Re: TLS termination proxy and Tapestry

Fri, 22 Jul 2016 05:51:32 -0700 

This  is a snippet of nginx configuration that proxies the request to jetty
on port 8080.Via this configuration i am able to have ssl and non ssl
versions of the tapestry application.If i want to enforce only ssl version
of tapestry i enforce it via nginx.Hope that was helpful

    location / {
        proxy_set_header X-Forwarded-Host $host;
        proxy_set_header X-Forwarded-Server $host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_pass       http://127.0.0.1:8080;
    }


On Fri, Jul 22, 2016 at 3:31 PM, Svein-Erik Løken <sv...@jacilla.no> wrote:

> With my configuration with -Dtapestry.secure-enabled=true the private
> String org.apache.tapestry5.internal.services.
> LinkImpl::buildURI(LinkSecurity security) return the absolute URI.
>
> Using:
>
>         public void contributeMetaDataLocator(MappedConfiguration<String,
> String> configuration) {
>                 configuration.add(MetaDataConstants.SECURE_PAGE, "true");
>         }
> With -Dtapestry.secure-enabled=true also works.
>
> Still need to set X-Forwarded-Proto="https" to have request.isSecure()
> return true.
>
> Which one is the preferred method?
>
> S-E
>
>
>
> From: JumpStart [via Apache Tapestry Mailing List Archives] [mailto:
> ml-node+s1045711n5732786...@n5.nabble.com]
> Sent: 22. juli 2016 13:24
> To: Svein-Erik Løken <sv...@jacilla.no>
> Subject: Re: TLS termination proxy and Tapestry
>
> When you say you are avoiding absolute URLs, where have you noticed this?
> I can’t recall this being a problem.
>
> Now, I’m no expert on this kind of configuration, and its a while since I
> set this all up, so forgive me if I have my wires crossed. Also, our site’s
> load is small so far but growing so all of this will be up for review soon.
>
> In production we run pure HTTPS. We force all HTTP traffic to HTTPS by
> setting this in AppModule:
>
>         public void contributeMetaDataLocator(MappedConfiguration<String,
> String> configuration) {
>                 configuration.add(MetaDataConstants.SECURE_PAGE, "true");
>         }
>
> We’re using mod_proxy and mod_ssl in Apache, no HAProxy. So Apache is
> terminating the SSL/TLS.
>
> We use:
>
>         -Dtapestry.secure-enabled=true
>
> We tell mod_proxy this:
>
>         ProxyPreserveHost On
>
> and we use the following to convert the request to AJP, because app
> preserves the HTTPS headers.
>
>         ProxyPass /myapp ajp://app:8009/myapp retry=5
>         ProxyPassReverse /myapp ajp:app:8009/myapp retry=5
>
> This all works great for us. So what’s the URL issue again?
>
> Geoff
>
>
>

Reply via email to