You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@tomcat.apache.org by Mike Koponick <Mi...@chockstone.com> on 2008/10/14 00:53:35 UTC

SSL Accelerator - Front ending Tomcat

Hello Everyone,

I have not been a frequent administrator of Tomcat, but it seems that
I am becoming one!

So, Here is my setup, I using an SSL accelerator in front of a Tomcat
server running two instances. When I try to access the website, the
webserver (rightfully so) redirects me to another page on the same
machine for the same instance. Thusly, I do not have the "https" URL
any longer, but have "http" instead, of course this kills the
connection.

So, I was wondering if anyone has had any experience setting up this
type of environment. It seems to me that Tomcat doesn't know that
this is a secure connection.

Any information is good information.

Thanks!

Mike


---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org

Re: SSL Accelerator - Front ending Tomcat

Posted by Brian Clark <br...@yahoo.com>.

________________________________
From: Rainer Jung <ra...@kippdata.de>
To: Tomcat Users List <us...@tomcat.apache.org>
Sent: Tuesday, October 14, 2008 9:46:56 AM
Subject: Re: SSL Accelerator - Front ending Tomcat

Mike Koponick schrieb:
> Hello Everyone,
> 
> I have not been a frequent administrator of Tomcat, but it seems that
> I am becoming one!
> 
> So, Here is my setup, I using an SSL accelerator in front of a Tomcat
> server running two instances. When I try to access the website, the
> webserver (rightfully so) redirects me to another page on the same
> machine for the same instance. Thusly, I do not have the "https" URL
> any longer, but have "http" instead, of course this kills the
> connection.
> 
> So, I was wondering if anyone has had any experience setting up this
> type of environment. It seems to me that Tomcat doesn't know that
> this is a secure connection.
> 
> Any information is good information.

So look at

  http://tomcat.apache.org/tomcat-6.0-doc/config/http.html

especially proxyName, proxyPort, scheme and secure.

Regards,

Rainer
------------------------------------------

Anyone have success doing this?  I am having lots of problems getting this to work, and in choosing the config directives to use to get it to work. 

For example, I set secure="true" and scheme="https" in the Connector block of my server.xml. In testing, However, when I call request.isSecure()it returns "false". When I call request.getScheme() it returns "http". I tested this with a simple page on my local instance of Tomcat--I accessed that page via http://localhost:8080.  Shouldn't the secure and scheme directives override whatever connection the browser initiated and return the configured value? 

Am I missing something? Do I need to define the proxyName and proxyPort config directives? I tried that, and it didnt' seem to have an effect. 

I have the exact scenario (SSL accelerator in front of Tomcat) described above and am having problems forcing my apps to generate https URLs instead of http. (BTW:  I'm running Tomcat 6.0.16 on Windows 2003)

Thanks,
Brian

Re: SSL Accelerator - Front ending Tomcat

Posted by Rainer Jung <ra...@kippdata.de>.

Mike Koponick schrieb:
> Hello Everyone,
> 
> I have not been a frequent administrator of Tomcat, but it seems that
> I am becoming one!
> 
> So, Here is my setup, I using an SSL accelerator in front of a Tomcat
> server running two instances. When I try to access the website, the
> webserver (rightfully so) redirects me to another page on the same
> machine for the same instance. Thusly, I do not have the "https" URL
> any longer, but have "http" instead, of course this kills the
> connection.
> 
> So, I was wondering if anyone has had any experience setting up this
> type of environment. It seems to me that Tomcat doesn't know that
> this is a secure connection.
> 
> Any information is good information.

So look at

  http://tomcat.apache.org/tomcat-6.0-doc/config/http.html

especially proxyName, proxyPort, scheme and secure.

Regards,

Rainer

---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org

RE: SSL Accelerator - Front ending Tomcat

Posted by Martin Gainty <mg...@hotmail.com>.

all your <SSL/nonSSL> connections are all defined in $TOMCAT_HOME/conf/server.xml
if you provide information on who/what/why/how specific security features you want your website to implement
we can be of point you in the right direction
check out
http://tomcat.apache.org/tomcat-5.5-doc/ssl-howto.html
also pay attention to redirectPort of the NON-ssl connector *usually 8443*

a very simple primer located here
http://techtracer.com/2007/09/12/setting-up-ssl-on-tomcat-in-3-easy-steps/

Martin 
______________________________________________ 
Disclaimer and confidentiality note 
Everything in this e-mail and any attachments relates to the official business of Sender. This transmission is of a confidential nature and Sender does not endorse distribution to any party other than intended recipient. Sender does not necessarily endorse content contained within this transmission. 


> From: Mike.Koponick@chockstone.com
> Subject: SSL Accelerator - Front ending Tomcat
> Date: Mon, 13 Oct 2008 15:53:35 -0700
> To: users@tomcat.apache.org
> 
> Hello Everyone,
> 
> I have not been a frequent administrator of Tomcat, but it seems that
> I am becoming one!
> 
> So, Here is my setup, I using an SSL accelerator in front of a Tomcat
> server running two instances. When I try to access the website, the
> webserver (rightfully so) redirects me to another page on the same
> machine for the same instance. Thusly, I do not have the "https" URL
> any longer, but have "http" instead, of course this kills the
> connection.
> 
> So, I was wondering if anyone has had any experience setting up this
> type of environment. It seems to me that Tomcat doesn't know that
> this is a secure connection.
> 
> Any information is good information.
> 
> Thanks!
> 
> Mike
> 
> 
> ---------------------------------------------------------------------
> To start a new topic, e-mail: users@tomcat.apache.org
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
> 

_________________________________________________________________
Want to do more with Windows Live? Learn “10 hidden secrets” from Jamie.
http://windowslive.com/connect/post/jamiethomson.spaces.live.com-Blog-cns!550F681DAD532637!5295.entry?ocid=TXT_TAGLM_WL_domore_092008