Am 01.10.2014 19:18, schrieb Christopher Schultz:
-----BEGIN PGP SIGNED MESSAGE-----
...
What I'm mainly looking for is a way to say "the incoming
connection (from ELB) is HTTP and I want to pretend that the
connection is HTTPS".
Then the easier solution seems using ELB for SSL termination and
using the X-Forwarded-Proto header, passing from apache to tomcat
Yes. Just looking for a way to say "oh, the connection is also encrypted".
If I remember correctly this needs only one line in Apache httpd to
forward it to Tomcat
SetEnvIf X-Forwarded-Proto https HTTPS=on
mod_jk should use this information and mark it as a secure connection
for you. Then you can require a secure connection in your webapp web.xml
or check it in httpd with the same environment variable:
Order Deny,Allow
Deny from all
Allow from env=HTTPS
If the httpd is only a helper process to pass this information to Tomcat
you can also use the Proxy-Valves:
http://tomcat.apache.org/tomcat-7.0-doc/config/valve.html#Proxies_Support
Something like this should serve your purpose:
<Valve
className="org.apache.catalina.valves.RemoteIpValve"
protocolHeader="x-forwarded-proto"
portHeader="x-forwarded-port"
/>
Togehter with transport-guarantee CONFIDENTIAL in your web.xml this
would eliminate the need to configure anything on Apache httpd at all.
- Stefan
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
