Xwiki on windows - configure HTTPS

Help / Discuss
#1

Hi everyone,

I have an installation on windows 2012 server and I would like to configure HTTPS. Can I force request http to https?

In the documentation, I see only this concerning https :
By default the protocol to use to generate external URLs (https, http) is extracted from request to XWiki so most of the time you don’t have anything to do if you properly configured your proxy but it’s possible to force a specific protocol using xwiki.url.protocol property in xwiki.cfg .

My wiki responds only in http. When I try to visit https://localhost, it doesn’t work…

#2

Nobody?

#3

Configure https in your servlet container (e.g., Tomcat).

How you do that depends on which servlet container you are using.

#4

If you have XWiki running inside Tomcat then you need to add a SSL certificate and fiddle with the configuration in the conf\server.xml file. This is explained in the tomcat documentation, i.e. here:

https://tomcat.apache.org/tomcat-8.5-doc/ssl-howto.html

It might be easier to add a second server like Apache or Nginx to handle the https part (and also to redirect all http-requests to https). In case of Nginx this is documented here:

https://www.xwiki.org/xwiki/bin/view/Documentation/AdminGuide/Installation/InstallationWAR/InstallationTomcat/#Hhttps28secure29

(though the documentation is somewhat Unix-oriented). I have been able to get Apache set up with https under Windows successfully some time ago, but I need to dig out my notes about that.

In that case it might be easier to get a SSL certificate via “LetsEncrypt” as for these servers ready-to-use scripts exist to assist with fetching the certificate. However this only works if your server is connected to the internet and has a valid name. For installations on “localhost” you will need to use “Dummy”-certificates. (How to create such a SSL-Certificate via the commandline is explained in the above tomcat documentation.)

#5

If you’re using tomcat see https://www.xwiki.org/xwiki/bin/view/Documentation/AdminGuide/Installation/InstallationWAR/InstallationTomcat/#HConfiguringtomcatforhttps

#6

A bit late, but maybe for others: To really force HTTP to HTTPS you have to add the following lines to the web.xml of XWiki (worked for tomcat on Windows 10)

  <security-constraint>
    <web-resource-collection>
      <web-resource-name>Secured</web-resource-name>
      <url-pattern>/*</url-pattern>
    </web-resource-collection>
    <user-data-constraint>
      <transport-guarantee>CONFIDENTIAL</transport-guarantee>
    </user-data-constraint>
  </security-constraint>