In Tomcat 6.0.x you can do
<Connector
port="8081"
SSLEnabled="false"
secure="true"
scheme="https"
...>
In Tomcat 5.5.x you can write a Filter that creates a
HttpServletRequestWrapper, that returns true on isSecure, and https on
getScheme
or you can take a look at org.apache.catalina.valves.SSLValve, which
reads headers set by the server in front, most commonly apache httpd
Filip
Gregory Gerard wrote:
I've got an F5 load balancer running version 9.3 of the software.
I've got several Tomcat installations behind it.
The F5 does all SSL and clear traffic as a reverse proxy, rewriting
headers as needed for cookies and whatnot.
I have one connector on 8080 for the clear traffic.
My problem: I tried to add another connector on 8081 setting secure to
true so that the HttpServletRequest would say, yup, this is a secure
connection and tell the 8080 connector 8081 is the secure address it
should use when trying to upshift to higher security.
When I did this and started Tomcat up, it whined about not being able
to open up my keystore.
I want all my SSL to offloaded and keep the keys out of each machine
and centrally managed. I *just* want to get the servlets to believe
the connection is secure. This is analogous to HTTPd doing the SSL
offload with the mod_jk connector.
Also, the header X-Forwarded-For is set by the F5 and I'd like the
Connector to also give out this IP instead of the load balancer's.
Any ideas short of recompiling Tomcat with a modified connector?
Anyone else faced this problem?
thanks,
greg
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
