages on my site? (I'm using web hosting, perhaps it matters.)
Yes. When you're setting up the certificate, you can configure your server to listen on port 443 (for SSL, where it will serve your certificate) as well as port 80 (where normal HTTP traffic will go). For pages where you absolutely want to have SSL, you'll need to force the user to visit the https:// URL.

mod_proxy: when proxying tomcat from apache on 8443, is tomcat certificate needed

I am getting started now on adding SSL login pages to my webapp. I am using apache mod_proxy to proxy tomcat.
Some tutorials showed that I need to get an SSL certificate for apache and proxy my login pages to tomcat on port 8443.
Is port 8443 automatically an encrypted SSL port for tomcat? Do I need both an apache certificate and a tomcat certificate?
Andy
As far as the browser is concerned, Apache Httpd will "terminate" the SSL/TLS connection to your web server. Whether the content it serves is in fact coming from Tomcat doesn't matter to the browser. The browser will only see as far as Apache Httpd in that scenario. If it is set up with a certificate recognised by the browser, this is sufficient.
In addition to this, you may want to encrypt the connection between Apache Httpd and Tomcat. This is only really useful if you don't trust the network between the two (rarely useful on the same host, for example). I don't think mod_proxy_ajp supports SSL/TLS, but mod_proxy_http does, in which case you need to configure the SSLProxy* directives (see introduction): Apache Httpd will be a client in that respect, and Tomcat will need to be configured with a certificate in this case.
If you don't need to encrypt the link between Apache Httpd and Tomcat, the easiest is probably to use mod_proxy_http as a reverse proxy to the plain HTTP port of Tomcat (and make sure that port can't be accessed externally, via a firewall for example).

Is it possible to have a client certificate authentication only for a subdirectory in Tomcat behind Apache?

Let's say I have
example.com
and I would like a client certificate authentication on
example.com/admin
Is this possible?
Perhaps by configuring your (Apache or Lighttpd) web server to act as an HTTP[S] proxy (to another HTTPS server doing the certificate (but I am not sure).