Forgot to mention that i also have tapestry.security-enabled= false in my
app setings
On Fri, Jul 22, 2016 at 3:50 PM, Dimitris Zenios <dimitris.zen...@gmail.com>
wrote:
> This is a snippet of nginx configuration that proxies the request to
> jetty on port 8080.Via this configuration i am able to have ssl and non ssl
> versions of the tapestry application.If i want to enforce only ssl version
> of tapestry i enforce it via nginx.Hope that was helpful
>
> location / {
> proxy_set_header X-Forwarded-Host $host;
> proxy_set_header X-Forwarded-Server $host;
> proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
> proxy_set_header X-Forwarded-Proto $scheme;
> proxy_pass http://127.0.0.1:8080;
> }
>
>
> On Fri, Jul 22, 2016 at 3:31 PM, Svein-Erik Løken <sv...@jacilla.no>
> wrote:
>
>> With my configuration with -Dtapestry.secure-enabled=true the private
>> String org.apache.tapestry5.internal.services.
>> LinkImpl::buildURI(LinkSecurity security) return the absolute URI.
>>
>> Using:
>>
>> public void contributeMetaDataLocator(MappedConfiguration<String,
>> String> configuration) {
>> configuration.add(MetaDataConstants.SECURE_PAGE, "true");
>> }
>> With -Dtapestry.secure-enabled=true also works.
>>
>> Still need to set X-Forwarded-Proto="https" to have request.isSecure()
>> return true.
>>
>> Which one is the preferred method?
>>
>> S-E
>>
>>
>>
>> From: JumpStart [via Apache Tapestry Mailing List Archives] [mailto:
>> ml-node+s1045711n5732786...@n5.nabble.com]
>> Sent: 22. juli 2016 13:24
>> To: Svein-Erik Løken <sv...@jacilla.no>
>> Subject: Re: TLS termination proxy and Tapestry
>>
>> When you say you are avoiding absolute URLs, where have you noticed this?
>> I can’t recall this being a problem.
>>
>> Now, I’m no expert on this kind of configuration, and its a while since I
>> set this all up, so forgive me if I have my wires crossed. Also, our site’s
>> load is small so far but growing so all of this will be up for review soon.
>>
>> In production we run pure HTTPS. We force all HTTP traffic to HTTPS by
>> setting this in AppModule:
>>
>> public void contributeMetaDataLocator(MappedConfiguration<String,
>> String> configuration) {
>> configuration.add(MetaDataConstants.SECURE_PAGE, "true");
>> }
>>
>> We’re using mod_proxy and mod_ssl in Apache, no HAProxy. So Apache is
>> terminating the SSL/TLS.
>>
>> We use:
>>
>> -Dtapestry.secure-enabled=true
>>
>> We tell mod_proxy this:
>>
>> ProxyPreserveHost On
>>
>> and we use the following to convert the request to AJP, because app
>> preserves the HTTPS headers.
>>
>> ProxyPass /myapp ajp://app:8009/myapp retry=5
>> ProxyPassReverse /myapp ajp:app:8009/myapp retry=5
>>
>> This all works great for us. So what’s the URL issue again?
>>
>> Geoff
>>
>>
>>
>
