[英]Can't log into WSO2 Carbon behind load balancer
I have a WSO2IS 5.0.0 instance running on a VM behind a load balancer. 我有一个WSO2IS 5.0.0实例在负载均衡器后面的VM上运行。 The load balancer listens for HTTPS on port 443, handles all SSL and forwards plain HTTP to the VM on port 80. 负载平衡器在端口443上侦听HTTPS,处理所有SSL,并将纯HTTP转发到端口80上的VM。
I have configured the WSO2IS instance to have only one HTTP connector on port 80 in catalina-server.xml, and configured all the URLs I can find in the config to point to the load balancer using HTTPS. 我已将WSO2IS实例配置为在catalina-server.xml的端口80上仅具有一个HTTP连接器,并配置了所有可在配置中找到的URL,以使用HTTPS指向负载均衡器。
I can visit the carbon webapp via the load balancer on 443 fine. 我可以通过443上的负载平衡器访问Carbon Webapp。 However when I successfully log in, the webapp returns a redirect to HTTP on port 80, NOT to HTTPS on port 443 as it should. 但是,当我成功登录后,Web应用程序应将重定向返回到端口80上的HTTP,而不是重定向到端口443上的HTTPS。 This makes it impossible to use the carbon webapp. 这使得无法使用Carbon Webapp。
If I change proxyPort in the HTTP connector in catalina-server.xml, it does then return a redirect to port 443 - but the URL is plain HTTP, not HTTPS, so it still fails. 如果我在catalina-server.xml的HTTP连接器中更改了proxyPort,它会返回到端口443的重定向-但URL是纯HTTP而不是HTTPS,因此仍然失败。
How can I tell carbon to send a redirect to HTTPS even though tomcat itself is listening via HTTP? 即使tomcat本身正在通过HTTP侦听,我如何告诉Carbon重定向到HTTPS?
Thanks in advance! 提前致谢!
You can use proxy port in this scenario. 您可以在这种情况下使用代理端口。
You can configure in tomcat/catalina-server.xml as below with 2 connectors. 您可以使用以下2个连接器在tomcat / catalina-server.xml中进行配置。 http url will anyway redirect to https url. 无论如何,http url都将重定向到https url。 Do you mean management console as webapp? 您是说管理控制台就是webapp吗?
<Connector protocol="org.apache.coyote.http11.Http11NioProtocol"
port="9763"
proxyPort="80"
bindOnInit="false"
maxHttpHeaderSize="8192"
acceptorThreadCount="2"
maxThreads="250"
minSpareThreads="50"
disableUploadTimeout="false"
connectionUploadTimeout="120000"
maxKeepAliveRequests="200"
acceptCount="200"
server="WSO2 Carbon Server"
compression="on"
compressionMinSize="2048"
noCompressionUserAgents="gozilla, traviata"
compressableMimeType="text/html,text/javascript,application/x-javascript,application/javascript,application/xml,text/css,application/xslt+xml,text/xsl,image/gif,image/jpg,image/jpeg"
URIEncoding="UTF-8"/>
<Connector protocol="org.apache.coyote.http11.Http11NioProtocol"
port="9443"
proxyPort="443"
bindOnInit="false"
sslProtocol="TLS"
maxHttpHeaderSize="8192"
acceptorThreadCount="2"
maxThreads="250"
minSpareThreads="50"
disableUploadTimeout="false"
enableLookups="false"
connectionUploadTimeout="120000"
maxKeepAliveRequests="200"
acceptCount="200"
server="WSO2 Carbon Server"
clientAuth="false"
compression="on"
scheme="https"
secure="true"
SSLEnabled="true"
compressionMinSize="2048"
noCompressionUserAgents="gozilla, traviata"
compressableMimeType="text/html,text/javascript,application/x-javascript,application/javascript,application/xml,text/css,application/xslt+xml,text/xsl,image/gif,image/jpg,image/jpeg"
URIEncoding="UTF-8"/>
You should have the mapping to your load balancer in your etc/hosts file as : 您应该在etc / hosts文件中以以下方式映射到负载均衡器:
is.50.com is.50.com
In Your Load balancer you should have as below. 在您的负载均衡器中,您应该具有以下内容。 Eg, apache2 例如apache2
<Virtualhost *:443>
ServerName is.50.com
ServerAlias is.50.com
ProxyPreserveHost On
SSLEngine On
SSLProxyEngine On
SSLProxyVerify none
SSLProxyCheckPeerCN off
SSLProxyCheckPeerName off
SSLCertificateFile /etc/apache2/ssl/apache.crt
SSLCertificateKeyFile /etc/apache2/ssl/apache.key
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
stickysession=JSESSIONID
ProxyPass / https://<carbonIP>:<port>/
ProxyPassReverse / https://<carbonIP>:<port>/
</Virtualhost>
Then your access URL will be, as below. 然后,您的访问URL将如下所示。
https://is.50.com/carbon https://is.50.com/carbon
or 要么
http://is.50.com/carbon which will redirect to https. http://is.50.com/carbon ,它将重定向到https。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.