On Tue, Nov 4, 2014 at 11:47 AM, Anthony Bonafide <bonafideanth...@gmail.com > wrote:
> Hello All, > > I am using a third party load balancer which accepts HTTPS connections, > decrypts them and sends the unencrypted connection to Tomcat(SSL > Acceleration). I am currently using tomcat 5 and I am in the process of > upgrading to Tomcat 7. I am having an issue setting up Tomcat7 to accept > the connections from my load balancer. In tomcat 5 I have the 2 connectors > set up as so with everything working: > > <Connector port="8080" maxHttpHeaderSize="8192" maxPostSize="512000" > maxThreads="150" minSpareThreads="25" maxSpareThreads="75" > enableLookups="false" redirectPort="8443" acceptCount="100" > connectionTimeout="20000" disableUploadTimeout="true" /> > > <Connector port="8081" maxHttpHeaderSize="8192" maxPostSize="512000" > maxThreads="150" minSpareThreads="25" maxSpareThreads="75" > enableLookups="false" redirectPort="8444" acceptCount="100" > connectionTimeout="20000" scheme="https" proxyPort="443" > disableUploadTimeout="true" /> > > > The load balancer sends unencrypted HTTPS traffic to Tomcat via port 8081. > This is setup is n place now with the current setup so the client does not > have HTTPS changed to HTTP during a session, do to tomcat thinking the > HTTPS connection is unencrypted and it should be changed to HTTP. There is > no keystore or certs used by tomcat, all certs are placed on the load > balancer. > > During setup of Tomcat 7 I copied the previous connector setup, resolving > the following URLS I get the following responses respectively(I get the > same results with my currenttly working Tomcat5 setup): > > https://localhost:8081/ - Secure connection fails > http://localhost:8081/ - Apache Tomcat 7.0.56 page showing that everything > works. > > My settings for tomcat 7 are: > > <Connector port="8080" protocol="HTTP/1.1" > connectionTimeout="20000" > redirectPort="8443" /> > > > <Connector port="8081" protocol="HTTP/1.1" > maxThreads="150" SSLEnabled="false" scheme="https" > secure="true" > clientAuth="false" sslProtocol="TLS" proxyPort="443"/> > > > I was wondering if there is a way to setup Tomcat 7 to accept the > unencrypted request(SSL Acceleration) from the load balancer, process the > request and send back a response without changing the scheme to HTTP? > > Also as expected my load balancer is not able to establish a connection > with Tomcat7 over HTTPS port 8081. > > Any advice would be greatly appreciated. > If your load balancer is terminating SSL and properly setting "X-Forwarded-*" headers you can probably get away with one connector for HTTP traffic and the RemoveIpValve. The valve will use the X-Forwarded-* headers to modify the request object so that your apps can see if the request came in over SSL. http://tomcat.apache.org/tomcat-7.0-doc/config/valve.html#Remote_IP_Valve Dan
