It was the load balancer configuration that needed further
configurations. Now it works as it should. Thanks for all the help.
Br,
Kim
2019-06-17 11:14 skrev Dmitry Gusev:
Show configuration of the app server for the header?
Tomcat, for example, needs custom valve to acknowledge x-forwarded
headers.
On Mon, Jun 17, 2019 at 9:36 AM Kim Syväluoma <kim....@aland.net>
wrote:
We have now added the X-Forwarded-Proto and X-Forwarded-For to the
requests but we still get 302 loop:
GET /ngm/start HTTP/1.1
Host: bo-ci.eget.fi [1]
Connection: keep-alive
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5)
AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169
Safari/537.36
Accept:
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9,sv;q=0.8,fi;q=0.7,lv;q=0.6,es;q=0.5
Cookie: _ga=GA1.2.2095789035.1543389393;
AMCV_A5A139F7569D5CB57F000101%40AdobeOrg=1406116232%7CMCIDTS%7C17864%7CMCMID%7C21405024211598008102491243369473793569%7CMCAAMLH-1543994214%7C6%7CMCAAMB-1543994214%7CRKhpRz8krg2tLO6pguXWp5olkAcUniQYPHaMWWgdJ3xzPWQmdj0y%7CMCOPTOUT-1543396614s%7CNONE%7CMCAID%7CNONE%7CvVersion%7C2.5.0;
_gcl_au=1.1.558442318.1553672462;
__cfduid=d3fcfc204dc54bf4c4d94a53ee955a6581557830653;
NGM=g49j5fJxzz-XyMWzYBJ4YoebaB8rgEwPw_gG2tEjudRZqYbykvGY!-2115956942
X-Forwarded-For: 10.5.128.233
X-Forwarded-Proto: https
HTTP/1.1 302 Moved Temporarily
Connection: close
Date: Mon, 17 Jun 2019 06:23:19 GMT
Transfer-Encoding: chunked
Location: https://bo-ci.eget.fi/ngm/start
0103
<html><head><title>302 Moved Temporarily</title></head>
<body bgcolor="#FFFFFF">
<p>This document you requested has moved
temporarily.</p>
<p>It's now at <a
href="https://bo-ci.eget.fi/ngm/start";>https://bo-ci.eget.fi/ngm/start</a>.</p>
</body></html>
0000
Any more tips?
Br,
Kim
2019-06-14 12:24 skrev Kim Syväluoma:
Thanks for the answers. We will try adding the "X-Forwarded-Proto:
https" header to our requests.
/Kim
2019-06-14 11:34 skrev Chris Poulsen:
Hi,
We use:
// default to non-secure pages (allows us to support both http
and
https
based on the request)
configuration.add( SymbolConstants.SECURE_ENABLED, "false" );
And always have an upstream proxy for performing SSL termination.
This
relies on the X-Forward-* headers being set and handled correctly
by
the
various servers.
--
Chris
On Fri, Jun 14, 2019 at 10:06 AM Dmitry Gusev
<dmitry.gu...@gmail.com>
wrote:
Hi,
I'd suggest to check value of `Request#isSecure()`, it looks
like
it's
false.
It can happen if your WebSphere is behind a proxy/load balancer
which
terminates SSL,
in this case you may need to configure WebSphere to acknowledge
the
x-forwarded-proto HTTP header.
On Fri, Jun 14, 2019 at 9:17 AM Kim Syväluoma
<kim....@aland.net>
wrote:
We have a Tapestry application which we need to use over HTTPS
only. We
are using Weblogic only.
We have these set in the AppModule of the Tapestry
application:
public static void contributeApplicationDefaults(
final MappedConfiguration<String, String>
configuration) {
configuration.add("tapestry.supported-locales", "en");
configuration.add("tapestry.start-page-name", "start");
configuration.add(SymbolConstants.HOSTPORT_SECURE,
"443");
configuration.add(SymbolConstants.SECURE_ENABLED,
"true");
}
public static void contributeMetaDataLocator(final
MappedConfiguration<String, String> configuration) {
configuration.add(MetaDataConstants.SECURE_PAGE, "true");
}
In the Start page we have a redirect like this:
final Object onActivate() {
if (!this.sessionHandler.isLoggedIn()) {
return this.loginPage;
}
return this.mainFrameSet;
}
We we try to access our app by HTTPS at root or directly at
the start
page, loginPage or mainFrameSet page we get infinite redirect
loop (302)
to the same page we are accessing.
If we set the MetaDataConstants.SECURE_PAGE to false we can
access our
app over HTTPS but all page requests/links within the app is
then done
over HTTP and that does not work.
We need to have all functionality within the app to work over,
and using
only, HTTPS.
What have we missed?
Br,
Kim
--
Dmitry Gusev
AnjLab Team
http://anjlab.com
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org
For additional commands, e-mail: users-h...@tapestry.apache.org
--
Dmitry Gusev
AnjLab Team
http://anjlab.com
Links:
------
[1] http://bo-ci.eget.fi
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org
For additional commands, e-mail: users-h...@tapestry.apache.org
