This is a snippet of nginx configuration that proxies the request to jetty on port 8080.Via this configuration i am able to have ssl and non ssl versions of the tapestry application.If i want to enforce only ssl version of tapestry i enforce it via nginx.Hope that was helpful
location / { proxy_set_header X-Forwarded-Host $host; proxy_set_header X-Forwarded-Server $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_pass http://127.0.0.1:8080; } On Fri, Jul 22, 2016 at 3:31 PM, Svein-Erik Løken <sv...@jacilla.no> wrote: > With my configuration with -Dtapestry.secure-enabled=true the private > String org.apache.tapestry5.internal.services. > LinkImpl::buildURI(LinkSecurity security) return the absolute URI. > > Using: > > public void contributeMetaDataLocator(MappedConfiguration<String, > String> configuration) { > configuration.add(MetaDataConstants.SECURE_PAGE, "true"); > } > With -Dtapestry.secure-enabled=true also works. > > Still need to set X-Forwarded-Proto="https" to have request.isSecure() > return true. > > Which one is the preferred method? > > S-E > > > > From: JumpStart [via Apache Tapestry Mailing List Archives] [mailto: > ml-node+s1045711n5732786...@n5.nabble.com] > Sent: 22. juli 2016 13:24 > To: Svein-Erik Løken <sv...@jacilla.no> > Subject: Re: TLS termination proxy and Tapestry > > When you say you are avoiding absolute URLs, where have you noticed this? > I can’t recall this being a problem. > > Now, I’m no expert on this kind of configuration, and its a while since I > set this all up, so forgive me if I have my wires crossed. Also, our site’s > load is small so far but growing so all of this will be up for review soon. > > In production we run pure HTTPS. We force all HTTP traffic to HTTPS by > setting this in AppModule: > > public void contributeMetaDataLocator(MappedConfiguration<String, > String> configuration) { > configuration.add(MetaDataConstants.SECURE_PAGE, "true"); > } > > We’re using mod_proxy and mod_ssl in Apache, no HAProxy. So Apache is > terminating the SSL/TLS. > > We use: > > -Dtapestry.secure-enabled=true > > We tell mod_proxy this: > > ProxyPreserveHost On > > and we use the following to convert the request to AJP, because app > preserves the HTTPS headers. > > ProxyPass /myapp ajp://app:8009/myapp retry=5 > ProxyPassReverse /myapp ajp:app:8009/myapp retry=5 > > This all works great for us. So what’s the URL issue again? > > Geoff > > >