John Smith wrote:
Not contradicting anything Daniel is saying, but maybe something to add,
and maybe that's the missing part of the original puzzle :
If Tomcat is expecting HTTPS requests on port 8443, then any re-direct or
response that it is sending back is going to include that port number after
the hostname.
(even inside the pages, if you use absolute URL links there).
So the browser who ultimately receives this, is going to try to talk to
port 8443.
But that will not work, if your front-end is expecting further requests on
port 443, and blocks 8443.
Unless in all your Tomcat responses, you arrange to replace any reference
to port 8443, by 443, before they reach the browser again.
Maybe using a browser plugin like HttpFox, LiveHttpHeaders or Fiddler2
would allow you to see more clearly what is going on there.
Well, that's the part that seems confusing. Left as default, I would have
thought connecting through the LB on 8443 would have worked. Actually I'm
still not clear on which part of the chain is having a problem. Originally,
I had no iptable redirect - I just added it in the great tradition of
programming - try everything and anything until it works. I don't care if
the user has to have 8443 in the URL. Just to be clear, you are suggesting
that then problem would be the iptables redirect?
No, I am not really going that far. I am suggesting that that may be the kind of thing
that is happening, and that you may want to investigate with a browser plugin, that the
requests/responses are really what you are expecting.
Your initial explanation was a bit confusing and lacking in precise details, as to what
the load balancer really does, where IPtables does what, and how your tomcats are
configured (re Connectors, and possibly IPtables too). So we're all kind of guessing
here, and just trying to give you some tips, to either simplify your setup, or to figure
out better what is happening.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
