tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From John-Paul Ranaudo <jrana...@gmail.com>
Subject Re: SSL and non SSL configuration on tomcat 6.0.26, confused
Date Fri, 25 Jun 2010 17:40:49 GMT
Thanks for the reply.

Ok, so I am assuming I do not have to setup SSL (certificates etc) since my
load balancer is decoding the connection. So even if the load balancer is
"decoding" the connection I still have to have SSLEnabled="true"? However if
I do, does this not make Tomcat try and decode the "connection"?

*Which is the root of my problem. How to use the HTTPS protocol without
having Tomcat decrypt the connection since the load balancer has done this
for me. *

The link to the documentation is correct. However the properties of the
connector are confusing to me. For example "SSLEnabled" if fairly obvious
but "secure" it confusing. Not sure under what context I need to set this.

The application always uses relative paths so whatever protocol the
framework is using will be what is returned in the page.

I have also tried setting the redirect port thinking I can redirect requests
to 443 to the port 80 internally and scheme to 'https'. This actually had
the effect of making one framework (the one with https) work but broke the
other.

Regards,

John

On Fri, Jun 25, 2010 at 1:18 PM, Pid <pid@pidster.com> wrote:

> On 25/06/2010 17:56, John-Paul Ranaudo wrote:
> > Our environment:
> >
> > Unix Solaris 5.9
> > Tomcat 6.0.26
> > JVM 1.6.20
> >
> > Our application runs in two frameworks. One uses https one does not. I am
> > trying to configure the tomcat connectors to work but when I get it
> working
> > in one framework it does not work in the other.
> >
> > *I have been told we do not need to 'handle' SSL totally as this is
> handled
> > by our load balancers. Not sure what these means*.
>
> That usually means that the load-balancer is decoding the SSL connection
> and passing an unencrypted connection through to the servers in the
> cluster, which then don't need to repeat the effort.
>
>
> > For example: In one framework we'll get permission denied errors and the
> > other will work. If we change things around the opposite occurs but
> instead
> > of permission errors we get invalid certificate error.
> >
> > The tomcat documentation on connectors does not describe the options very
> > well.
>
> This link, or another one?
>
>  http://tomcat.apache.org/tomcat-6.0-doc/config/http.html#SSL Support
>
>
> > <Connector port="80" protocol="HTTP/1.1" connectionTimeout="20000"/>
> >
> > <Connector port="443" protocol="HTTP/1.1" SSLEnabled="false"
> > maxThreads="150" scheme="https" secure="false" clientAuth="false"
> > sslProtocol="TLS"/>
>
> Looks like a few odd things going on there.
>
>  SSLEnabled=false
>  secure=false
>
> You'll need to set at least one of those to true.
>
> If the connector on 443 is supposed to be decoding SSL connections
> there's a lot more config you'll need too.   See the link above.
>
>
> > The above connectors work with the http framework but gives me the "mixed
> > content warning" in IE because some requests are http and some https.
>
> That's nothing to do with the Connectors per se.  If your web app is
> mixing references to secure and insecure pages, you'll get that warning.
>
> You need to fix your app so it does the right thing.
>
>
> p
>
>
> > It's obvious I have not worked with SSL very much. Any help would be
> greatly
> > appreciated.
> >
> > Regards,
> >
> > John Ranaudo
> >
>
>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message