Configuring JBoss over HTTPS including redirecting HTTP requests to HTTPS

Issue to resolve:

 It is common that a project that have a JBoss web server started as using the default HTTP connection and suddently a customer demand that the server will work over HTTPS on a secure port and protocol (SSL). Since the code is built (sometimes hardcoded) for accessing HTTP and the old port (usually 8080) it is not a trivial issue to resolve.

Here's a list of requirements to resolve:

- Both HTTP and HTTPS connections should be valid since we need to get HTTP requests and redirect it to HTTPS - closing the HTTP connection will result with unhandled requests

- Redirect each HTTP request directed to the server to the HTTPS protocol with the proper port

Please notice that this has been needed and tested only for JBoss 4.2.3 so I didn't tested it on any other JBoss version.


Configuration of HTTPS and HTTP connections:

Edit the server.xml file (located in the /deploy/jboss-web.deployer folder).

The default file have by default only the HTTP connection enabled and the HTTPS connection commented out therefore you'll probably need only to enable (remove the comment brackets) the HTTPS connection.

You'll need to create a certificate file or get one from your customer.

For creating one goto the JDK bin folder, run the keytool script and follow the interactive instructions.

The resulting section of the file should therefore look like this:

     <Connector port="8080" address="${jboss.bind.address}"    
       maxThreads="250" maxHttpHeaderSize="8192"
         emptySessionPath="true" protocol="HTTP/1.1"
         enableLookups="false" redirectPort="8443" acceptCount="100"
         connectionTimeout="20000" disableUploadTimeout="true" />
    <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
               maxThreads="150" scheme="https" secure="true"
               clientAuth="false" sslProtocol="TLS" strategy="ms"
  keystoreFile="${jboss.server.home.dir}/conf/<certificate file name>"
               keystorePass="<cerificate password>"
               truststoreFile="${jboss.server.home.dir}/conf/<certificate file name>"
               truststorePass="<cerificate password>"/>

Redirect solution:

For redirecting the HTTP requests to the HTTPS connection, insert the following tag into the <web-app> tag of each web.xml file that is located in the WEB-INF sub-folder of each of your JBoss server WAR files/folders. Please notice that this must be done in each of the WAR archives!



Also, based on this link: I've added the following line to server.xml file in both <Host> and <Engine> tags:


<Valve className="org.jboss.web.rewrite.RewriteValve" />
Yoram Michaeli
Tikal Knowledge
DevOps Fullstack Tech Leader

DevOps Group