Re: [Resin-interest] ssl port
Hi Bill, Thanks for the response. Honestly, I haven't tested it just yet. I didn't see a 'secure' attribute on the http / config element so I just wanted to confirm that 8443 will implicitly be secure even though I'm not setting an encryption handler. I didn't see anything here (http://caucho.com/resin-3.0/security/ssl.xtp#notneeded) about it. I'll be back if it doesn't work. Thanks again, Michael Bill Au wrote: With the SSL port set up in Resin, relative redirect on a https request should go to the SSL port. Is that not the case? Bill On 6/1/07, *Michael Fortin * [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] wrote: Hello, We have our servers setup behind a load balancer and the load balancer does all the encryption for ssl. All traffic inside our network is on port 8080. If I do a relative redirect on a request from a secure url it returns an insecure url. To try and fix this I setup another http port in the resin conf for 8443 and set the load balancer to send secure traffic to that port. Tomcat has a isSecure flag on it's connector to tell the request it's a secure request even though it's already decrypted. Does resin have something like that? Will resin know to make a secure link on that port? Resin version 3.0.18 JDK 1.5.0_10 Linux Thanks Michael ___ resin-interest mailing list resin-interest@caucho.com mailto:resin-interest@caucho.com http://maillist.caucho.com/mailman/listinfo/resin-interest ___ resin-interest mailing list resin-interest@caucho.com http://maillist.caucho.com/mailman/listinfo/resin-interest ___ resin-interest mailing list resin-interest@caucho.com http://maillist.caucho.com/mailman/listinfo/resin-interest
[Resin-interest] ssl port
Hello, We have our servers setup behind a load balancer and the load balancer does all the encryption for ssl. All traffic inside our network is on port 8080. If I do a relative redirect on a request from a secure url it returns an insecure url. To try and fix this I setup another http port in the resin conf for 8443 and set the load balancer to send secure traffic to that port. Tomcat has a isSecure flag on it's connector to tell the request it's a secure request even though it's already decrypted. Does resin have something like that? Will resin know to make a secure link on that port? Resin version 3.0.18 JDK 1.5.0_10 Linux Thanks Michael ___ resin-interest mailing list resin-interest@caucho.com http://maillist.caucho.com/mailman/listinfo/resin-interest
Re: [Resin-interest] ssl port
Hi Bill, I've just tested my theory and it didn't work as I had hoped, the request is not flaged as secure. In my resin.conf : http server-id=web23-s1 host=172.30.1.219 virtual-host=www.ourdomain.com port=8080/ http server-id=web23-s1 host=172.30.1.219 virtual-host=www.ourdomain.com port=8443/ host id=www.ourdomain.com root-directory=/var/www/hosts/www.ourdomain.com web-app id=/ document-directory=ROOT startup-mode=automatic redeploy-mode=manual / /host and I setup a simple jsp that outputs: Secure? %= request.isSecure() % when I call either of the following urls secure is false. http://172.30.1.219:8080/test.jsp http://172.30.1.219:8443/test.jsp How do I configure resin to know the request on 8443 is secure? Thanks, Michael Bill Au wrote: There is a secure-host-name under host http://www.caucho.com/resin-3.0/config/resin.xtp#host You may have to use that to set the port number for SSL. Bill On 6/1/07, *Michael Fortin* [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] wrote: Hi Bill, Thanks for the response. Honestly, I haven't tested it just yet. I didn't see a 'secure' attribute on the http / config element so I just wanted to confirm that 8443 will implicitly be secure even though I'm not setting an encryption handler. I didn't see anything here (http://caucho.com/resin-3.0/security/ssl.xtp#notneeded) about it. I'll be back if it doesn't work. Thanks again, Michael Bill Au wrote: With the SSL port set up in Resin, relative redirect on a https request should go to the SSL port. Is that not the case? Bill On 6/1/07, *Michael Fortin * [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] mailto:[EMAIL PROTECTED] mailto:[EMAIL PROTECTED] wrote: Hello, We have our servers setup behind a load balancer and the load balancer does all the encryption for ssl. All traffic inside our network is on port 8080. If I do a relative redirect on a request from a secure url it returns an insecure url. To try and fix this I setup another http port in the resin conf for 8443 and set the load balancer to send secure traffic to that port. Tomcat has a isSecure flag on it's connector to tell the request it's a secure request even though it's already decrypted. Does resin have something like that? Will resin know to make a secure link on that port? Resin version 3.0.18 JDK 1.5.0_10 Linux Thanks Michael ___ resin-interest mailing list resin-interest@caucho.com mailto:resin-interest@caucho.com mailto:resin-interest@caucho.com mailto:resin-interest@caucho.com http://maillist.caucho.com/mailman/listinfo/resin-interest ___ resin-interest mailing list resin-interest@caucho.com mailto:resin-interest@caucho.com http://maillist.caucho.com/mailman/listinfo/resin-interest http://maillist.caucho.com/mailman/listinfo/resin-interest ___ resin-interest mailing list resin-interest@caucho.com mailto:resin-interest@caucho.com http://maillist.caucho.com/mailman/listinfo/resin-interest ___ resin-interest mailing list resin-interest@caucho.com http://maillist.caucho.com/mailman/listinfo/resin-interest ___ resin-interest mailing list resin-interest@caucho.com http://maillist.caucho.com/mailman/listinfo/resin-interest
Re: [Resin-interest] ssl port
We do have a header attribute that tells us if it's secure or not which I could use in a filter. That would be an acceptable solution. I've tried modifying the request in a filter before I tried setting up the 8443 port but isSecure is immutable. What do you mean by 'request adapter'? Michael Knut Forkalsrud wrote: Michael Fortin wrote: How do I configure resin to know the request on 8443 is secure? If your advanced load balancer can inject an HTTP header in the SSL requests you can use a servlet filter to add a request adapter that overrides the isSecure method. -Knut ___ resin-interest mailing list resin-interest@caucho.com http://maillist.caucho.com/mailman/listinfo/resin-interest ___ resin-interest mailing list resin-interest@caucho.com http://maillist.caucho.com/mailman/listinfo/resin-interest