My feeling is that it's for SSL/HTTPS set up in Jetty/Tomcat etc (no proxy in front needed) use:
public void contributeMetaDataLocator(MappedConfiguration<String, String> configuration) { configuration.add(MetaDataConstants.SECURE_PAGE, "true"); } -- or secure pages with annotation: @Secure -- or folders with: public void contributeMetaDataLocator(MappedConfiguration<String,String> configuration) { configuration.add("admin:" + MetaDataConstants.SECURE_PAGE, "true"); } If behind a TLS termination proxy use: tapestry.security-enabled= false The latter seems most intuitive also, because pages are unsecured in the tapestry application/servlet. The TLS termination proxy takes care of the security. From: Dimitris Zenios [via Apache Tapestry Mailing List Archives] [mailto:ml-node+s1045711n573279...@n5.nabble.com] Sent: 22. juli 2016 14:52 To: Svein-Erik Løken <sv...@jacilla.no> Subject: Re: TLS termination proxy and Tapestry Forgot to mention that i also have tapestry.security-enabled= false in my app setings On Fri, Jul 22, 2016 at 3:50 PM, Dimitris Zenios </user/SendEmail.jtp?type=node&node=5732791&i=0> wrote: > This is a snippet of nginx configuration that proxies the request to > jetty on port 8080.Via this configuration i am able to have ssl and non ssl > versions of the tapestry application.If i want to enforce only ssl version > of tapestry i enforce it via nginx.Hope that was helpful > > location / { > proxy_set_header X-Forwarded-Host $host; > proxy_set_header X-Forwarded-Server $host; > proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; > proxy_set_header X-Forwarded-Proto $scheme; > proxy_pass <a > href="http://127.0.0.1:8080;">http://127.0.0.1:8080; > } > > > On Fri, Jul 22, 2016 at 3:31 PM, Svein-Erik Løken > </user/SendEmail.jtp?type=node&node=5732791&i=1> > wrote: > >> With my configuration with -Dtapestry.secure-enabled=true the private >> String org.apache.tapestry5.internal.services. >> LinkImpl::buildURI(LinkSecurity security) return the absolute URI. >> >> Using: >> >> public void contributeMetaDataLocator(MappedConfiguration<String, >> String> configuration) { >> configuration.add(MetaDataConstants.SECURE_PAGE, "true"); >> } >> With -Dtapestry.secure-enabled=true also works. >> >> Still need to set X-Forwarded-Proto="https" to have request.isSecure() >> return true. >> >> Which one is the preferred method? >> >> S-E >> >> >> >> From: JumpStart [via Apache Tapestry Mailing List Archives] [mailto: >> /user/SendEmail.jtp?type=node&node=5732791&i=2] >> Sent: 22. juli 2016 13:24 >> To: Svein-Erik Løken </user/SendEmail.jtp?type=node&node=5732791&i=3> >> Subject: Re: TLS termination proxy and Tapestry >> >> When you say you are avoiding absolute URLs, where have you noticed this? >> I can’t recall this being a problem. >> >> Now, I’m no expert on this kind of configuration, and its a while since I >> set this all up, so forgive me if I have my wires crossed. Also, our site’s >> load is small so far but growing so all of this will be up for review soon. >> >> In production we run pure HTTPS. We force all HTTP traffic to HTTPS by >> setting this in AppModule: >> >> public void contributeMetaDataLocator(MappedConfiguration<String, >> String> configuration) { >> configuration.add(MetaDataConstants.SECURE_PAGE, "true"); >> } >> >> We’re using mod_proxy and mod_ssl in Apache, no HAProxy. So Apache is >> terminating the SSL/TLS. >> >> We use: >> >> -Dtapestry.secure-enabled=true >> >> We tell mod_proxy this: >> >> ProxyPreserveHost On >> >> and we use the following to convert the request to AJP, because app >> preserves the HTTPS headers. >> >> ProxyPass /myapp ajp://app:8009/myapp retry=5 >> ProxyPassReverse /myapp ajp:app:8009/myapp retry=5 >> >> This all works great for us. So what’s the URL issue again? >> >> Geoff >> >> >> > ________________________________________ If you reply to this email, your message will be added to the discussion below: http://apache-tapestry-mailing-list-archives.1045711.n5.nabble.com/TLS-termination-proxy-and-Tapestry-tp5732774p5732791.html To unsubscribe from mailto:users@tapestry.apache.org Mailing List Archives, http://apache-tapestry-mailing-list-archives.1045711.n5.nabble.com/template/NamlServlet.jtp?macro=unsubscribe_by_code&node=2375125&code=c3ZlaW5AamFjaWxsYS5ub3wyMzc1MTI1fC0xNTM4NzY2ODg4. http://apache-tapestry-mailing-list-archives.1045711.n5.nabble.com/template/NamlServlet.jtp?macro=macro_viewer&id=instant_html%21nabble%3Aemail.naml&base=nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.view.web.template.NodeNamespace&breadcrumbs=notify_subscribers%21nabble%3Aemail.naml-instant_emails%21nabble%3Aemail.naml-send_instant_email%21nabble%3Aemail.naml