Installing reverse proxy for Tomcat on IIS gives problem with port 8009

Question

I have TomCat 10 installed on Windows Server 2022. Because I am new to both packages, I designed a simple webapp called TestWeb using the default settings of Tomcat according to the documentation.

When executed on localhoast:8080, I use ws:// to create the websocket . The program runs without problem. However after installing the SSL certificate Chrome gives this error:

Mixed Content: The page at 'https://mydomain/TestWeb/' was loaded over HTTPS, but attempted to connect to the insecure WebSocket endpoint 'ws://mydomain/TestWeb/testserver/openParam'. This request has been blocked; this endpoint must be available over WSS.

So I changed my code to this:

    if(host.indexOf('localhost') >= 0) { 
        //http://localhost:8080/TestWeb/
        wsUri = "ws://" + host + pathname + "testserver/" + openParam;
    } else { 
        //https://mydomain/TestWeb/
        wsUri = "wss://" + host + pathname + "testserver/" + openParam;
    }
    websocket = new WebSocket(wsUri);

Because, to my understanding, Tomcat can't handle HTTPS, a reversed proxy was set up using the instructions of this microsoftblog

The next rewrite rule was defined in IIS

        <rewrite>
            <rules>
                <rule name="ReverseProxyInboundRule1" stopProcessing="true">
                    <match url="(.*)" />
                    <action type="Rewrite" url="http://localhost:8080/TestWeb/{R:1}" />
                </rule>
            </rules>
        </rewrite>

In Application Request Routing, Enable proxy was checked.

Running the program after these adaptions, Chrome gives

WebSocket connection to 'wss://mydomain/TestWeb/testserver/openParam' failed

The local host log of Tomcat shows this Java error

02-May-2023 23:06:01.810 SEVERE [ajp-nio-0:0:0:0:0:0:0:0-8009-exec-6] org.apache.catalina.core.StandardWrapperValve.invoke Servlet.service() for servlet [default] in context with path [/TestWeb] threw exception java.lang.UnsupportedOperationException: HTTP upgrade is not supported by this protocol My question is: what did I wrong?

Seems that Tomcat as backend server receives https instead of http despite the reverse proxy

Answer 1

How to redirect from HTTP to HTTPS on Tomcat server?

First of all, when your certificate is ready, you need to enable HTTPS communication port in tomcat and set it to use your digital certificate to provide SSL support. To enable SSL open ~{Tomcat-Installation-Directory}/conf/server.xml file and uncomment following line:

<Connector 
    port="8443"
    protocol="org.apache.coyote.http11.Http11NioProtocol"
    maxThreads="150"
    SSLEnabled="true">
    <UpgradeProtocol className="org.apache.coyote.http2.Http2Protocol" />
    <SSLHostConfig>
        <Certificate 
            certificateKeystoreFile="C:/apache-tomcat-10.1.1/conf/dev-localhost.jks"
            certificateKeystorePassword="changeit"
            type="RSA" />
    </SSLHostConfig>
</Connector>

Then you can restart tomcat and try to access the web application via HTTPS using port 8443.

Next follow the steps below to configure and redirect from HTTP to HTTPS:

Step 1: Open the server.xml file and set the redirect port to the HTTPS connector port for the HTTP connector.

<Connector 
  port="8080" 
  protocol="HTTP/1.1"
    connectionTimeout="20000"
    redirectPort="8443" 
/>

Step 2: Add the below configuration in ~{Tomcat-Installation-Directory}/conf/web.xml file but make sure to add it after all the Servlet mapping tags.

<security-constraint>
  <web-resource-collection>
      <web-resource-name>All Web Application</web-resource-name>
      <url-pattern>/*</url-pattern>
  </web-resource-collection>
  <user-data-constraint>
      <transport-guarantee>CONFIDENTIAL</transport-guarantee>
  </user-data-constraint>
</security-constraint>

Step 3: Now restart the Tomcat server and hit http://localhost:8080/TestWeb/ on your browser and it will automatically redirected to https://localhost:8443/TestWeb/.

Reference source: https://websparrow.org/misc/how-to-redirect-from-http-to-https-on-tomcat-server I hope this would be some of help.