tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mark Thomas <ma...@apache.org>
Subject Re: Reverse proxy with ARR and HTTPS
Date Thu, 11 Dec 2014 20:14:52 GMT
On 11/12/2014 19:42, Jesse Barnum wrote:
> I should have mentioned in my original post - IIS receives both HTTP
> as well as HTTPS requests. Both types of requests are proxied to a
> single HTTP connector in Tomcat.
> 
> Is the only option to create two separate HTTP connectors on two
> different ports, set the secure attribute to true on one of them, and
> then configure ARR to send to HTTPS requests to the secure one?

No.

> It seems like there should be a simpler solution.

That depends on how you define simple.

> Could we instead
> configure ARR to include some header that Tomcat would recognize?

Yes. Look into the RemoteIp[Filter|Valve]

Mark

> 
>> On Dec 11, 2014, at 2:18 PM, Mark Thomas <markt@apache.org> wrote:
>> 
>> On 11/12/2014 19:12, Jesse Barnum wrote:
>>> I have IIS 7 running with an SSL certificate. It receives HTTPS
>>> requests, and using ARR, it proxies them over HTTP to Tomcat.
>>> This works fine.
>>> 
>>> The problem is that when we call HttpServletRequest.isSecure(),
>>> it returns false. This makes sense, since the request to tomcat
>>> is HTTP, but it’s not correct from the user’s standpoint, who is
>>> using HTTPS.
>>> 
>>> Is there a recommended way to configure ARR with Tomcat so that
>>> the original HTTPS protocol can be recognized by Tomcat?
>> 
>> Set the secure attribute on the connector to "true" but make sure
>> you only proxy requests originally received over HTTPS to it.
>> 
>> Mark
> 
> ---------------------------------------------------------------------
>
> 
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
> 


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message