Tomcat and SSL Offloading

If you run tomcat behind a load balancer that features in SSL Accelerator or Offloading (sometimes called SSL Termination) there are a couple config changes you need to make.

The Connector

If you're using tomcat's HTTP connector (as you should be) you need to add the parameter:

secure="true" proxyPort="443" scheme="https" 

This prevents servlets that require encrypted connectors that yes, you do have encryption, and it tells it the port and scheme of your proxy system so that when tomcat needs to refer to itself, it sends you a correctly formatted URL (i.e. needing to redirect you from /webapps/login to /webapps/login/ with a properly trailing slash )

Comments