Will Warren

Apache Tomcat with SSL behind Amazon ELB

If you’re running a high-availability system of some kind, chances are you are into some sort of Load Balancing. If you happen to be writing a Java app, and happen to be using Apache Tomcat as your servlet container, then this tip is for you.

I had a system which needed to be HTTPS-only but also have the SSL terminated at the load balancer. Naturally, I forwarded the HTTP and HTTPS ports on my Elastic Load Balancer and had my application configured to redirect any insecure connections to an SSL connection. I started having a couple of strange issues where occasionally it would leave the connection on HTTP when it should have been redirecting.

My setup was basically:

  HTTP (80) -----> ELB -----> Tomcat (8080)
HTTPS (443) -----> ELB -----> Tomcat (8080)

Turned out, I needed to set a couple of extra options in my Tomcat HTTP Connector section (find it in server.xml). This was the combination of options that did it for me:

    redirectPort="8443" />

This assumes your app is hosted at myapp.example.com

In my case, the one that really did the trick was secure="true" which according to the documentation:

Set this attribute to true if you wish to have calls to request.isSecure() to return true for requests received by this Connector.

Hopefully this will save someone some headaches.

Length: 229 words or 2 min Tags: aws, sysadmin


comments powered by Disqus