Konstantin: Thank you very much for your reply. To answer your question 1. The api-lb and lb-api was a typo.
2. I was able to reproduce this problem with a single server behind the load balancer. Where http://lb-test-api:8080 was set to forward to https://lb-test-api:8443 using vip. On the test server, 8080 was redirect to 8443 in server.xml and modified web.xml as described in tomcat doc. My war file's web.xml also included <security-constraint> section. With these settings, my Post request to http://my-test-api:8080 was automatically redirect to https://my-test-api:8443 with no problem. The Post is a REST webservice call so single response was received. Inside the access log, when post via the load balancer 10.166.27.33 - - [19/Jan/2017:11:21:27 -0800] 8443 "GET /theacturalapicallurl HTTP/1.1" 405 1045 When post directly to the my-test-api:8080, the access log got recorded as 10.20.96.62 - - [19/Jan/2017:11:28:15 -0800] 8080 "POST /theacturalapicallur HTTP1.1l" 201 277 3. Here is my setup --------(load balancer) ----------------(my-test-api) This looks to me like Tomcat is performing the POST Redirect GET when there is a proxy and the call was redirected to prevent the server from MITM attack. Hopefully this clarifies my question, Thank you very much, Bin -----Original Message----- From: Konstantin Kolinko [mailto:knst.koli...@gmail.com] Sent: Wednesday, January 18, 2017 11:43 PM To: Tomcat Users List <users@tomcat.apache.org> Subject: Re: https redirect failed for POST request when behind a load balancer 1. You know that "api-lb" and "lb-api" above are two different host names? 2. What HTTP response code is send to client to perform the redirection? (What is displayed by access log? Or by "network" monitoring tool in browser. What are actual responses to perform the redirection). Some response codes used for redirects allow the browser to change POST to GET, some do not. See the HTTP protocol specification for details. https://urldefense.proofpoint.com/v2/url?u=https-3A__wiki.apache.org_tomcat_Specifications&d=DwIFaQ&c=uilaK90D4TOVoH58JNXRgQ&r=T34XNMuHs99f3YkStEdBgUp9XTcpTRir8U9GVk2H5hQ&m=g9XvhdAG4g80Ajw7i4CvF3kysWtESxDF6NFX8j630c8&s=mOjl8_uOfuo3lfn8xDS6jwCZao9az7SjXLxgAh-2Twc&e= Is redirect performed by a single response, or there are several redirect responses in a chain, A -> B -> C/ ? 3. Actual configuration? (For someone else to reproduce the issue or to match your tale to their configs). Best regards, Konstantin Kolinko --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
