tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Anthony Bonafide <>
Subject SSL acceleration
Date Tue, 04 Nov 2014 16:47:39 GMT
Hello All,

I am using a third party load balancer which accepts HTTPS connections,
decrypts them and sends the unencrypted connection to Tomcat(SSL
Acceleration). I am currently using tomcat 5 and I am in the process of
upgrading to Tomcat 7. I am having an issue setting up Tomcat7 to accept
the connections from my load balancer. In tomcat 5 I have the 2 connectors
set up as so with everything working:

<Connector port="8080" maxHttpHeaderSize="8192" maxPostSize="512000"
               maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
               enableLookups="false" redirectPort="8443" acceptCount="100"
               connectionTimeout="20000" disableUploadTimeout="true" />

<Connector port="8081" maxHttpHeaderSize="8192" maxPostSize="512000"
               maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
               enableLookups="false" redirectPort="8444" acceptCount="100"
               connectionTimeout="20000" scheme="https" proxyPort="443"
disableUploadTimeout="true" />

The load balancer sends unencrypted HTTPS traffic to Tomcat via port 8081.
This is setup is n place now with the current setup so the client does not
have HTTPS changed to HTTP during a session, do to tomcat thinking the
HTTPS connection is unencrypted and it should be changed to HTTP. There is
no keystore or certs used by tomcat, all certs are placed on the load

During setup of Tomcat 7 I copied the previous connector setup, resolving
the following URLS I get the following responses respectively(I get the
same results with my currenttly working Tomcat5 setup):

https://localhost:8081/ - Secure connection fails
http://localhost:8081/ - Apache Tomcat 7.0.56 page showing that everything

My settings for tomcat 7 are:

 <Connector port="8080" protocol="HTTP/1.1"
               redirectPort="8443" />

   <Connector port="8081" protocol="HTTP/1.1"
               maxThreads="150" SSLEnabled="false" scheme="https"
               clientAuth="false" sslProtocol="TLS" proxyPort="443"/>

I was wondering if there is a way to setup Tomcat 7 to accept the
unencrypted request(SSL Acceleration) from the load balancer, process the
request and send back a response without changing the scheme to HTTP?

Also as expected my load balancer is not able to establish a connection
with Tomcat7 over HTTPS port 8081.

Any advice would be greatly appreciated.

Thank you,

Anthony Bonafide

  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message