Glassfish 3.1.2.2 behind SSL load balancer terminator

Question

Glassfish 3.1.2.2 behind SSL load balancer terminator

Currently, the organization in which I work uses Glassfish 3.1.2.2 for the hardware (same as software / cloud) load balancer, which is also responsible for terminating SSL . We are currently having problems with Glassfish, not knowing that it is behind an SSL connection and therefore does some things incorrectly. In particular, the following:

session cookies are not marked as safe
Redirects created from Glassfish are performed as http:// instead of https://
request.isSecure() does not return the correct value
request.getScheme() does not return the correct value

In theory, we could rewrite all these things in a load balancer, but in previous projects using Tomcat, we were able to solve them all at the container level.

In Tomcat, I can just set the safe flag and schema value in the definition of the HTTP connector, and all is well. But I can not find equivalents on Glassfish.

Anyone have any actions?

+6

ssl glassfish glassfish-3 load-balancing

kalak451 Jan 17 '13 at 20:58

source share

1 answer

vbo · Answer 1 · 2013-12-28T09:52:15+0000

If your load balancer contains the X-Forwarded-Proto header, you can try using the scheme-mapping attribute in the http definition of your domain.xml :

 <http default-virtual-server="server" max-connections="100" scheme-mapping="X-Forwarded-Proto">...

For example, nginx can be configured to provide this header:

 location / { proxy_set_header X-Forwarded-Proto https; proxy_pass http://glassfish; }

Glass fish seem to have known issues related to support for scheme-mapping .

Glassfish 3.1.2.2 behind SSL load balancer terminator

More articles: