Help

Forward Port 80 to 8443

Go to solution
cstout
Contributor III
Contributor III

Posted on ‎04-09-2014 10:38 AM

I'm wondering if it is possible to forward port 80 to 8443 in Tomcat. I'd like to be able to hand out a simpler JSS address to our tech departments and lose the requirement of appending :8443 to the end of the address. Is this possible with a connector?

Example
I'd like to type in https://jss.example.com and have it forward to https://jss.example.com:8443

Taking this a step further, would it be possible to also forward http requests to https as well?

Example
If I were to type in http://jss.example.com, it would forward to https://jss.example.com:8443

0 Kudos
Reply
1 ACCEPTED SOLUTION

Go to solution
bentoms
Release Candidate Programs Tester

Posted on ‎04-09-2014 11:28 AM

@cstout, you can port redirect via IIS.

Configure a site to redirect port 80 to 8443.

I've done this on a w2k8r2 server for port 80 to 8090 for another product.

http://technet.microsoft.com/en-us/library/cc732969(v=ws.10).aspx.aspx)

View solution in original post

0 Kudos
Reply
9 REPLIES 9

Go to solution
musat
Contributor III

Posted on ‎04-09-2014 10:46 AM

Our JSS is running on Linux, so you might need to do some translating. We've modified the .htaccess file in /srv/www/htdocs to show:

#Options +FollowSymLinks
#RewriteEngine on
#RewriteRule (.*) https://jss.domain.com:8443/$1 [R=301,L] 

Redirect / https://jss.domain.com:8443/

and that redirects the http (or port 80) connections to our JSS to the secure 8443. This does not redirect https (or port 443) connections, because our server is not listening on port 443.

Hope this helps,
Tim

0 Kudos
Reply

Go to solution
cstout
Contributor III
Contributor III

Posted on ‎04-09-2014 10:48 AM

Thank you for the quick response, Tim. Unfortunately my JSS is running on Windows Server 2008 R2.

0 Kudos
Reply

Go to solution
bentoms
Release Candidate Programs Tester

Posted on ‎04-09-2014 11:28 AM

@cstout, you can port redirect via IIS.

Configure a site to redirect port 80 to 8443.

I've done this on a w2k8r2 server for port 80 to 8090 for another product.

http://technet.microsoft.com/en-us/library/cc732969(v=ws.10).aspx.aspx)

0 Kudos
Reply

Go to solution
tuinte
Contributor III

Posted on ‎04-09-2014 12:00 PM

@cstout][/url:

On our JSS box we have HTTP enabled for our DP anyway, so I just use this for index.html:

<html>
<head>
<meta HTTP-EQUIV="REFRESH" content="0; url=https://jss.server.com:8443">
</head>
<body>
Redirecting...
</body>
</html>

So if we type jss.server.com in a browser it bounces to https://jss.server.com:8443

0 Kudos
Reply

Go to solution
cstout
Contributor III
Contributor III

Posted on ‎04-09-2014 02:46 PM

Ok, I installed IIS and created an HTTP redirect and now I've achieved:
Forwarding HTTP and HTTPS requests for "jss.example.com" to go to "https://jss.example.com:8443"

That works great, thank you very much. Now, I'm curious if anybody out there has noticed that http://jss.example.com:8080 is loading and allowing unencrypted login. That's currently what I'm experiencing and I don't understand why this is so. My Tomcat configuration shows that 8080 is supposed to forward to 8443 and that's clearly not happening for me. If I'm not the only one who sees this, is there a workaround or fix?

0 Kudos
Reply

Go to solution
cstout
Contributor III
Contributor III

Posted on ‎04-09-2014 02:58 PM

Also, just out of pure curiosity, is it possible to have these redirects work with the suite applications as well? With the IIS redirects, I understand this is only applicable to JSS web access. Is there a way to have the same result with the JSS address entered in the application?

0 Kudos
Reply

Go to solution
WUSLS
New Contributor

Posted on ‎09-26-2014 06:02 PM

What about on a Mac Server?? I am attempting the same thing and I am not able to get it to work.

This is a what I have changed on the Apache Tomcat Server.xml file.

<!-- Define a SSL HTTP/1.1 Connector on port 8443 This connector uses the JSSE configuration, when using APR, the connector should be using the OpenSSL style configuration described in the APR documentation --> <Connector URIEncoding="UTF-8" executor="tomcatThreadPool" port="8443" protocol="HTTP/1.1" SSLEnabled="true" maxThreads="150" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" maxPostSize="8388608" keystoreFile="/Library/JSS/Tomcat/TomcatSSLKeystore" ciphers="SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA" keystorePass="xxxxxx"><!--keystoreFile updated by JSS. Tue Sep 23 09:53:21 MDT 2014--><!--keystoreFile updated by JSS. Fri Sep 26 14:53:09 MDT 2014--></Connector> <Connector URIEncoding="UTF-8" executor="tomcatThreadPool" port="443" protocol="HTTP/1.1" redirectPort="8443" scheme="https" secure="true" SSLEnabled="true" clientAuth="false" sslProtocol="TLS" maxPostSize="8388608" keystoreFile="/Library/JSS/Tomcat/TomcatSSLKeystore" ciphers="SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA" keystorePass="xxxxxx"><!--keystoreFile updated by JSS. Tue Sep 23 09:53:21 MDT 2014--><!--keystoreFile updated by JSS. Fri Sep 26 14:53:09 MDT 2014--></Connector> <!-- Define an AJP 1.3 Connector on port 8009 --> <Connector URIEncoding="UTF-8" port="8009" protocol="AJP/1.3" redirectPort="8443" />

0 Kudos
Reply

Go to solution
bentoms
Release Candidate Programs Tester

Posted on ‎09-27-2014 03:39 AM

@WUSLS][/url Is SSL working on 8443 fine? If so, you can redirect traffic using server.app like:

external image link

See: https://help.apple.com/advancedserveradmin/mac/3.1/

0 Kudos
Reply

Go to solution
WUSLS
New Contributor

Posted on ‎09-27-2014 11:44 AM

Duh!!!!! Thanks! Worked like a champ.

0 Kudos
Reply