tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Schultz <ch...@christopherschultz.net>
Subject Re: Can Tomcat act as an HTTPS proxy?
Date Thu, 19 Jan 2017 16:42:51 GMT
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

David,

On 1/19/17 10:38 AM, David P. Caldwell wrote:
> I'm trying to forward HTTPS requests through a Tomcat HTTP (or
> HTTPS) server to a backend HTTPS server.
> 
> The requests are initiated by a Java HTTP client
> (java.net.URLConnection-based).
> 
> So I have:
> 
> backend HTTPS server (which works) Tomcat server running HTTP and
> HTTPS connectors Java HTTPUrlConnection, using Tomcat HTTP
> connector as a proxy
> 
> The Java client can successfully:
> 
> * use the backend HTTPS server directly * use the Tomcat HTTP
> connector * use the Tomcat HTTPS connector
> 
> For my scenario, I think using the HTTP connector to proxy is
> correct, though I've also tried using the HTTPS connector.
> 
> I'm not an expert on SSL or HTTPS. The HTTPS connector doesn't
> work, but my understanding is that using it doesn't make sense; the
> trust relationship is end-to-end, so you'd use ordinary HTTP to
> proxy in between. It ends up with an unexpected EOF from server or
> something.
> 
> Assuming the HTTP connector is the right one to use, here's my 
> problem: Tomcat returns a 400 Bad Request when I attempt to request
> an https: URL via an ordinary HTTP request to the HTTP connector.
> 
> Conceptually, it seems like this ought to be fine, to me, but as I 
> said, my understanding of the concepts is a bit murky, so I might
> be wrong.
> 
> Am I on the right track? If so, is there something configurable
> that will allow those requests to be forwarded rather than
> rejected?

So you've got this?

client -- HTTP --> Tomcat proxy -- HTTPS --> backend server

?

Or this?

client -- HTTPS --> Tomcat proxy -- HTTP --> backend server

?

Please post as much of your configuration (<Connector>, proxy) as you ca
n.

Also, what is the purpose of the HTTPS wherever it is being used? It
is for privacy or for authentication (or both)?

- -chris
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBCAAGBQJYgOyLAAoJEBzwKT+lPKRYcJ0P/jxtmltsNpilxkYnbTFopTFl
87GqViuIQOXdi/2EzP9jJhdieBv7XwIAI81hJ4qWCdUhANtxNoPeaytZPR2+E6hT
4zUC0x4ez4E9S2lUkhk7XcSr/0+hAM0rLd1TChJi0+tweZjWyaeCAbbdLHhjPb+e
SRAs4Tz2qs0Y7i3qu3nV6VWt5u2eBEspogFHT8FXjXLYx/VPQOR9/60mnEDsaEek
gC4Xqh5vMABd7Tcyslp0kfKrFEKjAgoej2cQ+p96faITV7X9ji0z35uvSwNErfD0
iIruVVUfe8MSBRR8jwpLor6ORAL3dZ0FmKegxjAOJ897eIv3hO6rS2JqmT3Ju1Ez
dczMIIJA7c92xk4UINlMrTRit8MXJoOuJSR778pRS/j8WirNGw1y66U2U8Z3KZeM
4tDKpIwwXx2HX0Mrag/m3UB5Y59UNX/5TVJQr+2GhcvIHOXK1cWUmFOdZtbwD5Xc
a7HpZDuMNSrxZjzrfWg18EMl2IfGLWllW6Qs73e+VO3cC8tlbQzjO0RQowl2e867
twZO8zXvGVrxtJcezaq1dRzPQDVRIVbedBAxNuN20JkdaWMcxGkBjsIiw99Vp4V7
XgX+5+6ZeLAFHhVyoAVFumL4Rr585PzloiZLQcOUGosqqreVh4L2Yp5YRfgOojOU
EPPtfY44QI4Jq3SwTLCr
=938w
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message