Redirecting HTTP to HTTPS traffic on SF 10.10

[Peter Beentje]

We have a Spotfire server running 10.10 and would like to increase our security.

Our server is currently available on both http and https. We followed the instructions at the Tibco KB:How to perform HTTP to HTTPS redirection in TIBCO Spotfire Server.

This is successful and redirects our http://spotfireserver/ to https://spotfireserver/

However - it only redirects the root URL.

So visitinghttp://spotfireserver/spotfire/login.htmltargetUrl=%2Fspotfire%2F#/ (the default landing page after loading) does NOT redirect tohttps://spotfireserver/spotfire/login.htmltargetUrl=%2Fspotfire%2F#/

 

How do we ensure that all visits to http://spotfireserver/* are redirected to port 443

We have tried the tomcat-based solution listed atRedirecting HTTP to HTTPS traffic on SF 7.5 | TIBCO Community(Sean Riley's second answer) but that gives the same result: the base URL is redirected to https and other URLs are not redirected.

[David Boot-Olazabal]

Hi pbeentje,

 

Isn't it an option to only use https You then only need to comment out the http block in the server.xml.

 

If you need both, I would advise to create a support ticket.

 

Kind regards,

 

David Boot-Olazabal

[Peter Beentje]

Answered with thanks to PerkinElmer:

How do I enable TLS connections on the Spotfire server PerkinElmer

In short, the original instruction was almost correct, but the RewriteRule was created for Tomcat 8 while Spotfire 10 uses Tomcat 9.

Original suggestion for Tomcat 8:

RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R,NE,L]

The corrected RewriteRule we needed was:

RewriteRule ^/(.*) https://spotfireserver/$1 [R,L]

this is barely different from the suggested string in the PerkinElmer article, only needing an added/ before the $1.

the [NE] tomcat flag prevents the rewrite valve from applyingURI escaping rules; this is not relevant to our particular situation so could be left out without issues.