Thanks for the explanation. - We get a HTTP/1.1 302 Moved Temporarily. - We are using HTTP proxying - In this case we consider the our own network secure enough, so option 3 you listed will be the way to go.
Jan-Willem Christopher Schultz-2 wrote: > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Jan-Willem, > > On 12/13/11 9:27 AM, jwklomp wrote: >> I'm having a problem that the all request get redirected from https >> to http. > > Do you mean that requests to https://host/path get redirected (with a > 30x response) to http://host/path? Or do you mean that URLs that your > webapp builds and puts onto pages are http://host/path and not > https://host/path? > > How have you connected IIS to Tomcat? Are you using mod_jk (AJP > protocol) or are you using HTTP proxying? > >> I'm assuming this is because the application is listening on the >> Tomcat default http port. > > The port number is not relevant. > >> As the communication between the LB and IIS/Tomcat is http I don't >> think I can change this(?). > > Well, that depends upon what you want to do. You can: > > 1. Use HTTPS between IIS and Tomcat. You should do this if you either > don't trust the network between the lb and your app server, or if > you are working with very sensitive data and *shouldn't* trust your > network. > > 2. Secure the communication in other ways (essentially, use non-HTTP SSL > between the endpoints). See reasons from #1 above. This is more > complicated but might get you a tiny bit of extra performance. > > 3. Configure your server such that HTTP traffic behind the lb is > considered to be HTTPS. Chuck pointed out that using secure="true" > on the connector accomplishes this, and it's appropriate to use > this configuration for this case: that's what it's there for. > >> Is there a way to prevent this redirect from https to http? Or is >> this only possible if the certificate is installed in Tomcat and >> Tomcat listens on a https port? > > Nope, SSL termination at the lb is standard operating procedure. You > just have to configure things appropriately. > > - -chris > -----BEGIN PGP SIGNATURE----- > Version: GnuPG/MacGPG2 v2.0.17 (Darwin) > Comment: GPGTools - http://gpgtools.org > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ > > iEYEARECAAYFAk7nu9wACgkQ9CaO5/Lv0PCL8QCgwJWt8e/QwYN5ip0iWbdZgdRB > MVYAniN3XussouUZ2MGm1tX4Wbue4876 > =UkaD > -----END PGP SIGNATURE----- > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > > > -- View this message in context: http://old.nabble.com/Tomcat-with-certificate-on-load-balances---prevending-redirect-https-http-tp32966487p32972690.html Sent from the Tomcat - User mailing list archive at Nabble.com. --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
