Re: SSL Accelerator - Front ending Tomcat
From: Rainer Jung rainer.j...@kippdata.de To: Tomcat Users List users@tomcat.apache.org Sent: Tuesday, October 14, 2008 9:46:56 AM Subject: Re: SSL Accelerator - Front ending Tomcat Mike Koponick schrieb: Hello Everyone, I have not been a frequent administrator of Tomcat, but it seems that I am becoming one! So, Here is my setup, I using an SSL accelerator in front of a Tomcat server running two instances. When I try to access the website, the webserver (rightfully so) redirects me to another page on the same machine for the same instance. Thusly, I do not have the https URL any longer, but have http instead, of course this kills the connection. So, I was wondering if anyone has had any experience setting up this type of environment. It seems to me that Tomcat doesn't know that this is a secure connection. Any information is good information. So look at http://tomcat.apache.org/tomcat-6.0-doc/config/http.html especially proxyName, proxyPort, scheme and secure. Regards, Rainer -- Anyone have success doing this? I am having lots of problems getting this to work, and in choosing the config directives to use to get it to work. For example, I set secure=true and scheme=https in the Connector block of my server.xml. In testing, However, when I call request.isSecure()it returns false. When I call request.getScheme() it returns http. I tested this with a simple page on my local instance of Tomcat--I accessed that page via http://localhost:8080. Shouldn't the secure and scheme directives override whatever connection the browser initiated and return the configured value? Am I missing something? Do I need to define the proxyName and proxyPort config directives? I tried that, and it didnt' seem to have an effect. I have the exact scenario (SSL accelerator in front of Tomcat) described above and am having problems forcing my apps to generate https URLs instead of http. (BTW: I'm running Tomcat 6.0.16 on Windows 2003) Thanks, Brian
Re: SSL Accelerator - Front ending Tomcat
Mike Koponick schrieb: Hello Everyone, I have not been a frequent administrator of Tomcat, but it seems that I am becoming one! So, Here is my setup, I using an SSL accelerator in front of a Tomcat server running two instances. When I try to access the website, the webserver (rightfully so) redirects me to another page on the same machine for the same instance. Thusly, I do not have the https URL any longer, but have http instead, of course this kills the connection. So, I was wondering if anyone has had any experience setting up this type of environment. It seems to me that Tomcat doesn't know that this is a secure connection. Any information is good information. So look at http://tomcat.apache.org/tomcat-6.0-doc/config/http.html especially proxyName, proxyPort, scheme and secure. Regards, Rainer - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
SSL Accelerator - Front ending Tomcat
Hello Everyone, I have not been a frequent administrator of Tomcat, but it seems that I am becoming one! So, Here is my setup, I using an SSL accelerator in front of a Tomcat server running two instances. When I try to access the website, the webserver (rightfully so) redirects me to another page on the same machine for the same instance. Thusly, I do not have the https URL any longer, but have http instead, of course this kills the connection. So, I was wondering if anyone has had any experience setting up this type of environment. It seems to me that Tomcat doesn't know that this is a secure connection. Any information is good information. Thanks! Mike - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: SSL Accelerator - Front ending Tomcat
all your SSL/nonSSL connections are all defined in $TOMCAT_HOME/conf/server.xml if you provide information on who/what/why/how specific security features you want your website to implement we can be of point you in the right direction check out http://tomcat.apache.org/tomcat-5.5-doc/ssl-howto.html also pay attention to redirectPort of the NON-ssl connector *usually 8443* a very simple primer located here http://techtracer.com/2007/09/12/setting-up-ssl-on-tomcat-in-3-easy-steps/ Martin __ Disclaimer and confidentiality note Everything in this e-mail and any attachments relates to the official business of Sender. This transmission is of a confidential nature and Sender does not endorse distribution to any party other than intended recipient. Sender does not necessarily endorse content contained within this transmission. From: [EMAIL PROTECTED] Subject: SSL Accelerator - Front ending Tomcat Date: Mon, 13 Oct 2008 15:53:35 -0700 To: users@tomcat.apache.org