If you’re running a high-availability system of some kind, chances are you are into some sort of Load Balancing. If you happen to be writing a Java app, and happen to be using Apache Tomcat as your servlet container, then this tip is for you.
I had a system which needed to be HTTPS-only but also have the SSL terminated at the load balancer. Naturally, I forwarded the HTTP and HTTPS ports on my Elastic Load Balancer and had my application configured to redirect any insecure connections to an SSL connection. I started having a couple of strange issues where occasionally it would leave the connection on HTTP when it should have been redirecting.
My setup was basically:
HTTP (80) -----> ELB -----> Tomcat (8080) HTTPS (443) -----> ELB -----> Tomcat (8080)
Turned out, I needed to set a couple of extra options in my Tomcat HTTP Connector section (find it in
server.xml). This was the combination of options that did it for me:
<Connector port="8080" protocol="HTTP/1.1" proxyPort="443" scheme="https" secure="true" proxyName="myapp.example.com" connectionTimeout="20000" URIEncoding="UTF-8" redirectPort="8443" />
This assumes your app is hosted at
In my case, the one that really did the trick was
secure="true" which according to the documentation:
Set this attribute to true if you wish to have calls to
truefor requests received by this
Hopefully this will save someone some headaches.