On 30.11.2017 08:52, Naga Ramesh wrote:
There's one piece of information that looks suspicious to me: HTTPS from AWS to Tomcat, port 8080. While it's possible that you're doing this, 8080 is typically used to handle http requests, while 8443 would be a default choice in the 8000+ range of ports for handling https. Please confirm or deny that you have reconfigured a secure connector to listen to port 8080, otherwise it's not clear that you're indeed configuring the communication from AWS to Tomcat as an encrypted one.User --------> AWS --------> Tomcat (HTTPS) (HTTPS)User-HTTPS request----> AWS-ELB(https-443) re-direct to tomcat connector port-8080 What is the (expected) path when the user makes an HTTPS request? Is it: User --------> AWS --------> Tomcat (HTTPS) (HTTPS)
To preempt the next mail and give more information upfront: If you indeed have tomcat listen on 8080 for http, it won't have a clue that this connection is secure, because it doesn't know anything about the original connection. You can fake the knowledge about the connection to be secure with the connector attribute secure="true", but you'll have to make sure that nobody can reach your tomcat through any other way than through your load balancer when you do. Another option is to use AJP for the communication between AWS and Tomcat (I don't know if this is supported on the AWS-ELB side). While this protocol is unencrypted, it does forward the http/https information from the original connection User->AWS
Please clarify your situation. Thanks, Olaf --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
