This describes how to make Tomcat to force all traffic to be over https.
1. On the Tomcat node edit the web.xml file and add the following in the <web-app *> section.
<security-constraint> <web-resource-collection> <web-resource-name>Protected Context</web-resource-name> <url-pattern>/*</url-pattern> </web-resource-collection> <!-- auth-constraint goes here if you require authentication --> <user-data-constraint> <transport-guarantee>CONFIDENTIAL</transport-guarantee> </user-data-constraint> </security-constraint>
With this, Tomcat will attempt to redirect any http request to the context to the https Connector, and will never serve it under http.
2. Make Tomcat Understand X-Forwarded-Proto by adding the following text in the Tomcat server.xml <Engine> section. You only need to change this if you are using the shared Jelastic SSL certificate or if you are using a load balancer.
<Valve className="org.apache.catalina.valves.RemoteIpValve" remoteIpHeader="x-forwarded-for" protocolHeader="x-forwarded-proto" protocolHeaderHttpsValue="https" />
3. Adjust the redirectPort in the connector: it should redirect users to 443 (not 8443 - 8443 is the internal port Tomcat listens on, but the Jelastic resolver pushes traffic to 443 and it's translated onto the correct Tomcat port for you automatically: so 443 is the correct port for HTTPS user requests to use).
Edit the server.xml file and change the connector redirect to port 443 if required.
<Connector port="8080" protocol="HTTP/1.1" connectionTimeout="20000" redirectPort="443" />
4. Restart the Tomcat node and it is done.