tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "David P. Caldwell" <da...@code.davidpcaldwell.com>
Subject Re: Can Tomcat act as an HTTPS proxy?
Date Thu, 19 Jan 2017 15:53:17 GMT
One clarification: when I wrote:

"is there something configurable that
will allow those requests to be forwarded rather than rejected?"

... what I really meant was, is there a way for the request to reach
my servlet (which handles all requests), basically. I already have a
server-side implementation that can make the request of the backend
server and return the response to the front end.

On Thu, Jan 19, 2017 at 10:38 AM, David P. Caldwell
<david@code.davidpcaldwell.com> wrote:
> I'm trying to forward HTTPS requests through a Tomcat HTTP (or HTTPS)
> server to a backend HTTPS server.
>
> The requests are initiated by a Java HTTP client (java.net.URLConnection-based).
>
> So I have:
>
> backend HTTPS server (which works)
> Tomcat server running HTTP and HTTPS connectors
> Java HTTPUrlConnection, using Tomcat HTTP connector as a proxy
>
> The Java client can successfully:
>
> * use the backend HTTPS server directly
> * use the Tomcat HTTP connector
> * use the Tomcat HTTPS connector
>
> For my scenario, I think using the HTTP connector to proxy is correct,
> though I've also tried using the HTTPS connector.
>
> I'm not an expert on SSL or HTTPS. The HTTPS connector doesn't work,
> but my understanding is that using it doesn't make sense; the trust
> relationship is end-to-end, so you'd use ordinary HTTP to proxy in
> between. It ends up with an unexpected EOF from server or something.
>
> Assuming the HTTP connector is the right one to use, here's my
> problem: Tomcat returns a 400 Bad Request when I attempt to request an
> https: URL via an ordinary HTTP request to the HTTP connector.
>
> Conceptually, it seems like this ought to be fine, to me, but as I
> said, my understanding of the concepts is a bit murky, so I might be
> wrong.
>
> Am I on the right track? If so, is there something configurable that
> will allow those requests to be forwarded rather than rejected?
>
> -- David P. Caldwell
> http://www.davidpcaldwell.com/

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message