tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From jwklomp <janwillem.kl...@gmail.com>
Subject Re: Tomcat with certificate on load balances - prevending redirect https/http
Date Wed, 14 Dec 2011 06:07:19 GMT

Thanks for the explanation. 
- We get a HTTP/1.1 302 Moved Temporarily. 
- We are using HTTP proxying
- In this case we consider the our own network secure enough, so option 3
you listed will be the way to go. 

Jan-Willem

Christopher Schultz-2 wrote:
> 
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Jan-Willem,
> 
> On 12/13/11 9:27 AM, jwklomp wrote:
>> I'm having a problem that the all request get redirected from https
>> to http.
> 
> Do you mean that requests to https://host/path get redirected (with a
> 30x response) to http://host/path? Or do you mean that URLs that your
> webapp builds and puts onto pages are http://host/path and not
> https://host/path?
> 
> How have you connected IIS to Tomcat? Are you using mod_jk (AJP
> protocol) or are you using HTTP proxying?
> 
>> I'm assuming this is because the application is listening on the
>> Tomcat default http port.
> 
> The port number is not relevant.
> 
>> As the communication between the LB and IIS/Tomcat is http I don't 
>> think I can change this(?).
> 
> Well, that depends upon what you want to do. You can:
> 
> 1. Use HTTPS between IIS and Tomcat. You should do this if you either
>    don't trust the network between the lb and your app server, or if
>    you are working with very sensitive data and *shouldn't* trust your
>    network.
> 
> 2. Secure the communication in other ways (essentially, use non-HTTP SSL
>    between the endpoints). See reasons from #1 above. This is more
>    complicated but might get you a tiny bit of extra performance.
> 
> 3. Configure your server such that HTTP traffic behind the lb is
>    considered to be HTTPS. Chuck pointed out that using secure="true"
>    on the connector accomplishes this, and it's appropriate to use
>    this configuration for this case: that's what it's there for.
> 
>> Is there a way to prevent this redirect from https to http? Or is
>> this only possible if the certificate is installed in Tomcat and
>> Tomcat listens on a https port?
> 
> Nope, SSL termination at the lb is standard operating procedure. You
> just have to configure things appropriately.
> 
> - -chris
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
> Comment: GPGTools - http://gpgtools.org
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
> 
> iEYEARECAAYFAk7nu9wACgkQ9CaO5/Lv0PCL8QCgwJWt8e/QwYN5ip0iWbdZgdRB
> MVYAniN3XussouUZ2MGm1tX4Wbue4876
> =UkaD
> -----END PGP SIGNATURE-----
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
> 
> 
> 

-- 
View this message in context: http://old.nabble.com/Tomcat-with-certificate-on-load-balances---prevending-redirect-https-http-tp32966487p32972690.html
Sent from the Tomcat - User mailing list archive at Nabble.com.


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message