This has a couple of gotcha’s.
This video from Bill Stewart is an excellent guide
But it assumes you have the Tomcat APR Module already installed.
This guide from https://bmcsites.force.com/casemgmt/sc_KnowledgeArticle?sfdcid=kA33n000000XtwiCAC&type=FAQ
Explains how (it uses version 1.2.32 ) which I recommend! Because I couldn’t get 2.0 to work for some reason.
I think you also need to add it to the path!
| How to install the Tomcat APR module (Apache Portable Runtime) in Windows Server environments? |
ANSWER
| As part of the necessary steps to increase performances in Footprints, we need to deploy the APR module, or runtime, which is available for download on this page : https://downloads.apache.org/tomcat/tomcat-connectors/native/ Go to directories from the above link like /1.2.32/binaries/ and download this file tomcat-native-1.2.32-openssl-1.1.1n-ocsp-win32-bin.zip Note# the version may be different as it is updated by apache tomcat Tomcat can use the Apache Portable Runtime to provide superior scalability, performance, and better integration with native server technologies. The Apache Portable Runtime is a highly portable library that is at the heart of Apache HTTP Server 2.x. APR has many uses, including access to advanced IO functionality (such as sendfile, epoll and OpenSSL), OS level functionality (random number generation, system status, etc), and native process handling (shared memory, NT pipes and Unix sockets). These features allows making Tomcat a general purpose webserver, will enable much better integration with other native web technologies, and overall make Java much more viable as a full fledged webserver platform rather than simply a backend focused technology.Installation:STOP THE TOMCAT SERVICE FIRST !1 – Download the zip file from this location : https://downloads.apache.org/tomcat/tomcat-connectors/native/ Go to directories from the above link like /1.2.32/binaries/ and download this file tomcat-native-1.2.32-openssl-1.1.1n-ocsp-win32-bin.zip Note# the version may be different as it is updated by apache tomcat 2 – Unzip the content and open the /bin folder, then copy the X64 folder and openssl.exe file: 3 – Access../Tomcat X.X/bin and paste the folder and file copied at step 2 : Note : in this example my Tomcat is 8.5, consequently the folder is under ../tomcat8.5/bin. You must adapt the path to your own situation and Tomcat Version. 4 – From this location, open the X64 folder you have just pasted and copy the 2 files you find inside. DO NOT CUT them ! 5 – Go back to ../Tomcat X.X/bin folder and PASTE : You now have installed Tomcat APR for 64bit server version of Windows. Next step is to make it so that Tomcat can make use of the APR from boot up. 1 – Open ../Tomcat X.X/conf/server.xml with notepad or Notepad++ 2 – Change the line that says protocol=”Http1.1″ to protocol=”org.apache.coyote.http11.Http11AprProtocol” Note : This is case sensitive, hence you MUST respect the capital letters! The line now looks like this : 3 – Restart the Tomcat Service now. You can verify that the APR module and the OpenSSL have been correctly installed by openening the ../tomcatX.X/logs/catalina.log file, where you will see clear evidence that the module and Open SSL have been found and used (edit catalina.log file using Notepad or Notepad++): These 2 lines indicate that the modules have been loaded correctly : |
And then only allow HTTPS
From https://medium.com/@anil7017/redirect-http-request-to-https-in-apache-tomcat-bcd710daabf4
Files needs to be change
- server.xml
- web.xml
server.xml
<Connector port=”80" protocol=”HTTP/1.1"
connectionTimeout=”20000"
redirectPort=”443" />
web.xml
<security-constraint>
<web-resource-collection>
<web-resource-name>Entire Application</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
That’s it Restart the Tomcat and test you will see all pages should redirect to https.
Michael Ellerbeck 