 |
|
|
|
Next: How many worker process are needed?
|
| Author |
Message |
External
Since: Aug 21, 2005
Posts: 2
|
(Msg. 1) Posted: Sun Aug 21, 2005 6:02 pm
Post subject: Load Balanced HTTPS with Tomcat - Need Help
Archived from groups: alt>apache>configuration (more info?)
|
|
|
Greetings!
We have implemented an HTTPS application on Tomcat, and we run multiple
Application Servers for load-balancing.
Without getting into all the details of what and WHY....we have a
hardware SSL decoder in front of our load balancer.
So, the user browser submits an https request, and the SSL decoder
turns it into an http request, and Tomcat processes the http request.
The only problem is, every time Tomcat generates a page redirect, it
sends a fully qualified URL back to the browser, and it prepends "http"
onto the URL. (Tomcat thinks we are running an http side, but we are
actually an https site).
And when the user browser receives an "http" redirect after sending an
"https" request, it pops up a security warning to the user. (At least
Internet Explorer does.)
Is there any way to tell Tomcat "Hey, I know the requests are coming in
as http, but please generate all outbound redirects as https!!!"
I found that you could set the "scheme" parameter on a Tomcat
Connector, and that kinda works, but it breaks the Tomcat Login Process
(j_security_check), because j_security_check adds a port number (80) to
the URL. And you end up with an https request going to port
80....which causes a nasty error.
Any help desperately appreciated!!!
Robert Pappas
robert.pappas DeleteThis @gmail.com |
|
| Back to top |
|
 | |
External
Since: Aug 21, 2005
Posts: 2
|
(Msg. 2) Posted: Fri Sep 16, 2005 8:38 am
Post subject: Re: Load Balanced HTTPS with Tomcat - Need Help [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
|
|
|
Yay! I came up with a solution to my own problem. Here is what you
do:
In Tomcat server.xml, you can configure the Connector to run behind a
proxy using the proxyName and proxyPort parameters.
Here is the relevant piece of Tomcat documentation on these parameters:
"The proxyName and proxyPort attributes can be used when Tomcat is run
behind a proxy server. These attributes modify the values returned to
web applications that call the request.getServerName() and
request.getServerPort() methods, which are often used to construct
absolute URLs for redirects. Without configuring these attributes, the
values returned would reflect the server name and port on which the
connection from the proxy server was received, rather than the server
name and port to whom the client directed the original request."
Well, in my case, I'm running Tomcat behind an SSL decoder, not a
Proxy, but the effect is the same, and the solution is the same.
So, in the Connector attributes, I set the "proxyName" to the server
name of my website as seen from the outside world. I set "proxyPort"
to 443. I set "scheme" to "https", and I set "secure" to "true".
And it works!!! When Tomcat generates absolute URL's, it knows to use
these parameters to build the URL rather than the values from the
incoming request.
This solution seems so obvious in hindsight, but coming from the other
direction, I didn't know what to look for. I was doing tons of reading
on the topic of "SSL with Tomcat" and not on the topic of "proxies with
Tomcat".
Hope this helps someone else!
Robert Pappas |
|
| Back to top |
|
| |
| Related Topics: | How to configure load-balanced servers - Problem: We have 2 Windows 2003 based server boxes in a load-balanced cluster. Each one has to run Apache2 + mod_jk2 + Tomcat5.5 . And each server machine is equipped with 2 NICs (2 IP addresses), with one of them being also mapped to a third IP-address....
Redundant or Load Balanced Apache Proxies - Hi, I'm wondering whether I can load balance (make redundant) my Apache proxies. What I mean is something like this in Apache conf: ProxyRemote * http://foo-0.bar.dom:8080 ProxyRemote * http://foo-1.bar.com:8080 ProxyRemote * http://foo-2.bar.com:8080...
apache + tomcat + mod_jk to load jsp pages through apache - I'm continuing to try to get apache, tomcat, and the connector to work so apache passes jsp page requests to tomcat. It still is not functional, but still haven't found the culprit of why this isn't working. My configuration including perhaps tail-tell..
Step by step Apache2+ mod_jk2+ Multiple Tomcat 4.1.X in L.. - Applies to Unix Like OS, FreeBSD and Configuration Part applies to all platforms including Windows (All). Complete Configuration of Apache2+ mod_jk2+ Multiple Tomcat 4.1.X in Load Balancing and Context Switching Mode: To begin with its always a good....
HTTP & HTTPS - Hi , I am new to apache and would like know this.. 1.I want to run all except one file of my site in HTTP and the remaining one- authentication- file in HTTPS. 2.This has two solutions as outlined in http://httpd.apache.org/docs-2.0/ssl/ssl_faq.html .... |
|
You can post new topics in this forum
You can reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
|
|
|
|
|
FAQ
Profile
Private Messages
Log in
