Bad request this combination of host and port requires tls. nginx

I had this issue when working on a Java Project in Debian 10 with Tomcat as the application server.

Table of Contents Show

How do I fix bad request this combination of host and port requires TLS?
What does requires TLS mean?
How does TLS encryption work?

The issue was that the application already had https defined as it's default protocol while I was using http to call the application in the browser.

I however tried using the https protocol in the browser but it didn't connect throwing the error:

Secure Connection Failed

An error occurred during a connection to 34.72.188.50:8009. SSL received a record that exceeded the maximum permissible length.

Error code: SSL_ERROR_RX_RECORD_TOO_LONG

The page you are trying to view cannot be shown because the authenticity of the received data could not be verified. Please contact the website owners to inform them of this problem.

Here's how I solved it:

I first had to create a keystore file for the application, more like a self-signed certificate for the https protocol:

sudo keytool -genkey -keyalg RSA -alias tomcat -keystore /usr/share/tomcat.keystore

Note: You need to have Java installed on the server to be able to do this. Java can be installed using sudo apt install default-jdk.

Next, I added a https Tomcat server connector for the application in the Tomcat server configuration file (/opt/tomcat/conf/server.xml):

sudo nano /opt/tomcat/conf/server.xml

Add the following to the configuration of the application. Notice that the keystore file location and password are specified. Also a port for the https protocol is defined, which is different from the port for the http protocol:

<Connector protocol="org.apache.coyote.http11.Http11Protocol"
           port="8443" maxThreads="200" scheme="https"
           secure="true" SSLEnabled="true"
           keystoreFile="/usr/share/tomcat.keystore"
           keystorePass="my-password"
           clientAuth="false" sslProtocol="TLS"
           URIEncoding="UTF-8"
           compression="force"
           compressableMimeType="text/html,text/xml,text/plain,text/javascript,text/css"/>

So the full server configuration for the application looked liked this in the Tomcat server configuration file (/opt/tomcat/conf/server.xml):

<Service name="my-application">
  <Connector protocol="org.apache.coyote.http11.Http11Protocol"
             port="8443" maxThreads="200" scheme="https"
             secure="true" SSLEnabled="true"
             keystoreFile="/usr/share/tomcat.keystore"
             keystorePass="my-password"
             clientAuth="false" sslProtocol="TLS"
             URIEncoding="UTF-8"
             compression="force"
             compressableMimeType="text/html,text/xml,text/plain,text/javascript,text/css"/>

  <Connector port="8009" protocol="HTTP/1.1"
             connectionTimeout="20000"
             redirectPort="8443" />

  <Engine name="my-application" defaultHost="localhost">
     <Realm className="org.apache.catalina.realm.LockOutRealm">
        <Realm className="org.apache.catalina.realm.UserDatabaseRealm"
             resourceName="UserDatabase"/>
    </Realm>

    <Host name="localhost"  appBase="webapps"
          unpackWARs="true" autoDeploy="true">

        <Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"
             prefix="localhost_access_log" suffix=".txt"
             pattern="%h %l %u %t &quot;%r&quot; %s %b" />

    </Host>
  </Engine>
</Service>

This time when I tried accessing the application from the browser using:

https://my-server-ip-address:https-port

In my case it was:

https:35.123.45.6:8443

it worked fine. Although, I had to accept a warning which added a security exception for the website, since the certificate used is a self-signed one.

That's all.

I hope this helps

After deploying the docker container, going to http://ipaddressofdockerserver:8443/ gives an error Bad Request This combination of host and port requires TLS. Logs are

