stackoom
  简体   繁体   中英

F5 load balancer with Apache web and Tomcat SSL Issue

 原文  2015-11-10 05:36:22       apache/ tomcat/ ssl/ f5

Question

We have a web application hosted on Tomcat server (clustered), with two Apache web servers sitting in front and F5 load balance5 in front of apache. SSL is configured in F5 load balancer. Now whenever someone accesses our application using the load balancer's secure url, our java web application does not evaluate request.isSecure to be true. Is there any setting I need to do enable this.

In our apache web server we have the following configuration using proxy balancer

ServerName ip:80

ProxyPass /balancer-manager !
ProxyPass / balancer://mycluster/ stickysession=JSESSIONID nofailover=Off
ProxyPassReverse / balancer://mycluster/
<Proxy balancer://mycluster>
          BalancerMember ajp://ipapp1:8009 route=jvm1 loadfactor=1
          BalancerMember ajp://ipapp2:8009 route=jvm2 loadfactor=1 status=+H
          ProxySet lbmethod=byrequests
</Proxy>

I tried to change the connector details in server.xml of tomcat by adding scheme= "https", secure="true" and proxyPort="443" for 8080 but it did not work.

What am I missing here?

2 answers

solution1
 1  2015-11-10 21:55:56

You'd need to check your app to see if it is supported, but typically a header is forwarded communicating the request protocol. Traditionally this was the X-Forwarded-Proto header, but X-... nomenclature has been deprecated. The Forwarded header now supports what was X-Forwarded-For, X-Forwarded-Proto, etc... in one header. There is still wide support for the deprecated method however, so either approach should work pending app support.

X-Forwarded-Proto: https

or

Forwarded: proto=https

The new standards are described in RFC 7239

solution2
 0  2021-05-26 13:52:13

Maybe I'm a bit late here, but I had the same situation. I added

scheme= "https", secure="true" and proxyPort="443"

on port 8009 , not on port 8080 like the original question. That's because from Apache the request is made via AJP on port 8009. Also, Apache must have http-ssl.conf enabled from http.conf and it has to be listening on port 443.

I tried this configuration and it worked, the request sent through the Load Balancer in front of the Apache reported the tomcat webapp in https correctly.

I hope this helps who has the same problem, it took me days to understand this.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Application Fail over not working in apache 2.2 web server configured with BIG IP (f5) load balancer Apache httpd server doesn't accept GET HTTP request from F5 load balancer Apache tomcat deployment with load balancer Can F5 work as both webserver as well as load balancer mod_proxy, mod_ssl, with SSLProxyEngine to an Internal F5… Internal F5 sends apache a TCP RESET Using HAProxy load balancer with apache web server Apache Load Balancer on Top of Tomcat 6 - Missing Something and it's Not Working Redirect host ip to load balancer in apache tomcat cluster Fallback Load balancer with apache mod_jk, tomcat Apache2 open SSL certificates are shown on AWS Load balancer
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM