tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From jwklomp <>
Subject Re: Tomcat with certificate on load balances - prevending redirect https/http
Date Wed, 14 Dec 2011 06:07:19 GMT

Thanks for the explanation. 
- We get a HTTP/1.1 302 Moved Temporarily. 
- We are using HTTP proxying
- In this case we consider the our own network secure enough, so option 3
you listed will be the way to go. 


Christopher Schultz-2 wrote:
> Hash: SHA1
> Jan-Willem,
> On 12/13/11 9:27 AM, jwklomp wrote:
>> I'm having a problem that the all request get redirected from https
>> to http.
> Do you mean that requests to https://host/path get redirected (with a
> 30x response) to http://host/path? Or do you mean that URLs that your
> webapp builds and puts onto pages are http://host/path and not
> https://host/path?
> How have you connected IIS to Tomcat? Are you using mod_jk (AJP
> protocol) or are you using HTTP proxying?
>> I'm assuming this is because the application is listening on the
>> Tomcat default http port.
> The port number is not relevant.
>> As the communication between the LB and IIS/Tomcat is http I don't 
>> think I can change this(?).
> Well, that depends upon what you want to do. You can:
> 1. Use HTTPS between IIS and Tomcat. You should do this if you either
>    don't trust the network between the lb and your app server, or if
>    you are working with very sensitive data and *shouldn't* trust your
>    network.
> 2. Secure the communication in other ways (essentially, use non-HTTP SSL
>    between the endpoints). See reasons from #1 above. This is more
>    complicated but might get you a tiny bit of extra performance.
> 3. Configure your server such that HTTP traffic behind the lb is
>    considered to be HTTPS. Chuck pointed out that using secure="true"
>    on the connector accomplishes this, and it's appropriate to use
>    this configuration for this case: that's what it's there for.
>> Is there a way to prevent this redirect from https to http? Or is
>> this only possible if the certificate is installed in Tomcat and
>> Tomcat listens on a https port?
> Nope, SSL termination at the lb is standard operating procedure. You
> just have to configure things appropriately.
> - -chris
> Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
> Comment: GPGTools -
> Comment: Using GnuPG with Mozilla -
> iEYEARECAAYFAk7nu9wACgkQ9CaO5/Lv0PCL8QCgwJWt8e/QwYN5ip0iWbdZgdRB
> MVYAniN3XussouUZ2MGm1tX4Wbue4876
> =UkaD
> ---------------------------------------------------------------------
> To unsubscribe, e-mail:
> For additional commands, e-mail:

View this message in context:
Sent from the Tomcat - User mailing list archive at

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message