On 30.11.2017 08:52, Naga Ramesh wrote:
User --------> AWS --------> Tomcat
(HTTPS) (HTTPS)
User-HTTPS request----> AWS-ELB(https-443) re-direct to tomcat connector
port-8080
What is the (expected) path when the user makes an HTTPS request? Is it:
User --------> AWS --------> Tomcat
(HTTPS) (HTTPS)
There's one piece of information that looks suspicious to me: HTTPS from
AWS to Tomcat, port 8080. While it's possible that you're doing this,
8080 is typically used to handle http requests, while 8443 would be a
default choice in the 8000+ range of ports for handling https. Please
confirm or deny that you have reconfigured a secure connector to listen
to port 8080, otherwise it's not clear that you're indeed configuring
the communication from AWS to Tomcat as an encrypted one.
To preempt the next mail and give more information upfront: If you
indeed have tomcat listen on 8080 for http, it won't have a clue that
this connection is secure, because it doesn't know anything about the
original connection. You can fake the knowledge about the connection to
be secure with the connector attribute secure="true", but you'll have to
make sure that nobody can reach your tomcat through any other way than
through your load balancer when you do. Another option is to use AJP for
the communication between AWS and Tomcat (I don't know if this is
supported on the AWS-ELB side). While this protocol is unencrypted, it
does forward the http/https information from the original connection
User->AWS
Please clarify your situation. Thanks,
Olaf
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org