Forum Discussion

tomtux_93477's avatar
tomtux_93477
Icon for Nimbostratus rankNimbostratus
Jun 18, 2010

HTTPS to Tomcat:8080

Hi

 

 

I have the following situation:

 

CLIENT --> HTTPS --> F5 --> HTTP:8080 --> Tomcat-Server

 

 

I've created a VIP which handle the SSL-termination. Then I have a server-pool with the tomcat-server, which listen on port tcp 8080.

 

When I connect directly to the tomcat-server with tcp:8080, then all works fine. When I connect through the loadbalancer with https://, then I got error-messages from the tomcat-server.

 

I tried with a streaming rule to replace http:// with https:// on the vip -> no success.

 

 

How do I configure the loadbalancer, to make proper requests to the tomcat-server?

 

 

Thanks a lot.

 

Tom

 

config
design

6 Replies

Sort By
  • hooleylist's avatar
    hooleylist
    Icon for Cirrostratus rankCirrostratus
    Jun 18, 2010
    Hi Tom,

     

     

    I assume the issue is that tomcat is including http:// and/or port 8080 in references to itself. Can you use a browser plugin like HttpFox for Firefox or Fiddler for IE to see which headers and/or what in the payload is breaking the LTM proxying of the application?

     

     

    Aaron
  • tomtux_93477's avatar
    tomtux_93477
    Icon for Nimbostratus rankNimbostratus
    Jun 18, 2010
    Hi Aaron

     

     

    I installed httpfox and I can see, that the first connect is established with https://. Then I got a redirect (http/302) to "http://". Is there a f5-way, to solve this problem? Or do I need to solve this problem in the "application"-way?

     

     

    Thanks a lot.

     

    Tom

     

  • hooleylist's avatar
    hooleylist
    Icon for Cirrostratus rankCirrostratus
    Jun 18, 2010
    You can create a custom HTTP profile with rewrite redirects enabled to fix this on LTM.

     

     

    Aaron
  • tomtux_93477's avatar
    tomtux_93477
    Icon for Nimbostratus rankNimbostratus
    Jun 18, 2010
    Hi Aaron

     

     

    I solved this problem on the application-side:

     

    In the "server.xml" (this is the tomcat-configurationfile), I appended the following parameter to the default-connector-port:

     

    proxyName="[here you enter the external dns-domain-name]" proxyPort="443" scheme="HTTPS" disableUploadTimeout="true"/>

     

     

    Thanks a lot for your help.

     

    Tom

     

  • L4L7_53191's avatar
    L4L7_53191
    Icon for Nimbostratus rankNimbostratus
    Jun 23, 2010
    Tomtux: thanks for posting your solution - we used to run into this frequently back in my prior job, and your solution is preferred IMO. It's a good one to have in the bag of tricks!

     

     

    -Matt