2

We have setup Apache as ssl frontend for plain http jboss(tomcat)

<VirtualHost *:5555>
    ServerName my.server.com

    SSLEngine on
    SSLCertificateFile /x.crt
    SSLCertificateKeyFile /x.pem
    SSLProxyEngine on
    ...
    ...
    ProxyPass / http://my.server:8080/
    ProxyPassReverse / http://my.server.com:8080/
</VirtualHost>

In our jsp we have something like this:

<link href="/css/my.css" rel="stylesheet" type="text/css">

When we load the page from

https://my.server.com:5555

The browser telling us this page has unsecure content because the it will load the css from

http://my.server.com:5555/css/my.css

I don't want to use absolute URL in href. Can I somehow tell tomcat to use https from apache without setup ssl in tomcat? Or is the best combination to setup ssl in both Apache & Tomcat?

I have tried the solution as Dirk pointed out but it's still not working.

server.xml

<Connector port="8080" protocol="HTTP/1.1" enableLookups="false" proxyPort="5555" scheme="https" secure="true" />

I still get the error about the unsecure content. Is it because struts 1.1 does not use request.getScheme() or is it because the communication between Apache and Tomcat is with plain http and Apache think

<link href="/css/my.css" rel="stylesheet" type="text/css">

should be download from 

http://my.server.com:5555/css/my.css

before sending it back to the browser?

Thx in advance

Improve this question

1 Answer 1

Reset to default
3

I'd guess that problem is that your (tomcat) server thinks it is still living at the http address (you can confirm that by looking at the headers and the HTML).

So it includes references in the page to the http address, unaware the request came in on the https version.

Assuming you want all traffic https (and the http path is blocked and/or tomcat is bound to localhost) - you want to check http://tomcat.apache.org/tomcat-7.0-doc/proxy-howto.html as to how to tell tomcat that it is living not at the address it can see - but at the address you are exposing to the internet from apache (i.e. the front door).

The ones you are after are proxyName, proxyPort along with scheme and secure.

See for example option 4 and 3 of http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2007800.

Improve this answer
Sign up to request clarification or add additional context in comments.

4 Comments

Option 4 in the last link is just what I am looking for.
Ok - check what is in your HTML page - and check what exactly is in your page - absolute links hardcoded to the wrong place; or relative links - and the going to the wrong page is related to the protocol layer, the browser or some javascript. A good second check is to see if going to https://..:5555/ from a fresh browser. That will tell you if something is hardcoded. Then we can start tracking the source of this down.
Found the problem. It was a base tag that was set so all relative path was using it. Now it's working. Thx alot
@chitech: could you please tell me where was that base tag set? I have a similar problem. Thanks in advance.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.