tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mark Thomas <>
Subject Re: Reverse proxy with ARR and HTTPS
Date Thu, 11 Dec 2014 20:14:52 GMT
On 11/12/2014 19:42, Jesse Barnum wrote:
> I should have mentioned in my original post - IIS receives both HTTP
> as well as HTTPS requests. Both types of requests are proxied to a
> single HTTP connector in Tomcat.
> Is the only option to create two separate HTTP connectors on two
> different ports, set the secure attribute to true on one of them, and
> then configure ARR to send to HTTPS requests to the secure one?


> It seems like there should be a simpler solution.

That depends on how you define simple.

> Could we instead
> configure ARR to include some header that Tomcat would recognize?

Yes. Look into the RemoteIp[Filter|Valve]


>> On Dec 11, 2014, at 2:18 PM, Mark Thomas <> wrote:
>> On 11/12/2014 19:12, Jesse Barnum wrote:
>>> I have IIS 7 running with an SSL certificate. It receives HTTPS
>>> requests, and using ARR, it proxies them over HTTP to Tomcat.
>>> This works fine.
>>> The problem is that when we call HttpServletRequest.isSecure(),
>>> it returns false. This makes sense, since the request to tomcat
>>> is HTTP, but it’s not correct from the user’s standpoint, who is
>>> using HTTPS.
>>> Is there a recommended way to configure ARR with Tomcat so that
>>> the original HTTPS protocol can be recognized by Tomcat?
>> Set the secure attribute on the connector to "true" but make sure
>> you only proxy requests originally received over HTTPS to it.
>> Mark
> ---------------------------------------------------------------------
To unsubscribe, e-mail:
> For additional commands, e-mail:

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message