tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "David P. Caldwell" <>
Subject Re: Can Tomcat act as an HTTPS proxy?
Date Thu, 19 Jan 2017 15:53:17 GMT
One clarification: when I wrote:

"is there something configurable that
will allow those requests to be forwarded rather than rejected?"

... what I really meant was, is there a way for the request to reach
my servlet (which handles all requests), basically. I already have a
server-side implementation that can make the request of the backend
server and return the response to the front end.

On Thu, Jan 19, 2017 at 10:38 AM, David P. Caldwell
<> wrote:
> I'm trying to forward HTTPS requests through a Tomcat HTTP (or HTTPS)
> server to a backend HTTPS server.
> The requests are initiated by a Java HTTP client (
> So I have:
> backend HTTPS server (which works)
> Tomcat server running HTTP and HTTPS connectors
> Java HTTPUrlConnection, using Tomcat HTTP connector as a proxy
> The Java client can successfully:
> * use the backend HTTPS server directly
> * use the Tomcat HTTP connector
> * use the Tomcat HTTPS connector
> For my scenario, I think using the HTTP connector to proxy is correct,
> though I've also tried using the HTTPS connector.
> I'm not an expert on SSL or HTTPS. The HTTPS connector doesn't work,
> but my understanding is that using it doesn't make sense; the trust
> relationship is end-to-end, so you'd use ordinary HTTP to proxy in
> between. It ends up with an unexpected EOF from server or something.
> Assuming the HTTP connector is the right one to use, here's my
> problem: Tomcat returns a 400 Bad Request when I attempt to request an
> https: URL via an ordinary HTTP request to the HTTP connector.
> Conceptually, it seems like this ought to be fine, to me, but as I
> said, my understanding of the concepts is a bit murky, so I might be
> wrong.
> Am I on the right track? If so, is there something configurable that
> will allow those requests to be forwarded rather than rejected?
> -- David P. Caldwell

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message