Making application behind reverse proxy aware of https

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Posted by akaIDIOT on Server Fault See other posts from Server Fault or by akaIDIOT
Published on 2012-04-04T10:25:02Z Indexed on 2012/04/04 11:32 UTC
Read the original article Hit count: 362

Filed under:
|
|
|

https in tomcat being the hassel it is, I've been trying to get an Axis2 webapp to work behind a reverse proxy for ages now, can't seem to get it to work. The proxying itself works like a charm, but the app fails to generate 'links' (or ports as it concerns SOAP) using https. It would seem I need some way to let Axis2 know it is being accessed through https, even though the actual transport to it is done over http (proxied from localhost).

The nginx config that proxies https to localhost:8080:

server {
    listen       443;

    server_name  localhost;

    ssl                         on;
    ssl_certificate             /path/to/.pem
    ssl_certificate_key         /path/to/.key;
    ssl_session_timeout         5m;
    ssl_protocols               SSLv3 TLSv1;
    ssl_ciphers                 ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv3:+EXP;
    ssl_prefer_server_ciphers   on;

    location / {
        # force some http-headers (avoid confusing tomcat)
        proxy_set_header        X-Real-IP         $remote_addr;
        proxy_set_header        Host              $http_host;
        proxy_set_header        X-Forwarded-For   $proxy_add_x_forwarded_for;
        proxy_set_header        X-Forwarded-Proto https;

        # pass requests to local tomcat server listening on default port 8080
        proxy_pass              http://localhost:8080;
    }
}

The proxy itself works fine, the info pages of the webapp work. The problem lies in the ports generated in the .wsdl:

<wsdl:service name="WebService">
  <wsdl:port name="WebServiceHttpSoap11Endpoint" binding="ns:WebServiceSoap11Binding">
    <soap:address location="http://10.10.3.96/axis2/services/WebService.WebServiceHttpSoap11Endpoint/"/>
  </wsdl:port>
  <wsdl:port name="WebServiceHttpSoap12Endpoint" binding="ns:WebServiceSoap12Binding">
    <soap12:address location="http://10.10.3.96/axis2/services/WebService.WebServiceHttpSoap12Endpoint/"/>
  </wsdl:port>
  <wsdl:port name="WebServiceHttpEndpoint" binding="ns:WebServiceHttpBinding">
    <http:address location="http://10.10.3.96/axis2/services/WebService.WebServiceHttpEndpoint/"/>
  </wsdl:port>
</wsdl:service>

The Host header does its job; it shows 10.10.3.96 in stead of localhost, but as the snippet shows: it says http:// in front of it in stead of https://. My client app can't deal with this...

Adding proxyPort and proxyName to the tomcat6 server.xml in the default <Connector> doesn't help; I'm at a loss on how to get this to work properly.

© Server Fault or respective owner

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Related posts about nginx

Related posts about https

Categories cloud

.NET ASP.NET iphone linux python Windows mysql android sql windows-7 html c ruby-on-rails css objective-c ubuntu networking sql-server wpf asp.net-mvc ruby database Xml apache AJAX osx security regex django Performance 12.04 windows-xp mac web-development iphone-sdk vb.net Silverlight apache2 flash server perl best-practices email installation eclipse visual-studio algorithm windows-server-2008 winforms wcf firefox bash dns /Oracle