We used cookies to ensure that we give you the best experience on our website. If you continue to use this site we will assume that you are happy with it. What For?

« Back to Blogs

Use secure channel(https) after login in liferay portal

If you want to configure liferay portal in a way that the credentials supplied (especially during the login process) are always encrypted (by using HTTPS) but still it is possible to browse the public content by HTTP for guest users.


Goal of this blog is to provide following functionalities :

  • Liferay portal runs on both HTTP and HTTPs protocol

  • Guest user can access liferay portal on HTTP protocol

  • As soon as user tries to login, he/she immediately redirected to HTTPs url.

  • After login, user access the portal on HTTPs protocol so that data being encrypted on further process

  • After logout, user access liferay portal on HTTP protocol

We can achieve above functionalities by putting a few properties in portal-ext.properties file and configuring virtual host in apache web server.

In our example, lets assume we will access our site with www.example.com

Step-1 : Add Properties
Add following properties in portal-ext.properties :


# Set this For Front ending Apache with Liferay




# Added SSL




default.logout.page.path = http://www.example.com


Restart the server.

Step-2 : Generate Certificate and key

Now you need to generate SSL certificate, key and add certificate to JVM of your system.

Please refer following blog for above. Make sure you generate key and certificate under directory ‘ /etc/apache2/ssl/’.


Step-3 : Apache configuration
First enable following modes :

sudo a2enmod ssl

sudo a2enmod proxy_http

sudo a2enmod proxy_ajp

sudo a2enmod headers


Now configure apache virtual host as following :


<VirtualHost *:80>


   ServerName www.example.com

   ServerAdmin [email protected]

   ServerAlias www.example.com


   LogLevel warn

   ErrorLog /var/log/apache2/example.error.log

   CustomLog /var/log/apache2/example.access.log combined


   <Proxy *>

       AddDefaultCharset Off

       Order deny,allow

       Allow from all



   ProxyPass / ajp://localhost:8009/

   ProxyPassReverse / ajp://localhost:8009/




<VirtualHost *:443>


   ServerName www.example.com

   ServerAdmin [email protected]

   ServerAlias www.example.com


   Header set Access-Control-Allow-Origin "*"


   LogLevel warn

   ErrorLog /var/log/apache2/example.ssl.error.log

   CustomLog /var/log/apache2/example.ssl.access.log combined


   SSLEngine on

   SSLProxyEngine on

   SSLCertificateFile   /etc/apache2/ssl/example.crt

   SSLCertificateKeyFile /etc/apache2/ssl/example.key


   ProxyRequests On

   ProxyVia On

   ProxyPreserveHost On


   ProxyPass / ajp://localhost:8009/

   ProxyPassReverse / ajp://localhost:8009/



Now you should be able to view the portal on https://www.example.com and on http://www.example.com but if you try to login on a http URL you will be immediately redirected to the https://www.example.com and stay there for the whole session.

For more implementation details or support you may contact us at [email protected].

contact-us Request a callback WhatsApp