On 30/11/17 08:25, Naga Ramesh wrote:
<snip/>
> I have tried this way (secure="true") also, but application is working fine
> but we are unable to login the application & getting the oops session
> expired error message, so I have reverted this parameter.
OK. For this to work you need Tomcat to be able to distinguish whether
the request it is processing was sent by the user over HTTP or HTTPS.
You have three options.
1. Use AJP for the AWS ELB to Tomcat connection.
2. Configure Tomcat with two HTTP connectors.
Currently you have:
<Connector port="8080"
protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="8443" />
with AWS ELB proxing HTTP (port 80) and HTTPS (port 443) over HTTP to
port 8080 on Tomcat.
For this option you need this:
<Connector port="8080"
protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="8443" />
<Connector port="8443"
secure="true"
protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="8443" />
You then configure AWS
- to proxy HTTP (port 80) over HTTP to port 8080 on Tomcat
- to proxy HTTPS (port 443) over HTTP to port 8443 on Tomcat
Depending on how smart AWS ELB is, you might need to add scheme="https"
to the second connector.
3. Configure Tomcat to use the SSLValve and AWS to inject the necessary
HTTP headers into the proxied request.
My recommendation is that you use option 2.
Mark
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
