Configuring Redirection from http to https in Tomcat

Setting up a redirect from http to https may be necessary if the MDM Universe servers are isolated and only port 443 (standard for https) is open. With this configuration, Tomcat cannot accept http requests.

Below is an example of a configuration in which in server.xml port 80 (standard for http) opens with a redirect to 443, and in the settings web.xml a configuration is added so that any request is handled as CONFIDENTIAL. With this setup, any request to the backend will be forwarded to port 443 with https.

Add connectors to the file server.xml:

<Connector port="80" protocol="HTTP/1.1"
          connectionTimeout="20000" redirectPort="443"/>

<Connector port="443" protocol="org.apache.coyote.http11.Http11NioProtocol"
          maxThreads="150" scheme="https" secure="true" SSLEnabled="true" >
    <SSLHostConfig>
        <Certificate certificateKeystoreFile="${path_to_keystore}"
                    certificateKeystorePassword="${keystore_password}"
                    type="RSA" />
    </SSLHostConfig>
</Connector>

Add to the end of the file web.xml:

<security-constraint>
    <web-resource-collection>
        <web-resource-name>Universe Backend</web-resource-name>
        <url-pattern>/*</url-pattern>
    </web-resource-collection>
    <user-data-constraint>
        <transport-guarantee>CONFIDENTIAL</transport-guarantee>
    </user-data-constraint>
</security-constraint>

Add file docker-compose.yaml to the new paths to the volumes section. These paths allow you to put files server.xml and web.xml in Tomcat:

volumes:
  - ${BACKEND_INTEGRATION:-./universe-integration}:/usr/local/tomcat/universe-integration
  - PATH_TO_MODIFIED_SERVER.xml/server.xml:/usr/local/tomcat/conf/server.xml
  - PATH_TO_MODIFIED_WEB.xml/web.xml:/usr/local/tomcat/conf/web.xml