Thank you so much, Kalle. I was already thinking that the BaseURLSource code
wasn't being used, but I didn't know why.
I added a new tomcat server to our production environment and set the proxyName
and proxyPort to the values I needed them to be. Still wasn't quite right, but
adding scheme="ht
Took the s out, and it still doesn't appear to be using my BaseURLSource
implementation. I made a standalone class and tried with that as well, and it
made no difference, as expected.
I don't understand why this is not working like the documentation says that it
should.
--Michael
On Sep 19, 2
Sorry, I only did cursory reading of your problem but not sure the
solutions given do anything for you. Your BaseURLSource override looks
ok but are you using container managed security? Because if you are,
baseurlsource never even enters the picture. You get the ip address as
the servername becaus
Indeed, your BaseURLSource solution should have worked fine.
I see you accidentally typed an extra "s" at the end of
"contributeServiceOverrides" but it should have worked anyway since you
used a @Contribute annotation... try removing the extra "s" ?
On Mon, 19 Sep 2011 20:44:13 +0200, Mich
I will look into this because I'm getting desperate. If I can't get this to
work, I'm going to have to rewrite the app using JSPs over the next week.
Obviously, I don't want to do that.
I understand that this comes at it from the apache/tomcat side, and as I said,
I will look into it. However,
This applies to any situation involving a proxy, regardless of SSL.
As I understand your problem, Tomcat does not know its own publicly
exposed protocol/hostname/port, and therefore produces erroneous
links/redirects.
The cause of this is that Tomcat only sees the request sent by the Apache
Made some progress in our staging system. Unfortunately, I don't think it is
going to work in production.
I added the following virtual host configuration to Apache:
Redirect /test_site https://stage.mysite.com/test_site
Now it seems to stay on 443, although it is really just redirecting,
Just reread this email from Denis, and I do understand the need for the full
URL. Thank you, Denis.
I still don't understand why my implementation of BaseURLSource isn't working,
however.
--Michael
On Sep 19, 2011, at 4:26 AM, Denis Delangle wrote:
> Hello,
>
> As https is managed by your lo
I added
configuration.add("tapestry.secure-enabled", "false");
to AppModule.contributeApplicationDefaults.
Unfortunately, it didn't seem to make any difference. In production when the
login form submits, the url changes from
https://secure.mysite.com
to
http://10.180.54.90:8080
which is
If your load balancer handles all of your SSL, you should not worry at all
about secureEnabled (disable it)
and it should all work like a champ.
On Sep 19, 2011, at 11:08 AM, Michael Molloy wrote:
> Unless I'm misunderstanding, I don't think this would apply since all SSL is
> being handled at
Unless I'm misunderstanding, I don't think this would apply since all SSL is
being handled at the load balancer, correct? I apologize, I think I introduced
that confusion at the beginning.
--Michael
On Sep 19, 2011, at 9:52 AM, Martin Strand wrote:
> Typically, when SSL is offloaded to an Apac
The line
>
is commented out in server.xml, so I think you're right, it is the standard
HTTP listener connector.
So is there something on the Tomcat side that needs to change, or is it on the
Apache side?
--Michael
On Sep 19, 2011, at 9:52 AM, Robert Zeigler wrote:
> Looks like you're not
Typically, when SSL is offloaded to an Apache proxy, that proxy should add
a number of X-Forwarded-* headers to any requests sent to the backend.
The servlet container then uses those headers to set up request.scheme,
request.secure, request.remotAddr, etc so that they match the original
requ
Looks like you're not using AJP; that looks like the standard HTTP listener
connector, and the config in apache looks like apache doing the balancing
directly, rather than the AJP worker doing the balancing. You can check for a
line like this in your server.xml file:
The most important part
Unfortunately, the Apache expert is no longer here. Does the following code
from my tomcat server.xml file answer your question? I don't think we're using
AJP or anything else. It looks to me like the Apache server is just sending it
to Tomcat over port 8080.
The corresponding
I have a similar setup and it works without BaseURLSource override.
What I do is use AJP protocol to communicate between apache and Tomcat.
What's your communication medium between apache and tomcat?
On Sep 19, 2011, at 1:50 AM, Michael Molloy wrote:
> I have my first Tapestry application ready f
Hello,
As the SSL part is totally managed by the load balancer, you could
simply disable security check in Tapestry using the symbol
tapestry.secure-enabled = false (default value is the same as
tapestry.production-mode, this is maybe why you don't have any problem
on other servers where tapestry.
Thanks, I was too sleepy (and desperate) to remember that last night. There is
no SSL going on between the apache server and the tomcat server.
Concerning the proxy link you listed below, there are already several
production non-Tapestry apps running in this configuration, and none of them
have
Hello,
As https is managed by your load balancer, you don't think you need to
add @secure annotations on Tapestry pages. Communication between load
balancer and tomcat is done in HTTP
Even if you stay all the time in https, Tapestry needs to send
redirects to clients on form submissions (GET after
that page you are referring to says: "If you want to make your entire
application secure: " and then a method to add to you appModule.
If you do that (at least it was here the case) everything should work with
https & relative urls ...
--
View this message in context:
http://tapestry.104571
The URL for the login form does not contain the full URL to the server, so
why does Tapestry respond with the IP address?
--Michael
On Mon, Sep 19, 2011 at 1:07 AM, Michael Molloy wrote:
> One other thought. Looking over the http://tapestry.apache.org/https.htmlpage
> again, I notice that it is
One other thought. Looking over the http://tapestry.apache.org/https.html page
again, I notice that it is saying there is a need for that method if your
application has some pages that are secure and others that are not. In my case,
all of mine are secure, so I would think I could just use relat
22 matches
Mail list logo
