-
1. Re: Configure HTTPS Connector without SSL?
ctomc Aug 13, 2012 6:02 AM (in response to nesyarug)Hi,
it is possible, but bit different
on apache where you terminate ssl, you change the way server connects to backend to use AJP or mod_proxy instead of just proxying to http/https.
you might be required to add ajp connector or configure mod_cluster subsystem to do this.
This way you will be able to to get info about ssl on backend without having SSL terminated on it.
--
tomaz
-
2. Re: Configure HTTPS Connector without SSL?
nesyarug Aug 13, 2012 6:38 AM (in response to ctomc)Hi Tomaz,
Thanks for the reply. The web server I'm using is Nginx.
I did some further searching and found some examples setting a X-Forwarded-Proto header in Nginx to https and then forwarding to JBoss (or "Java server", the examples didn't mention JBoss specifically).
So I have now made those configuration changes in Nginx (set the X-Forwarded-Proto to https in case of an HTTPS request) and JBoss (removed HTTPS Connector al together).
Of course, JBoss or Spring don't recognize the X-Forwarded-Proto header so I keep getting redirected.
Any experience with this specifically?
Thanks again,
Nes
-
3. Re: Configure HTTPS Connector without SSL?
ctomc Aug 13, 2012 6:43 AM (in response to nesyarug)hey,
yeah with nginx there are not as much examples out there as with apache httpd
you can try with http://code.google.com/p/nginx-ajp-module/ it is the same as mod_jk or mod_proxy_ajp for apache...
to make it work you have to configure ajp connector on jboss with confing something like this:
<connector name="ajp" protocol="AJP/1.3" scheme="http" socket-binding="ajp"/>
it worked for me last time i used it (more than year ago).
--
tomaz
-
4. Re: Configure HTTPS Connector without SSL?
nesyarug Aug 13, 2012 7:32 AM (in response to ctomc)I kinda got things working now with XForwardedFilter (http://code.google.com/p/xebia-france/wiki/XForwardedFilter) which changes the appropriate request attributes before Spring gets the request.
Thanks for your replies and confirming I couldn't just use an HTTPS Connector without SSL.
BR,
Nes