top button
Flag Notify
    Connect to us
      Facebook Login
      Site Registration Why to Join

Facebook Login
Site Registration

ssl on tomcat: making all links also https

+1 vote

I'm using apache 2.2 as front end and apache tomcat 6.0.37 as backend. I'm using mod_jk for connecting them.

The problem is. I'm using ssl certificates and configured ssl on apache. when I connect the site with https it works but when I click on an link it no more secure i.e. its not secure browsing anymore.

My requirement is as follows.

If user connects as https all the links should work as https. If the user connects as http all the links should work as http is such thing is possible?

posted Dec 4, 2013 by Meenal Mishra

Share this question
Facebook Share Button Twitter Share Button LinkedIn Share Button
Do you mean that links on your https:// pages are http:// (i.e. non-secure) links? What does the code look like that produced your pages (e.g. static file, JSP, or servlet)?

Give us the following and we can help:

a.  configuration for all connectors. Remember to remove any sensitive information you may have in that configuration.
b.. Explain how your webapp produces link URLs. An example would be great.
Yes. I have so many http links as some of our old submitted apps used non secured http links as the apps are in use we cannot change it. I cannot use any redirect rules to convert all the http to https because of that.

We use struts for framework. And normal jsp pages. I'm not a developer so cant say much about it.

This is in my server.xml
$ cat mod_jk.conf
# Where to find
JkWorkersFile /etc/httpd/conf.d/
# Where to put jk logs
JkLogFile /var/log/httpd/mod_jk.log
# Set the jk log level [debug/error/info]
JkLogLevel info
# Select the log format
JkLogStampFormat "[%a %b %d %H:%M:%S %Y] "
# JkOptions indicate to send SSL KEY SIZE,
JkOptions +ForwardKeySize +ForwardURICompat -ForwardDirectories
# JkRequestLogFormat set the request format
JkRequestLogFormat "%w %V %T"
# Send servlet for context /examples to worker named worker1
#JkMount /examples worker1
# Send JSPs for context /examples/* to worker named worker1
JkMount /* worker1
JkShmFile /etc/httpd/logs/jk-runtime-status

$ cat /etc/httpd/conf.d/

Let me know if there is anything else i need to provide

1 Answer

+1 vote

The basic problem is that these old apps are very badly written, if they use absolute URLs to point to things on the same site.

The only real good way to do this, is to modify these apps and pages, to use relative links. Maybe you could do that with some automated script ?


Otherwise, you are going to be applying patches over patches over redirects over rewrites all over the place, and there will always be something not working, and it will be a maintenance nightmare.

What you have to think about it this :
- If *the browser* gets a html page containing a link that starts with "http://", then *the browser* is going to establish a HTTP (non-secure) connection with the server, and send that request through this connection.
- If *the browser* gets a html page containing a link that starts with "https://", then *the browser* is going to establish a HTTPS (secure) connection with the server, and pass that request through this connection.

There is nothing that the server can do, to magically change a HTTP to a HTTPS connection. (At best, the server could send back a "redirect" response).

So if your pages, server-side, originally contain links that start with "http://", you have to change those links, *inside of the pages*, before you send them to the browser. Otherwise there is little that you can do on the server side.

You can theoretically achieve this, on the server side, with a filter which examines all the outgoing pages and replaces the links in them before they go out to the browser, but as you can imagine this is very inefficient, and prone to errors.

answer Dec 5, 2013 by Kumar Mitrasen
Similar Questions
+1 vote

How do I checks what ciphers are available to the https compiled binary, and how do I check with of those are active in the configuration?

Is there any technical reason that ECDHE-RSA-AES128-SHA256 cannot be used on a server with a self-signed cert (there's no e-commerce or any financial data of any sort on the server).

If an existing server wants to switch so that all traffic is encrypted using DH if possible (interested in implementing Perfect Forward Secrecy) are there any "Gotcha's" lurking in the bushes?

If you enable ECDHE-RSA-AES128-SHA256, should you disable EDH?

To be accessible for most people (including some Windows XP users), what else do I need to enable in the cipher suite? RC4? RC4-SHA? TLSv1? AES?

Which ones do I need to avoid?

0 votes

How to use multiple virtual hosts with a single SSL instance running on the standard https port.

0 votes

How do I get a valid certificate for a box that is behind a firewall and does not have a DNS entry?

I was looking at but currently it looks like a valid DNS entry is needed, of which I don't have.

There is nothing special about my setup, its just a box that is not directly on the internet, no DNS entry but I need HTTPS to run correctly.

How do I generate a trusted certificate base on IP or something?

How can I do that? Thanks,

0 votes

how to manage the secured connection error in HTTPS?

+1 vote

I have Apache SSL virtuals behind the Nginx proxy defined with this directive:

SetEnvIf X-Forwarded-Proto https HTTPS=on

Users often use the following rewrite rule in their htaccess files for detecting SSL connection, but the variable HTTPS is not treated as expected:

RewriteCond %{HTTPS} =on

Is there any workaround for this? So far, I tried to disable mod_ssl completely and also checked modules hooks and it seems that environment files are loaded before the rewrite module.

Contact Us
+91 9880187415
#280, 3rd floor, 5th Main
6th Sector, HSR Layout
Karnataka INDIA.