>> Not contradicting anything Daniel is saying, but maybe something to add,
> and maybe that's the missing part of the original puzzle :
>
> If Tomcat is expecting HTTPS requests on port 8443, then any re-direct or
> response that it is sending back is going to include that port number after
> the hostname.
> (even inside the pages, if you use absolute URL links there).
> So the browser who ultimately receives this, is going to try to talk to
> port 8443.
> But that will not work, if your front-end is expecting further requests on
> port 443, and blocks 8443.
> Unless in all your Tomcat responses, you arrange to replace any reference
> to port 8443, by 443, before they reach the browser again.
>
> Maybe using a browser plugin like HttpFox, LiveHttpHeaders or Fiddler2
> would allow you to see more clearly what is going on there.
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>
Well, that's the part that seems confusing. Left as default, I would have
thought connecting through the LB on 8443 would have worked. Actually I'm
still not clear on which part of the chain is having a problem. Originally,
I had no iptable redirect - I just added it in the great tradition of
programming - try everything and anything until it works. I don't care if
the user has to have 8443 in the URL. Just to be clear, you are suggesting
that then problem would be the iptables redirect?
