[cosmo-dev] Reverse proxy docs corrected for SSL
Jared Rhine
jared at wordzoo.com
Sun Dec 9 14:52:24 PST 2007
I've corrected an error I found on our reverse proxy instructions
(which I had checked out because I saw 'em hit IRC to assist a new
Cosmo user):
http://chandlerproject.org/Documentation/ServerBundleReverseProxy
The fix is only in the SSL sections. The odd behavior has bitten me
before when I configed a Tomcat connector from scratch the "obvious"
way. But, when your reverse proxy is doing SSL for you (ala Apache +
mod_ssl + mod_proxy), you need to set the "secure" parameter to
"false", not "true". I think "secure=true" means, "decrypt traffic on
this socket as if it was SSL". You would set it to true if Tomcat
itself was doing SSL for that socket; ie, directly to browsers, no
reverse proxy in between.
The connecter "scheme" still needs to "https" to form URLs properly.
The production config for Hub is (in part):
<Service name="Catalina">
<Connector port="8000" enableLookups="false"
minSpareThreads="4" maxSpareThreads="50"
maxThreads="200"
proxyName="hub.chandlerproject.org" proxyPort="443"
scheme="https" secure="false"/>
<Engine name="Catalina" defaultHost="localhost">
<Host name="localhost" appBase="webapps" autoDeploy="false"
deployOnStartup="false">
-- Jared
More information about the cosmo-dev
mailing list