With my configuration with -Dtapestry.secure-enabled=true the private String
org.apache.tapestry5.internal.services. LinkImpl::buildURI(LinkSecurity
security) return the absolute URI.
Using:
public void contributeMetaDataLocator(MappedConfiguration<String,
String> configuration) {
configuration.add(MetaDataConstants.SECURE_PAGE, "true");
}
With -Dtapestry.secure-enabled=true also works.
Still need to set X-Forwarded-Proto="https" to have request.isSecure() return
true.
Which one is the preferred method?
S-E
From: JumpStart [via Apache Tapestry Mailing List Archives]
[mailto:[email protected]]
Sent: 22. juli 2016 13:24
To: Svein-Erik Løken <[email protected]>
Subject: Re: TLS termination proxy and Tapestry
When you say you are avoiding absolute URLs, where have you noticed this? I
can’t recall this being a problem.
Now, I’m no expert on this kind of configuration, and its a while since I set
this all up, so forgive me if I have my wires crossed. Also, our site’s load is
small so far but growing so all of this will be up for review soon.
In production we run pure HTTPS. We force all HTTP traffic to HTTPS by setting
this in AppModule:
public void contributeMetaDataLocator(MappedConfiguration<String,
String> configuration) {
configuration.add(MetaDataConstants.SECURE_PAGE, "true");
}
We’re using mod_proxy and mod_ssl in Apache, no HAProxy. So Apache is
terminating the SSL/TLS.
We use:
-Dtapestry.secure-enabled=true
We tell mod_proxy this:
ProxyPreserveHost On
and we use the following to convert the request to AJP, because app preserves
the HTTPS headers.
ProxyPass /myapp ajp://app:8009/myapp retry=5
ProxyPassReverse /myapp ajp:app:8009/myapp retry=5
This all works great for us. So what’s the URL issue again?
Geoff
