4 Replies Latest reply on Aug 13, 2012 7:32 AM by nesyarug

    Configure HTTPS Connector without SSL?

    nesyarug

      Hi everyone,

       

      Is it possible to configure an HTTPS Connector without SSL?

       

      I.e.:

       

      <connector name="https" protocol="HTTP/1.1" scheme="https" socket-binding="https" secure="true"/>

       

      without ssl sub-element?

       

      Reason I'm asking as I'm fronting JBoss with a web server and ideally would like to terminate SSL there. However, my Spring application in JBoss still needs to detect the correct incoming scheme (HTTP vs HTTPS) in order to redirect users to secure pages (or back to non-secure).

       

      I've tried the above configuration and can't see anything in the logs that would indicate a problem with that configuration (I do get Starting Coyote HTTP/1.1 on http--127.0.0.1-8443 which I'm not sure is good or bad!).

       

      However, any HTTPS requests to the webserver time out with a Bad Gateway.

       

      Any help appreciated.

       

      Nes

        • 1. Re: Configure HTTPS Connector without SSL?
          ctomc

          Hi,

           

          it is possible, but bit different

           

          on apache where you terminate ssl, you change the way server connects to backend to use AJP or mod_proxy instead of just proxying to http/https.

          you might be required to add ajp connector or configure mod_cluster subsystem to do this.

           

          This way you will be able to to get info about ssl on backend without having SSL terminated on it.

           

           

          --

          tomaz

          • 2. Re: Configure HTTPS Connector without SSL?
            nesyarug

            Hi Tomaz,

             

            Thanks for the reply. The web server I'm using is Nginx.

             

            I did some further searching and found some examples setting a X-Forwarded-Proto header in Nginx to https and then forwarding to JBoss (or "Java server", the examples didn't mention JBoss specifically).

             

            So I have now made those configuration changes in Nginx (set the X-Forwarded-Proto to https in case of an HTTPS request) and JBoss (removed HTTPS Connector al together).

             

            Of course, JBoss or Spring don't recognize the X-Forwarded-Proto header so I keep getting redirected.

             

            Any experience with this specifically?

             

            Thanks again,

            Nes

            • 3. Re: Configure HTTPS Connector without SSL?
              ctomc

              hey,

               

              yeah with nginx there are not as much examples out there as with apache httpd

               

              you can try with http://code.google.com/p/nginx-ajp-module/ it is the same as mod_jk or mod_proxy_ajp for apache...

               

              to make it work you have to configure ajp connector on jboss with confing something like this:

               

              <connector name="ajp" protocol="AJP/1.3" scheme="http" socket-binding="ajp"/>

               

               

              it worked for me last time i used it (more than year ago).

               

               

              --

              tomaz

              • 4. Re: Configure HTTPS Connector without SSL?
                nesyarug

                I kinda got things working now with XForwardedFilter (http://code.google.com/p/xebia-france/wiki/XForwardedFilter) which changes the appropriate request attributes before Spring gets the request.

                 

                Thanks for your replies and confirming I couldn't just use an HTTPS Connector without SSL.

                 

                BR,

                Nes