Hello Everyone, I have not been a frequent administrator of Tomcat, but it seems that I am becoming one! So, Here is my setup, I using an SSL accelerator in front of a Tomcat server running two instances. When I try to access the website, the webserver (rightfully so) redirects me to another page on the same machine for the same instance. Thusly, I do not have the https URL any longer, but have http instead, of course this kills the connection. So, I was wondering if anyone has had any experience setting up this type of environment. It seems to me that Tomcat doesn't know that this is a secure connection. Any information is good information. Thanks! Mike - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] _ Want to do more with Windows Live? Learn “10 hidden secrets” from Jamie. http://windowslive.com/connect/post/jamiethomson.spaces.live.com-Blog-cns!550F681DAD532637!5295.entry?ocid=TXT_TAGLM_WL_domore_092008
Re: SSL Accelerator - Front ending Tomcat
I don't know if this will actually help Mike do what he wants to do. I don't think he needs to know about Tomcat SSL configuration. I think we do exactly what Mike wants to do...we have a network load balancer with SSL accelerator in front of all of our Tomcat instances. All of our incoming SSL connections terminate on the load balancer. The load balancer acts as a sort of reverse proxy to Tomcat. The Tomcat instances do not have any SSL configuration whatsoever--communications between the load balancer and Tomcat is via HTTP. Some load balancers support re-encrypting traffic between the load balancer and the web/app server. You could setup your environment like this, and it might solve your problem. We didn't do it this way though. To make this work in our environment, we had to engineer our applications to be SSL-aware, even though Tomcat wasn't. To do this, we did two major pieces of engineering effort: 1) Used relative links in our apps as much as possible. If you could make all of your URL's relative, then you wouldn't have any problems, as there would never be any miscommunication between the browser, the load balancer and Tomcat. 2) Whenever we generated full URL's inside of an SSL-enabled application, we had to make sure that our code generated an HTTPS URL, and not an HTTP URL. You don't normally have to do this, as Tomcat can do it for you. But since Tomcat isn't aware that the connection is SSL-enabled, you have to write code to force the kind of URL that you want. For our HTTP apps, we had to make sure that HTTP URL's were generated. Hope this helps. Brian - Original Message From: Martin Gainty [EMAIL PROTECTED] To: Tomcat Users List users@tomcat.apache.org Sent: Monday, October 13, 2008 7:20:48 PM Subject: RE: SSL Accelerator - Front ending Tomcat all your SSL/nonSSL connections are all defined in $TOMCAT_HOME/conf/server.xml if you provide information on who/what/why/how specific security features you want your website to implement we can be of point you in the right direction check out http://tomcat.apache.org/tomcat-5.5-doc/ssl-howto.html also pay attention to redirectPort of the NON-ssl connector *usually 8443* a very simple primer located here http://techtracer.com/2007/09/12/setting-up-ssl-on-tomcat-in-3-easy-steps/ Martin __ Disclaimer and confidentiality note Everything in this e-mail and any attachments relates to the official business of Sender. This transmission is of a confidential nature and Sender does not endorse distribution to any party other than intended recipient. Sender does not necessarily endorse content contained within this transmission. From: [EMAIL PROTECTED] Subject: SSL Accelerator - Front ending Tomcat Date: Mon, 13 Oct 2008 15:53:35 -0700 To: users@tomcat.apache.org Hello Everyone, I have not been a frequent administrator of Tomcat, but it seems that I am becoming one! So, Here is my setup, I using an SSL accelerator in front of a Tomcat server running two instances. When I try to access the website, the webserver (rightfully so) redirects me to another page on the same machine for the same instance. Thusly, I do not have the https URL any longer, but have http instead, of course this kills the connection. So, I was wondering if anyone has had any experience setting up this type of environment. It seems to me that Tomcat doesn't know that this is a secure connection. Any information is good information. Thanks! Mike - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] _ Want to do more with Windows Live? Learn “10 hidden secrets” from Jamie. http://windowslive.com/connect/post/jamiethomson.spaces.live.com-Blog-cns!550F681DAD532637!5295.entry?ocid=TXT_TAGLM_WL_domore_092008
