Win a copy of Rust Web Development this week in the Other Languages forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Tim Cooke
  • Campbell Ritchie
  • Ron McLeod
  • Liutauras Vilda
  • Jeanne Boyarsky
Sheriffs:
  • Junilu Lacar
  • Rob Spoor
  • Paul Clapham
Saloon Keepers:
  • Tim Holloway
  • Tim Moores
  • Jesse Silverman
  • Stephan van Hulst
  • Carey Brown
Bartenders:
  • Al Hobbs
  • Piet Souris
  • Frits Walraven

Spring Boot with embedded Tomcat behind Apache SSL proxy

 
Ranch Hand
Posts: 38
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I'm searching for a solution to be able to run a Spring application behind an Apache SSL proxy. I tried a lot of configurations without success. All Spring responses go to http causing a Not Found error.

The following is apache configuration:

       

These are the Spring options:


I'm using Spring Boot 2.5.6 on Apache Tomcat/9.0.54. The OS Apache is a 2.4.25 version running on a Debian 9.13.

The problem seems to happen after login into the application and logout. If I substitute http to https after the login action, I'm able to navigate into the application. All links works fine until I logout. When I logout the application goes again to http.

Someone can help me?
 
Ranch Hand
Posts: 77
1
Android Java Linux
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I haven't done this by myself but here is an article dealing with that topic: https://stormpath.com/blog/secure-spring-boot-webapp-apache-letsencrypt-ssl

The basic approach is to use socalled AJP connector that requires to use Apache modules proxy and proxy_ajp.

In addition adding the lines to the Apache virtual hosty for SSL is essential:

ProxyPass / ajp://localhost:9090/
ProxyPassReverse / ajp://localhost:9090/

 
Enrico Morelli
Ranch Hand
Posts: 38
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Roland Mueller wrote:I haven't done this by myself but here is an article dealing with that topic: https://stormpath.com/blog/secure-spring-boot-webapp-apache-letsencrypt-ssl

The basic approach is to use socalled AJP connector that requires to use Apache modules proxy and proxy_ajp.

In addition adding the lines to the Apache virtual hosty for SSL is essential:

ProxyPass / ajp://localhost:9090/
ProxyPassReverse / ajp://localhost:9090/



Thank you. The information in the article is a bit old, but I found the new configurations so it seems to work fine.
 
Roland Mueller
Ranch Hand
Posts: 77
1
Android Java Linux
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Thank you. The information in the article is a bit old, but I found the new configurations so it seems to work fine.



I guess the approach to have Java or other servers behind a Webserver such as Apache or Nginx is not a new concept and will not be subject of many changes or radical changes.
 
Saloon Keeper
Posts: 24825
172
Android Eclipse IDE Tomcat Server Redhat Java Linux
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Roland Mueller wrote:
I guess the approach to have Java or other servers behind a Webserver such as Apache or Nginx is not a new concept and will not be subject of many changes or radical changes.


The concept is known as a reverse proxy and is probably older than some of the people on the Ranch at this point. You'll often hear it simply called "proxy", but a true web proxy acts as a single access point for outbound requests. A Reverse Proxy acts as a client for inbound requests.

Probably the most popular "proxy" servers are Apache, Nginx, and IIS, although others can also serve. Or you can use a physical proxy server device such as the popular F5 line.

Apache uses modules and there are several. The mod_jk module talks to Tomcat workers and in theory should be better for load balancing, but mod_proxy is the generally-recommended one. They don't connect to port 8080, but rather to the Tomcat proxy port (8009) and use private (coyote) protocols. The SSL connection is between the outside and Apache. Normally one trusts that the DMZ side of Apache is secure enough to go directly to Tomcat.
 
Enrico Morelli
Ranch Hand
Posts: 38
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Only one problem remains. When the session goes in timeout (I don't know how to set it), I'm redirected to the HTTP login page instead of HTTPS, so I receive 404 Not found again.

Is there a way to solve it?
reply
    Bookmark Topic Watch Topic
  • New Topic