9 Replies Latest reply on Oct 31, 2012 4:24 AM by erasmomarciano

    how to setup server.xml on jboss 5.1.0 for HTTPS protocol

    trimulyo

      Hello,

       

      bellow is my setting on server.xml, but i can't access https://localhost:8443. the jboss still run on http://localhost:8880. I hope somebody can help me...thanks a lot

       

       

      <!-- A HTTP/1.1 Connector on port 8080 --> <!-- edited -->

            <Connector protocol="HTTP/1.1" port="8880" address="${jboss.bind.address}"

                     connectionTimeout="20000" redirectPort="8443" />

       

              <!-- Add this option to the connector to avoid problems with

                .NET clients that don't implement HTTP/1.1 correctly

               restrictedUserAgents="^.*MS Web Services Client Protocol 1.1.4322.*$"      -->

       

            <!-- A AJP 1.3 Connector on port 8009 -->

            <Connector protocol="AJP/1.3" port="8009" address="${jboss.bind.address}"

               redirectPort="8443" />

       

            <!-- SSL/TLS Connector configuration using the admin devl guide keystore -->

              <Connector port="8443" address="${jboss.bind.address}"

                     protocol="HTTP/1.1" SSLEnabled="true"

                     maxThreads="150" strategy="ms" maxHttpHeaderSize="8192"

                     emptySessionPath="true"              

                      scheme="https" secure="true" clientAuth="false"

                     keystoreFile="${jboss.server.home.dir}\conf\jbossweb.keystore"          

                                       keystorePass="123123" sslProtocol="TLS"

                                       />

        • 1. Re: how to setup server.xml on jboss 5.1.0 for HTTPS protocol
          mrectenwald

          I recently went through same process as you. Your server.xml looks ok. To force http request to 8443 port, one must modify the web.xml file too. The below security-constraint forces the entire application to port 8443. One also can configure web.xml to force the secure port to a page, for example, by changing the web-resouce-collection element.

           

          <security-constraint>

           

                  <web-resource-collection>

                          <web-resource-name>Entire Application</web-resource-name>

                          <url-pattern>/*</url-pattern>

                  </web-resource-collection>

           

                  <user-data-constraint>

                          <transport-guarantee>CONFIDENTIAL</transport-guarantee>

                  </user-data-constraint>

           

          </security-constraint>

          • 2. Re: how to setup server.xml on jboss 5.1.0 for HTTPS protocol
            trimulyo

            i found many web.xml, which one that you suggest?

            • 3. Re: how to setup server.xml on jboss 5.1.0 for HTTPS protocol
              mrectenwald

              tri mulyo wrote:

               

              i found many web.xml, which one that you suggest?

              That depends...which application do you want users to access via https.

              • 4. Re: how to setup server.xml on jboss 5.1.0 for HTTPS protocol
                trimulyo

                tri mulyo wrote:

                 

                i found many web.xml, which one that you suggest?

                That depends...which application do you want users to access via https.

                 

                sorry, I am confused. below is part of server.xml that i found

                 

                <!-- A security constraint that restricts access -->

                   <security-constraint>

                     <web-resource-collection>

                       <web-resource-name>ContextServlet</web-resource-name>

                       <description>An example security config that only allows users with the

                         role 'JBossAdmin' to access the JBossWS console web application

                       </description>

                       <url-pattern>/*</url-pattern>

                     </web-resource-collection>

                     <auth-constraint>

                       <role-name>JBossAdmin</role-name>

                     </auth-constraint>

                   </security-constraint>

                • 5. Re: how to setup server.xml on jboss 5.1.0 for HTTPS protocol
                  mrectenwald

                  sorry, I am confused. below is part of server.xml that i found

                   

                  <!-- A security constraint that restricts access -->

                     <security-constraint>

                       <web-resource-collection>

                         <web-resource-name>ContextServlet</web-resource-name>

                         <description>An example security config that only allows users with the

                           role 'JBossAdmin' to access the JBossWS console web application

                         </description>

                         <url-pattern>/*</url-pattern>

                       </web-resource-collection>

                       <auth-constraint>

                         <role-name>JBossAdmin</role-name>

                       </auth-constraint>

                     </security-constraint>

                  Hmmm...I did a search on the above (grep -R <something from above> deploy) in the deploy directory and did not get any hits on the server.xml file as noted in your reply. The hits I got were from the web.xml. So now I'm confused. If I understand you correctly, you want your apps redirected to https. Change the server.xml file (like the excerpt you posted) and application web.xml file. Or configure a proxy to handle the https request.

                  The Security Guide has some great information setting up the server.xml file and web.xml file.

                  • 6. Re: how to setup server.xml on jboss 5.1.0 for HTTPS protocol
                    trimulyo

                    sorry, I am confused. below is part of server.xml that i found

                     

                    <!-- A security constraint that restricts access -->

                       <security-constraint>

                         <web-resource-collection>

                           <web-resource-name>ContextServlet</web-resource-name>

                           <description>An example security config that only allows users with the

                             role 'JBossAdmin' to access the JBossWS console web application

                           </description>

                           <url-pattern>/*</url-pattern>

                         </web-resource-collection>

                         <auth-constraint>

                           <role-name>JBossAdmin</role-name>

                         </auth-constraint>

                       </security-constraint>

                    Hmmm...I did a search on the above (grep -R <something from above> deploy) in the deploy directory and did not get any hits on the server.xml file as noted in your reply. The hits I got were from the web.xml. So now I'm confused. If I understand you correctly, you want your apps redirected to https. Change the server.xml file (like the excerpt you posted) and application web.xml file. Or configure a proxy to handle the https request.

                    The Security Guide has some great information setting up the server.xml file and web.xml file.

                     

                     

                     

                    Hi Big Sky,

                     

                    Sorry I am wrong..I mean the data from web.xml.

                    • 7. Re: how to setup server.xml on jboss 5.1.0 for HTTPS protocol
                      sat.ena

                      What do you get when you access via https?

                       

                      Also check the server firewall for 8443 port if it is open. Just a thought.

                      • 8. Re: how to setup server.xml on jboss 5.1.0 for HTTPS protocol
                        fyakin

                        I have similar problem, I would like to redirect port 8080 to 8443

                         

                        How you resolve your issue?

                         

                        I have setup my server.xml and web.xml ( I have multiple web.xml from multiple directories). SO I don't know which one that I need to modify

                         

                        Thanks

                         

                        Francis

                        • 9. Re: how to setup server.xml on jboss 5.1.0 for HTTPS protocol
                          erasmomarciano

                          Hi

                           

                          Your broswer opens the pop-up or it shows a messagge of info that your certificate isn't trusted.

                           

                          I suppuse this certificate is self-signed.

                           

                          This message is also a mode sure for to know that the connector https it works