I've got an F5 load balancer running version 9.3 of the software.
I've got several Tomcat installations behind it.
The F5 does all SSL and clear traffic as a reverse proxy, rewriting
headers as needed for cookies and whatnot.
I have one connector on 8080 for the clear traffic.
My problem: I tried to add another connector on 8081 setting secure to
true so that the HttpServletRequest would say, yup, this is a secure
connection and tell the 8080 connector 8081 is the secure address it
should use when trying to upshift to higher security.
When I did this and started Tomcat up, it whined about not being able to
open up my keystore.
I want all my SSL to offloaded and keep the keys out of each machine and
centrally managed. I *just* want to get the servlets to believe the
connection is secure. This is analogous to HTTPd doing the SSL offload
with the mod_jk connector.
Also, the header X-Forwarded-For is set by the F5 and I'd like the
Connector to also give out this IP instead of the load balancer's.
Any ideas short of recompiling Tomcat with a modified connector? Anyone
else faced this problem?
thanks,
greg
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
