tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Brian Clark <brianclar...@yahoo.com>
Subject Re: SSL Accelerator - Front ending Tomcat
Date Wed, 07 Jan 2009 20:44:17 GMT





________________________________
From: Rainer Jung <rainer.jung@kippdata.de>
To: Tomcat Users List <users@tomcat.apache.org>
Sent: Tuesday, October 14, 2008 9:46:56 AM
Subject: Re: SSL Accelerator - Front ending Tomcat

Mike Koponick schrieb:
> Hello Everyone,
> 
> I have not been a frequent administrator of Tomcat, but it seems that
> I am becoming one!
> 
> So, Here is my setup, I using an SSL accelerator in front of a Tomcat
> server running two instances. When I try to access the website, the
> webserver (rightfully so) redirects me to another page on the same
> machine for the same instance. Thusly, I do not have the "https" URL
> any longer, but have "http" instead, of course this kills the
> connection.
> 
> So, I was wondering if anyone has had any experience setting up this
> type of environment. It seems to me that Tomcat doesn't know that
> this is a secure connection.
> 
> Any information is good information.

So look at

  http://tomcat.apache.org/tomcat-6.0-doc/config/http.html

especially proxyName, proxyPort, scheme and secure.

Regards,

Rainer
------------------------------------------

Anyone have success doing this?  I am having lots of problems getting this to work, and in
choosing the config directives to use to get it to work. 

For example, I set secure="true" and scheme="https" in the Connector block of my server.xml.
In testing, However, when I call request.isSecure()it returns "false". When I call request.getScheme()
it returns "http". I tested this with a simple page on my local instance of Tomcat--I accessed
that page via http://localhost:8080.  Shouldn't the secure and scheme directives override
whatever connection the browser initiated and return the configured value? 

Am I missing something? Do I need to define the proxyName and proxyPort config directives?
I tried that, and it didnt' seem to have an effect. 

I have the exact scenario (SSL accelerator in front of Tomcat) described above and am having
problems forcing my apps to generate https URLs instead of http. (BTW:  I'm running Tomcat
6.0.16 on Windows 2003)

Thanks,
Brian


      
Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message