gaps           | 2019-10-21 19:46:57.138  INFO 1 --- [           main] com.jasonhhouse.Gaps.GapsApplication     : Starting GapsApplication v0.0.4 on zoe02 with PID 1 (/usr/src/app/Gaps-0.0.4.jar started by root in /usr/src/app)
gaps           | 2019-10-21 19:46:57.142  INFO 1 --- [           main] com.jasonhhouse.Gaps.GapsApplication     : No active profile set, falling back to default profiles: default
gaps           | 2019-10-21 19:46:57.411  WARN 1 --- [kground-preinit] o.s.h.c.j.Jackson2ObjectMapperBuilder    : For Jackson Kotlin classes support please add "com.fasterxml.jackson.module:jackson-module-kotlin" to the classpath
gaps           | 2019-10-21 19:46:59.360  INFO 1 --- [           main] o.s.b.w.embedded.tomcat.TomcatWebServer  : Tomcat initialized with port(s): 8443 (https)
gaps           | 2019-10-21 19:46:59.431  INFO 1 --- [           main] o.apache.catalina.core.StandardService   : Starting service [Tomcat]
gaps           | 2019-10-21 19:46:59.432  INFO 1 --- [           main] org.apache.catalina.core.StandardEngine  : Starting Servlet engine: [Apache Tomcat/9.0.24]
gaps           | 2019-10-21 19:46:59.561  INFO 1 --- [           main] o.a.c.c.C.[Tomcat].[localhost].[/]       : Initializing Spring embedded WebApplicationContext
gaps           | 2019-10-21 19:46:59.561  INFO 1 --- [           main] o.s.web.context.ContextLoader            : Root WebApplicationContext: initialization completed in 2306 ms
gaps           | 2019-10-21 19:47:00.361  INFO 1 --- [           main] o.s.s.concurrent.ThreadPoolTaskExecutor  : Initializing ExecutorService 'clientInboundChannelExecutor'
gaps           | 2019-10-21 19:47:00.368  INFO 1 --- [           main] o.s.s.concurrent.ThreadPoolTaskExecutor  : Initializing ExecutorService 'clientOutboundChannelExecutor'
gaps           | 2019-10-21 19:47:00.407  INFO 1 --- [           main] o.s.s.c.ThreadPoolTaskScheduler          : Initializing ExecutorService 'messageBrokerTaskScheduler'
gaps           | 2019-10-21 19:47:00.469  INFO 1 --- [           main] o.s.s.concurrent.ThreadPoolTaskExecutor  : Initializing ExecutorService 'brokerChannelExecutor'
gaps           | 2019-10-21 19:47:00.674  INFO 1 --- [           main] o.s.s.concurrent.ThreadPoolTaskExecutor  : Initializing ExecutorService
gaps           | 2019-10-21 19:47:00.674  INFO 1 --- [           main] o.s.s.concurrent.ThreadPoolTaskExecutor  : Initializing ExecutorService 'taskExecutor'
gaps           | 2019-10-21 19:47:00.952  INFO 1 --- [           main] o.s.b.a.w.s.WelcomePageHandlerMapping    : Adding welcome page: class path resource [static/index.html]
gaps           | 2019-10-21 19:47:01.185  WARN 1 --- [           main] ion$DefaultTemplateResolverConfiguration : Cannot find template location: classpath:/templates/ (please add some templates or check your Thymeleaf configuration)
gaps           | 2019-10-21 19:47:01.436  INFO 1 --- [           main] o.s.m.s.b.SimpleBrokerMessageHandler     : Starting...
gaps           | 2019-10-21 19:47:01.436  INFO 1 --- [           main] o.s.m.s.b.SimpleBrokerMessageHandler     : BrokerAvailabilityEvent[available=true, SimpleBrokerMessageHandler [DefaultSubscriptionRegistry[cache[0 destination(s)], registry[0 sessions]]]]
gaps           | 2019-10-21 19:47:01.437  INFO 1 --- [           main] o.s.m.s.b.SimpleBrokerMessageHandler     : Started.
gaps           | 2019-10-21 19:47:02.306  INFO 1 --- [           main] o.s.b.w.embedded.tomcat.TomcatWebServer  : Tomcat started on port(s): 8443 (https) with context path ''
gaps           | 2019-10-21 19:47:02.320  INFO 1 --- [           main] com.jasonhhouse.Gaps.GapsApplication     : Started GapsApplication in 6.389 seconds (JVM running for 7.087)
gaps           | 2019-10-21 19:47:15.485 ERROR 1 --- [nio-8443-exec-1] o.a.coyote.http11.Http11NioProtocol      : Error reading request, ignored
gaps           | 
gaps           | java.lang.NullPointerException: null
gaps           |        at org.apache.tomcat.util.net.NioEndpoint$NioSocketWrapper.getSslSupport(NioEndpoint.java:1392) ~[tomcat-embed-core-9.0.24.jar!/:9.0.24]
gaps           |        at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:853) ~[tomcat-embed-core-9.0.24.jar!/:9.0.24]
gaps           |        at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1593) ~[tomcat-embed-core-9.0.24.jar!/:9.0.24]
gaps           |        at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) ~[tomcat-embed-core-9.0.24.jar!/:9.0.24]
gaps           |        at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128) ~[na:na]
gaps           |        at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628) ~[na:na]
gaps           |        at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) ~[tomcat-embed-core-9.0.24.jar!/:9.0.24]
gaps           |        at java.base/java.lang.Thread.run(Thread.java:834) ~[na:na]
gaps           | 
gaps           | 2019-10-21 19:47:15.487 ERROR 1 --- [nio-8443-exec-1] org.apache.tomcat.util.net.NioEndpoint   : Error running socket processor

How do I fix bad request this combination of host and port requires TLS?

We can fix this by either of below listed solutions..

Use HTTPS instead of HTTP..

Disable TLS encryption from POSTMAN setting and use HTTP..

Check application properties server.ssl.enabled= true- HTTPS , false-HTTP..

Add correct authorization credential like username and password in POSTMAN enter image description here..

What does requires TLS mean?

Transport Layer Security (TLS) is a security protocol that encrypts email for privacy. TLS prevents unauthorized access of your email when it's in transit over internet connections.

How does TLS encryption work?

SSL/TLS uses both asymmetric and symmetric encryption to protect the confidentiality and integrity of data-in-transit. Asymmetric encryption is used to establish a secure session between a client and a server, and symmetric encryption is used to exchange data within the secured session.