Redirect http to https
Is there a way within the Mango web server configuration to redirect http connections (say on port 8080) to https on 8443? Just curious if Mango can do the redirects instead of modifying the firewall.
phildunlap last edited by phildunlap
Currently the answer seems to be no. While browsers will almost assuredly be redirected to HTTPS, it is possible for REST requests to still be sent over HTTP (I tested using token auth). You have started a discussion on the topic though!
Indeed doing the redirect at the proxy / firewall will be more complete for the moment.
Jared Wiltshire last edited by
@iperry It actually is possible, you just need to enable HSTS in the env.properties -
# Configure HSTS (HTTP Strict Transport Security) # Enabled by default when ssl.on=true # Sets the Strict-Transport-Security header, web browsers will always connect using HTTPS when they # see this header and they will cache the result for max-age seconds ssl.hsts.enabled=true ssl.hsts.maxAge=31536000 ssl.hsts.includeSubDomains=false
This will only affect browsers, as @Puckfist says HTTP is actually still enabled and you can make REST requests over HTTP using a script for example.
Just bear in mind that the browser will remember the HSTS setting and refuse to connect to HTTP for the specified amount of time after you configure this.