How to perform HTTP to HTTPS redirection in TIBCO Spotfire Server

Products	Versions
Spotfire Server	7.5, 7.6, 7.8 and higher

Description

The rewrite module in Tomcat 8 can be used to redirect all clients requesting http://spotfireserver/ to https://spotfireserver/.

Note: This does not work on Spotfire Server 7.7.0 (which uses Tomcat 8.0.37), but works on earlier and later releases (7.6 uses Tomcat 8.0.33, 7.8 uses Tomcat 8.0.39).

Issue/Introduction

How to perform HTTP to HTTPS redirection in TIBCO Spotfire Server versions 7.5 and higher.

Resolution

You need to have configured HTTPS before starting. See Configuring HTTPS. This article assumes you are using the default ports 80 (HTTP) and 443 (HTTPS). If you are using other port numbers, you need to adjust the values in the examples below.

Step 1. server.xml

Both HTTP and HTTPS connectors should be enabled in <installation dir>/tomcat/conf/server.xml:

<Connector port="80"
               maxHttpHeaderSize="16384"
               connectionTimeout="30000"
               enableLookups="false"
               URIEncoding="UTF-8"
               disableUploadTimeout="true"
               server="TIBCO Spotfire Server"
               compression="on"
               ...
               />
    <Connector port="443"
               maxHttpHeaderSize="16384"
               connectionTimeout="30000"
               enableLookups="false"
               URIEncoding="UTF-8"
               disableUploadTimeout="true"
               server="TIBCO Spotfire Server"
               ...
               sslProtocol="TLS"
               sslEnabledProtocols="TLSv1.2,TLSv1.1,TLSv1"
               useServerCipherSuitesOrder="true" />

Step 2. context.xml

In <installation dir>/tomcat/conf/context.xml add <Valve className="org.apache.catalina.valves.rewrite.RewriteValve" /> before </Context>.

<Valve className="org.apache.catalina.valves.rewrite.RewriteValve" /> </Context>

Step 3. rewrite.config

Create rewrite.config and place it in <installation dir>/tomcat/webapps/ROOT/WEB-INF/.

The content of this file should be:

RewriteCond %{SERVER_PORT} =80
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R,NE,L]

IMPORTANT NOTE:
If you want to redirect http://<tss url>/spotfire:

Copy above "rewrite.config" file also in "<tss installation dir>/tomcat\webapps\spotfire\WEB-INF " this folder. If "rewrite.config" file already exists, add above rules to the existing file and save it.

Step 4. Restart Tomcat

Restart the Spotfire server so the changes take effect.

Additional Information

Doc: Configuring HTTPS:

https://docs.tibco.com/pub/spotfire_server/latest/doc/html/TIB_sfire_server_tsas_admin_help/server/topics/configuring_https.html

Doc: HTTP Strict - Transport - Security (HSTS)

https://docs.tibco.com/pub/spotfire_server/latest/doc/html/TIB_sfire_server_tsas_admin_help/server/topics/http_strict-transport-security_(hsts).html

Welcome to "KB Articles"