Hi All
what would be the simplest way to redirect all http to https using the
docker version ?
thanks
--
Sebastian E. Ovide
Hello,
On Tue, Jan 7, 2020 at 10:14 AM Sebastian E. Ovide <
sebastian.ovide@anonymised.com> wrote:
Hi All
what would be the simplest way to redirect all http to https using the
docker version ?
Some options:
* Mount a custom Tomcat's server.xml file at
/usr/lib/tomcat/conf/server.xml enabling
the port 8443 connector and mount also a folder with the certificates so it
is available inside the container. For HTTP Connector, set the redirect
port to the HTTPS connector port (redirectPort="8443")
* Extend the image (FROM geonetwork:3.8.2), add a custom server.xml file
with a connector with SSLEnabled="true" and a redirection from HTTP
connector port to HTTPS port.
* Use docker-compose to create a composition with a GeoNetwork container
and an Apache2 or NGINX container acting as a proxy with HTTPs configured.
--
*Vriendelijke groeten / Kind regards,Juan Luis Rodríguez.
<http://www.geocat.net/>Veenderweg 136721 WD BennekomThe NetherlandsT: +31
(0)318 416664 <+31318416664>Please consider the environment before printing
this email.*
Thanks Juan
We are deploying GN docker in GCP google app engine. After some research,
what google proposes is to change a header (
https://cloud.google.com/appengine/docs/flexible/php/how-requests-are-handled#forcing_https_connections)
to instruct the browser to prefer https over http.
What would be the simpler way to inject that header ? (without installing
other software)
thanks again
On Tue, 7 Jan 2020 at 09:36, Juan Luis Rodríguez Ponce <
juanluisrp@anonymised.com> wrote:
Hello,
On Tue, Jan 7, 2020 at 10:14 AM Sebastian E. Ovide <
sebastian.ovide@anonymised.com> wrote:Hi All
what would be the simplest way to redirect all http to https using the
docker version ?Some options:
* Mount a custom Tomcat's server.xml file at
/usr/lib/tomcat/conf/server.xml enabling the port 8443 connector and
mount also a folder with the certificates so it is available inside the
container. For HTTP Connector, set the redirect port to the HTTPS
connector port (redirectPort="8443")
* Extend the image (FROM geonetwork:3.8.2), add a custom server.xml file
with a connector with SSLEnabled="true" and a redirection from HTTP
connector port to HTTPS port.
* Use docker-compose to create a composition with a GeoNetwork container
and an Apache2 or NGINX container acting as a proxy with HTTPs configured.--
*Vriendelijke groeten / Kind regards,Juan Luis Rodríguez.
<http://www.geocat.net/>Veenderweg 136721 WD BennekomThe NetherlandsT: +31
(0)318 416664 <+31318416664>Please consider the environment before printing
this email.*
--
Sebastian E. Ovide
[image: https://www.linkedin.com/in/ovide\]
<https://www.linkedin.com/in/ovide>
On Tue, Jan 7, 2020 at 3:32 PM Sebastian E. Ovide <sebastian.ovide@anonymised.com>
wrote:
Thanks Juan
We are deploying GN docker in GCP google app engine. After some research,
what google proposes is to change a header (
https://cloud.google.com/appengine/docs/flexible/php/how-requests-are-handled#forcing_https_connections)
to instruct the browser to prefer https over http.What would be the simpler way to inject that header ? (without installing
other software)
You could extend GN official image and overwrite the file
/usr/local/tomcat/conf/web.xml with a custom configuration when the filter
httpHeaderSecurity is uncommented and configured with hstsEnable,
hstsMaxAgeSeconds and hstsIncludeSubDomains. You can use [1] as base. Check
example at [2].
[1] https://github.com/apache/tomcat/blob/8.5.x/conf/web.xml#L456-L494
[2] https://stackoverflow.com/a/36107139/1140558
<https://stackoverflow.com/a/36107139/1140558>
--
*Vriendelijke groeten / Kind regards,Juan Luis Rodríguez.
<http://www.geocat.net/>Veenderweg 136721 WD BennekomThe NetherlandsT: +31
(0)318 416664 <+31318416664>Please consider the environment before printing
this email.*