-
I've recently implemented TLS into my helidon SE webserver and it works fine. The issue is that if I don't specify https in the url, the server will return an empty response. I'd like/expect the server to return a 301 redirect to force HTTPS. I would've figured this would have been a server configuration property or a routing condition but I have not been able to find anyone else encountering this issue. Any help is much appreciated! |
Beta Was this translation helpful? Give feedback.
Answered by
danielkec
Mar 7, 2023
Replies: 1 comment
-
Hi sorry for the late response, how about this?: int tlsPort = 4443;
int plainPort = 8080;
WebServer.builder()
.port(tlsPort)
.defaultSocket(s -> s
.tls(WebServerTls.builder()
.privateKey(KeyConfig.keystoreBuilder()
.keystore(Resource.create("ssl/certificate.p12"))
.keystorePassphrase("helidon".toCharArray())
.build())
.build()))
.routing(r -> r.get("/test", (req, res) -> res.send("Secured!")))
.socket("plain-redirect", (socket, router) -> {
socket.port(plainPort);
router.addRouting(() -> Routing.builder()
.any((req, res) -> res
.addHeader("Location", securedUrl(req.requestedUri(), tlsPort))
.status(Http.Status.MOVED_PERMANENTLY_301)
.send())
.build()
);
}
)
.build()
.start();
}
static String securedUrl(UriInfo uriInfo, int port) {
try {
return new URI("https",
null,
uriInfo.host(),
port,
uriInfo.path(),
uriInfo.query().orElse(null),
null).toASCIIString();
} catch (URISyntaxException e) {
throw new RuntimeException(e);
}
} curl -v -k -L localhost:8080/test
* Trying 127.0.0.1:8080...
* Connected to localhost (127.0.0.1) port 8080 (#0)
> GET /test HTTP/1.1
> Host: localhost:8080
> User-Agent: curl/7.85.0
> Accept: */*
>
* Mark bundle as not supporting multiuse
< HTTP/1.1 301 Moved Permanently
< Date: Tue, 7 Mar 2023 14:08:27 +0100
< Location: https://localhost:4443/test
< transfer-encoding: chunked
< connection: keep-alive
<
* Ignoring the response-body
* Connection #0 to host localhost left intact
* Clear auth, redirects to port from 8080 to 4443
* Issue another request to this URL: 'https://localhost:4443/test'
* Trying 127.0.0.1:4443...
* Connected to localhost (127.0.0.1) port 4443 (#1)
* ALPN: offers h2
* ALPN: offers http/1.1
* TLSv1.0 (OUT), TLS header, Certificate Status (22):
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS header, Certificate Status (22):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS header, Finished (20):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.2 (OUT), TLS header, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_128_GCM_SHA256
* ALPN: server accepted http/1.1
* Server certificate:
* subject: C=US; ST=California; L=Santa Clara; O=Oracle; OU=Helidon; CN=helidon-webserver-netty-test; emailAddress=info@helidon.io
* start date: Jul 3 01:38:57 2018 GMT
* expire date: Apr 16 01:38:57 2292 GMT
* issuer: C=US; ST=California; L=Santa Clara; O=Oracle; OU=Helidon; CN=helidon-webserver-netty-test; emailAddress=info@helidon.io
* SSL certificate verify result: self-signed certificate (18), continuing anyway.
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
> GET /test HTTP/1.1
> Host: localhost:4443
> User-Agent: curl/7.85.0
> Accept: */*
>
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* Mark bundle as not supporting multiuse
< HTTP/1.1 200 OK
< Content-Type: text/plain
< Date: Tue, 7 Mar 2023 14:08:28 +0100
< connection: keep-alive
< content-length: 8
<
* Connection #1 to host localhost left intact
Secured! |
Beta Was this translation helpful? Give feedback.
0 replies
Answer selected by
romain-grecourt
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hi sorry for the late response, how about this?: