-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 David,
On 1/19/17 10:38 AM, David P. Caldwell wrote: > I'm trying to forward HTTPS requests through a Tomcat HTTP (or > HTTPS) server to a backend HTTPS server. > > The requests are initiated by a Java HTTP client > (java.net.URLConnection-based). > > So I have: > > backend HTTPS server (which works) Tomcat server running HTTP and > HTTPS connectors Java HTTPUrlConnection, using Tomcat HTTP > connector as a proxy > > The Java client can successfully: > > * use the backend HTTPS server directly * use the Tomcat HTTP > connector * use the Tomcat HTTPS connector > > For my scenario, I think using the HTTP connector to proxy is > correct, though I've also tried using the HTTPS connector. > > I'm not an expert on SSL or HTTPS. The HTTPS connector doesn't > work, but my understanding is that using it doesn't make sense; the > trust relationship is end-to-end, so you'd use ordinary HTTP to > proxy in between. It ends up with an unexpected EOF from server or > something. > > Assuming the HTTP connector is the right one to use, here's my > problem: Tomcat returns a 400 Bad Request when I attempt to request > an https: URL via an ordinary HTTP request to the HTTP connector. > > Conceptually, it seems like this ought to be fine, to me, but as I > said, my understanding of the concepts is a bit murky, so I might > be wrong. > > Am I on the right track? If so, is there something configurable > that will allow those requests to be forwarded rather than > rejected? So you've got this? client -- HTTP --> Tomcat proxy -- HTTPS --> backend server ? Or this? client -- HTTPS --> Tomcat proxy -- HTTP --> backend server ? Please post as much of your configuration (<Connector>, proxy) as you ca n. Also, what is the purpose of the HTTPS wherever it is being used? It is for privacy or for authentication (or both)? - -chris -----BEGIN PGP SIGNATURE----- Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJYgOyLAAoJEBzwKT+lPKRYcJ0P/jxtmltsNpilxkYnbTFopTFl 87GqViuIQOXdi/2EzP9jJhdieBv7XwIAI81hJ4qWCdUhANtxNoPeaytZPR2+E6hT 4zUC0x4ez4E9S2lUkhk7XcSr/0+hAM0rLd1TChJi0+tweZjWyaeCAbbdLHhjPb+e SRAs4Tz2qs0Y7i3qu3nV6VWt5u2eBEspogFHT8FXjXLYx/VPQOR9/60mnEDsaEek gC4Xqh5vMABd7Tcyslp0kfKrFEKjAgoej2cQ+p96faITV7X9ji0z35uvSwNErfD0 iIruVVUfe8MSBRR8jwpLor6ORAL3dZ0FmKegxjAOJ897eIv3hO6rS2JqmT3Ju1Ez dczMIIJA7c92xk4UINlMrTRit8MXJoOuJSR778pRS/j8WirNGw1y66U2U8Z3KZeM 4tDKpIwwXx2HX0Mrag/m3UB5Y59UNX/5TVJQr+2GhcvIHOXK1cWUmFOdZtbwD5Xc a7HpZDuMNSrxZjzrfWg18EMl2IfGLWllW6Qs73e+VO3cC8tlbQzjO0RQowl2e867 twZO8zXvGVrxtJcezaq1dRzPQDVRIVbedBAxNuN20JkdaWMcxGkBjsIiw99Vp4V7 XgX+5+6ZeLAFHhVyoAVFumL4Rr585PzloiZLQcOUGosqqreVh4L2Yp5YRfgOojOU EPPtfY44QI4Jq3SwTLCr =938w -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
