Just re-read my last post and noticed something that could be confusing: Jrun is passing both port 80 and 8000 to the app. This is read correctly when a request.getLocalPort() is run, and the app is able to "key" off of it. Tomcat is ONLY passing port 80 when a request.getLocalPort() is performed when it should be passing both ports (80 AND 8000). This is confusing our app and is causing the page not to be completely secured (not to mention causing a pop-up for the user/browser).
Sorry for the potential confusion. Cheers, Q. Wade Billings > -----Original Message----- > From: Wade Billings [mailto:[EMAIL PROTECTED] > Sent: Monday, September 13, 2004 12:02 PM > To: Tomcat Users List > Subject: RE: Tomcat-Apache and SSL- Re-Post > > The AJP port is 8009 (stock), but the issue lies where our application > takes the port (80/8000) and determines whether or not the page is > suppose to be secure (https). Since the load balancer does all of the > SSL for us, everything is passed to the web/app server as http, and it > appears that tomcat is assuming that because it is http, it came from > port 80. Apache is currently configured to listen for http traffic on > both ports 80 and 8000. > > Jrun is able to take the port number and pass that to the app. When we > do a request.getLocalPort(), it returns port 80, when it should be > returning port 8000. > > Is there a way to tell tomcat (using the AJP/13 connector) to pass > through the port number from the requestor? Do you think that this is an > Apache, or Tomcat configuration issue? > > Again, any help is greatly appreciated. > > Cheers, > > Q. Wade Billings > > > -----Original Message----- > > From: news [mailto:[EMAIL PROTECTED] On Behalf Of Bill Barker > > Sent: Sunday, September 12, 2004 1:12 PM > > To: [EMAIL PROTECTED] > > Subject: Re: Tomcat-Apache and SSL- Re-Post > > > > If 8000 is the Apache port, then use request.getLocalPort(). If 8000 > is > > the > > AJP port, it can't be done. > > > > "Wade Billings" <[EMAIL PROTECTED]> wrote in message > > news:[EMAIL PROTECTED] > > Here is a fun one for ya all... We recently decided to migrate from a > > Jrun/Apahe platform to an Apache2.0/Tomcat5.0 platform. Everything > went > > great until we placed it into production and found that our SSL sites > > were broken. > > > > > > > > Here are the details, and forgive me, as I am not a developer so I may > > misquote some Java terminology.... Be patient... > > > > > > > > WE determine whether or not a page is secured via which port it is > > sourced from. We have a pair of load balancers, which handle all of > the > > SSL, and pass only HTTP/1.1 back to the actual web servers where the > JVM > > sits. IN order for the app to determine whether or not it is secure, > we > > source all SSL'ized traffic from port 8000. This setup works very well > > on Jrun, but not so well on Tomcat. It appears that for some reason, > the > > source port of 8000 is either lost or ignored during the > > Apache/AJP13/Tomcat conversation. > > > > > > > > What I need to be able to do is to get Tomcat to recognize that the > > source port from the load balancer has changed from port 80 to port > 8000 > > so our app will behave correctly and will present our pages as secure. > > > > > > > > Any help is greatly appreciated..... > > > > > > > > Cheers, > > > > > > > > Q. Wade Billings > > > > > > > > > > > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
