-
Notifications
You must be signed in to change notification settings - Fork 1
GOKb AWS
hornmo edited this page Sep 25, 2018
·
1 revision
Dealing with AWS LoadBalancer and https -> http redirects...
More recently we use this valve to get the X-Forwarded-For header
<Valve className="org.apache.catalina.valves.RemoteIpValve"
remoteIPHeader="X-Forwarded-For"
remoteIPProxiesHeader="X-Forwarded-By"
protocolHeader="X-Forwarded-Proto" />
N.B. Native apache alternative to this is mod_remoteip.
There are some well known and documented challenges in getting https terminated by the AWS LB and connecting the http to tomcat. We've decided to front tomcat with NGNIX to work around these. Here is the default ngnix config
user www-data;
worker_processes 4;
pid /run/nginx.pid;
events {
worker_connections 768;
# multi_accept on;
}
http {
server {
listen 0.0.0.0:80 default;
server_name gokb.org;
## redirect http to https ##
rewrite ^ https://$server_name$request_uri? permanent ;
}
}
#mail {
# # See sample authentication script at:
# # http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript
#
# # auth_http localhost/auth.php;
# # pop3_capabilities "TOP" "USER";
# # imap_capabilities "IMAP4rev1" "UIDPLUS";
#
# server {
# listen localhost:110;
# protocol pop3;
# proxy on;
# }
#
# server {
# listen localhost:143;
# protocol imap;
# proxy on;
# }
#}