Re: Stunnel + HAProxy + Apache + Tomcat

From: Willy Tarreau <w#1wt.eu>
Date: Mon, 26 Jan 2009 00:10:22 +0100


Hi Jill,

On Thu, Jan 22, 2009 at 02:30:55PM -0500, Jill Rochelle wrote:
> I'm just getting started with all this; I thought I had this working
> last year, but having issues now.
>
> When using stunnel and xforwardfor with haproxy, is the URL suppose to
> stay https or will it change to http? If it changes to http, is it
> secure; no lock shows in browser?

The URL used by the browser is still https, as it only defines the protocol to use.

> Also, has anybody got this working along side Apache and Tomcat where
> Apache is routing everything to tomcat as the main application is
> running in tomcat only?
> Routing is port 80 (apache) > 85 (haproxy) > 8888 (server for proxy -
> goes back to apache) > mod_jk to tomcat

I see nothing abnormal in your description, though I've never used tomcat.

> Parts of application is http and other parts are https. I need the URL
> to remain https (when entering that part of app) so that it is secure
> and the lock for the certificate appears in the browser.
>
> I feel like I'm missing something, but I can't put my finger on it.

If you're using apache's mod_proxy, you might have difficulties setting up proxypass and proxypass reverse to make https appear as such. I don't remember the exact details, but I know people who're constantly annoyed by the fact that apache rewrites the URL when passing the request, instead of leaving it untouched. This could be what you had in mind.

Regards,
Willy Received on 2009/01/26 00:10

This archive was generated by hypermail 2.2.0 : 2009/01/26 00:15 CET