Return-Path: X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183]) by cust-asf2.ponee.io (Postfix) with ESMTP id 1BE55200B4C for ; Fri, 22 Jul 2016 14:51:18 +0200 (CEST) Received: by cust-asf.ponee.io (Postfix) id 1A81C160A77; Fri, 22 Jul 2016 12:51:18 +0000 (UTC) Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by cust-asf.ponee.io (Postfix) with SMTP id 3CAF6160A5A for ; Fri, 22 Jul 2016 14:51:17 +0200 (CEST) Received: (qmail 6172 invoked by uid 500); 22 Jul 2016 12:51:16 -0000 Mailing-List: contact users-help@tapestry.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "Tapestry users" Delivered-To: mailing list users@tapestry.apache.org Received: (qmail 6154 invoked by uid 99); 22 Jul 2016 12:51:15 -0000 Received: from pnap-us-west-generic-nat.apache.org (HELO spamd1-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 22 Jul 2016 12:51:15 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd1-us-west.apache.org (ASF Mail Server at spamd1-us-west.apache.org) with ESMTP id 8AD9FCA0E9 for ; Fri, 22 Jul 2016 12:51:15 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd1-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: 3.179 X-Spam-Level: *** X-Spam-Status: No, score=3.179 tagged_above=-999 required=6.31 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=2, KAM_BADIPHTTP=2, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=disabled Authentication-Results: spamd1-us-west.apache.org (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mx2-lw-eu.apache.org ([10.40.0.8]) by localhost (spamd1-us-west.apache.org [10.40.0.7]) (amavisd-new, port 10024) with ESMTP id 9i6RnpoCGXYO for ; Fri, 22 Jul 2016 12:51:13 +0000 (UTC) Received: from mail-qk0-f181.google.com (mail-qk0-f181.google.com [209.85.220.181]) by mx2-lw-eu.apache.org (ASF Mail Server at mx2-lw-eu.apache.org) with ESMTPS id 6C2BC5FE5F for ; Fri, 22 Jul 2016 12:51:12 +0000 (UTC) Received: by mail-qk0-f181.google.com with SMTP id s63so100166535qkb.2 for ; Fri, 22 Jul 2016 05:51:12 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to; bh=bsRS6ZEOKbgohSh+XuGwCVMP4NM+7Cpp40g4E8fE2Qo=; b=dvaFbkNmqeqpZbU0lVuiqXlFBxWU4AtLOu0BCpH/qGXhhL/ooEIDnhPBF1RKzrwbJS neR7FO6A8IfLC4+t7ZBc20eQfyBy26VoBsxf/OPpNrdeJTU6fHtP+rsuI25g00F5I0kY ZV26ZyfcpWXG0duteKbRvgJkgGV/2JtkqrHd93AgOHqRoDiLZrrPRj2dxzr8B4nazw+a JtGto/RLKlF9L6arc01+/hxh2ZAliuAOTykXCcgHzCWLiSAeQuaITkL837WgNePicgoh qNIC9nxaFdCoYsfEOlnhDXfi1zImQwTysyzMpNcxNX85y/LhWVafAeOq9rPOaUbP7kuE hGBA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to; bh=bsRS6ZEOKbgohSh+XuGwCVMP4NM+7Cpp40g4E8fE2Qo=; b=TrtEs3tfXhjbtqQkNq9EnN5jsi7Ly3GySUd5Smsqs6duZIpnkg25wiZ62ie7hswseN OZ59wf5mHhCG5b/b2hoBO0Qp/qgO5Mh0fTU884ZvIEOGDtYXLz+KbWDj8Axevr7dwKmk xwYjC7RZA/HYKmCdUYUl7UBHfi9UYStVYCAhGZDiB/fQ3+6iwQgI6Br12t4PEAkNAHCi t/p1HuhP2ck0MPzPFDXwz8DCAKH9eGiF+DzaM3dJ3VdORccvKka+fmFt1fhrT80veEQu wbQPAsURRVmoweZY25DJGa3fm1CbX7aflga+1mOEhTKalgGf7MOZ3Kr5S/hooBzZdtIN cB0Q== X-Gm-Message-State: AEkooutcyM/u1SyzhTiLh/qL+vTTnmjvNYqp05Zj7CnUxV130tcIGsneLRs4KuC8PRBztytOOiDg22cAkNnSkw== X-Received: by 10.55.68.81 with SMTP id r78mr4533540qka.129.1469191871451; Fri, 22 Jul 2016 05:51:11 -0700 (PDT) MIME-Version: 1.0 Received: by 10.55.72.215 with HTTP; Fri, 22 Jul 2016 05:50:32 -0700 (PDT) In-Reply-To: References: From: Dimitris Zenios Date: Fri, 22 Jul 2016 15:50:32 +0300 Message-ID: Subject: Re: TLS termination proxy and Tapestry To: Tapestry users Content-Type: multipart/alternative; boundary=001a11489f349ad942053838e3f5 archived-at: Fri, 22 Jul 2016 12:51:18 -0000 --001a11489f349ad942053838e3f5 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable This is a snippet of nginx configuration that proxies the request to jetty on port 8080.Via this configuration i am able to have ssl and non ssl versions of the tapestry application.If i want to enforce only ssl version of tapestry i enforce it via nginx.Hope that was helpful location / { proxy_set_header X-Forwarded-Host $host; proxy_set_header X-Forwarded-Server $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_pass http://127.0.0.1:8080; } On Fri, Jul 22, 2016 at 3:31 PM, Svein-Erik L=C3=B8ken w= rote: > With my configuration with -Dtapestry.secure-enabled=3Dtrue the private > String org.apache.tapestry5.internal.services. > LinkImpl::buildURI(LinkSecurity security) return the absolute URI. > > Using: > > public void contributeMetaDataLocator(MappedConfiguration String> configuration) { > configuration.add(MetaDataConstants.SECURE_PAGE, "true"); > } > With -Dtapestry.secure-enabled=3Dtrue also works. > > Still need to set X-Forwarded-Proto=3D"https" to have request.isSecure() > return true. > > Which one is the preferred method? > > S-E > > > > From: JumpStart [via Apache Tapestry Mailing List Archives] [mailto: > ml-node+s1045711n5732786h47@n5.nabble.com] > Sent: 22. juli 2016 13:24 > To: Svein-Erik L=C3=B8ken > Subject: Re: TLS termination proxy and Tapestry > > When you say you are avoiding absolute URLs, where have you noticed this? > I can=E2=80=99t recall this being a problem. > > Now, I=E2=80=99m no expert on this kind of configuration, and its a while= since I > set this all up, so forgive me if I have my wires crossed. Also, our site= =E2=80=99s > load is small so far but growing so all of this will be up for review soo= n. > > In production we run pure HTTPS. We force all HTTP traffic to HTTPS by > setting this in AppModule: > > public void contributeMetaDataLocator(MappedConfiguration String> configuration) { > configuration.add(MetaDataConstants.SECURE_PAGE, "true"); > } > > We=E2=80=99re using mod_proxy and mod_ssl in Apache, no HAProxy. So Apach= e is > terminating the SSL/TLS. > > We use: > > -Dtapestry.secure-enabled=3Dtrue > > We tell mod_proxy this: > > ProxyPreserveHost On > > and we use the following to convert the request to AJP, because app > preserves the HTTPS headers. > > ProxyPass /myapp ajp://app:8009/myapp retry=3D5 > ProxyPassReverse /myapp ajp:app:8009/myapp retry=3D5 > > This all works great for us. So what=E2=80=99s the URL issue again? > > Geoff > > > --001a11489f349ad942053838e3f5--