Movatterモバイル変換

[0]ホーム
URL:

BloomreachBloomreach
Hippo CMS

Bloomreach Documentation version

Bloomreach.com

Site HTTPS troubleshooting

Before we introduced seamless http/https support, the HST used to be scheme agnostic: It did not matter whether a request was overhttp orhttps. The HST would just serve the response regardless its scheme. All fully qualified created links by default where overhttp. Typically in front of the HST there was something like ahttpsfilter that did a client side redirect fromhttp tohttps or vice versa.

Since the introduction of seamless http/https support, the HST does a check of the visitor request scheme against the scheme on the host/mount/sitemapitem that was matched for the request. If the schemes are not inline, the HST by default does a client side redirect to the correct scheme. Since the default scheme ishttp, you need to adjust some HST configuration if you want to have custom valves / hst components redirecting to https, use thehttpsfilter, or if you want to run the container (ie tomcat) with SSL support.

Custom https redirecting code

If you have custom java code (for example aHstComponent class) that (conditionally) redirectshttp tohttps, and or vice/versa you might have to set the hst configuration to

hst:schemeagnostic: true

You can do this on host, mount or sitemapitem level. Setting the HST to be scheme agnostic results in the HST pre7.8.x behavior.

If however, you prefer to have theseamless https support from the HST, and have your own custom redirects, possibly through acustom https support valve, you should not set the HST to behave scheme agnostic. In this case, the best solution is to configure on a hst:virtualhost node the following property:

hst:customhttpssupport: true

The above property results in the following behavior:

If a request is done overhttps and it hit the HST web application, it gets renderedregardless whether the matched mount or sitemapitem indicates the request should be served overhttp.

The property is mainly there to avoid browser redirect loops, as some custom java class might indicate the request must be overhttps, while the matched sitemapitem indicates it must be overhttp. Withhst:customhttpssupport set totrue, the request will be served overhttps.

SSL support on container (ie tomcat) level

Note: in general we recommend https offloading to a reverse proxy, eg httpd, instead of configuring the container for SSL support. In case of SSL offloading, make sure to set the X-Forwarded-Proto header by the proxy that does the offloading, see configure apache http server as reverse proxy for hippo.

After you configured the container for SSL support, for example see https://tomcat.apache.org/tomcat-9.0-doc/ssl-howto.html, you need to configure in the hst configuration thathttps requests only are allowed. This can be done in two ways:

  1. Set the default scheme for all hosts tohttps. This can be done by settinghst:scheme = https for/hst:hst/hst:hosts.
  2. Set on all the roothst:virtualhost nodes the propertyhst:schemeagnostic = true.
Did you find this page helpful?
How could this documentation serve you better?
Cheers!
On this page
    Did you find this page helpful?
    How could this documentation serve you better?
    Cheers!
    [8]ページ先頭
    ©2009-2025 Movatter.jp