-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Jan-Willem,
On 12/13/11 9:27 AM, jwklomp wrote: > I'm having a problem that the all request get redirected from https > to http. Do you mean that requests to https://host/path get redirected (with a 30x response) to http://host/path? Or do you mean that URLs that your webapp builds and puts onto pages are http://host/path and not https://host/path? How have you connected IIS to Tomcat? Are you using mod_jk (AJP protocol) or are you using HTTP proxying? > I'm assuming this is because the application is listening on the > Tomcat default http port. The port number is not relevant. > As the communication between the LB and IIS/Tomcat is http I don't > think I can change this(?). Well, that depends upon what you want to do. You can: 1. Use HTTPS between IIS and Tomcat. You should do this if you either don't trust the network between the lb and your app server, or if you are working with very sensitive data and *shouldn't* trust your network. 2. Secure the communication in other ways (essentially, use non-HTTP SSL between the endpoints). See reasons from #1 above. This is more complicated but might get you a tiny bit of extra performance. 3. Configure your server such that HTTP traffic behind the lb is considered to be HTTPS. Chuck pointed out that using secure="true" on the connector accomplishes this, and it's appropriate to use this configuration for this case: that's what it's there for. > Is there a way to prevent this redirect from https to http? Or is > this only possible if the certificate is installed in Tomcat and > Tomcat listens on a https port? Nope, SSL termination at the lb is standard operating procedure. You just have to configure things appropriately. - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk7nu9wACgkQ9CaO5/Lv0PCL8QCgwJWt8e/QwYN5ip0iWbdZgdRB MVYAniN3XussouUZ2MGm1tX4Wbue4876 =UkaD -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
