Get Started

Jenkins: Jenkins on Tomcat does not redirect HTTP to HTTPS

by the Hossted team
02.07.2024

Problem:

The client was operating Jenkins 2.344 on Apache Tomcat 8.5.41 and required redirection from port 8084 (HTTP) to port 8443 (HTTPS). Although the “server.xml” and “web.xml” files were configured in the $CATALINA_HOME/conf/ directory, leading to successful redirection from http://jenkins:8084 to https://jenkins:8443, accessing http://jenkins:8084/jenkins (the application) did not redirect to port 8443. The cancellation of port 8084 was not considered feasible due to its extensive use by clients and webhooks in the ecosystem. The “server.xml” and “web.xml” files were provided for further assistance with this issue.

Process:

Step 1 – Initial investigation and troubleshooting


The expert team investigated the issue, initially reviewed config files, and after evaluation of the XML structure, provided the feedback to the client:

  • The ‘security-constraint’ method of TLS enforcement was in effect at first, but due to an invalid XML tag (missing closing tag), it wasn’t getting applied whatsoever (file: `web.xml`)
  • The expert team suggested using the `org.apache.catalina.valves.rewrite.RewriteValve` method of HTTP-to-HTTPS redirection, by leveraging granular rewrite rules offered by that module. More info: `https://tomcat.apache.org/tomcat-9.0-doc/rewrite.html`

    • The expert team proposed a solution: edit the file `web.xml` at line 4770, adding the missing opening tag: ‘security-constraint’

    Step 2 – Further investigation.

    The client suggested that the file was copy-paste faulty and the tag was omitted during the paste and requested help with how to define/configure the RewriteValve.

    The client also informed the expert team that the 8443 port worked properly, and the redirection for the root URL also functioned correctly. When the client attempted to access myserver:8084, he was successfully redirected to myserver:8443. However, the problem arose when attempting to access myserver:8084/jenkins; in this case, the client was not redirected to myserver:8443/jenkins.

    Solution:

    The expert team suggested the next steps:

    1. Add ‘Valve className=”org.apache.catalina.valves.rewrite.RewriteValve” /’ right before the line where the closing tag of ‘/Host’ was.

    2. In the conf directory of Tomcat (the very same dir where the `server.xml`​ and `web.xml`​ are located), create a file `rewrite.config`.

    That file should contain the following content:

    ```
RewriteCond %{SERVER_PORT} ^8084$
RewriteRule ^/(.*)$ https://%{SERVER_NAME}:8443/$1 [R,L]
```

    3. Restart the Tomcat service

    After this, the expert team suggested verifying to the client that he had TLS support enabled properly.

    Conclusion:

    The client operated Jenkins 2.344 on Apache Tomcat 8.5.41 and needed redirection from port 8084 (HTTP) to port 8443 (HTTPS). Despite successful redirection from http://jenkins:8084 to https://jenkins:8443, accessing http://jenkins:8084/jenkins did not redirect to the HTTPS port. Initial troubleshooting revealed an invalid XML tag in web.xml, and the expert team suggested using RewriteValve for HTTP-to-HTTPS redirection. The solution involved adding to server.xml and creating a rewrite.config file with specific rewrite rules, followed by restarting the Tomcat service.

    Related articles
    OSSpediaCase Studies
    DevOps 16 May 2024 Mastering CI/CD with Jenkins: Unleashing the Power of Automation and Seamless Integration Developer Tools JEN