Now form the client when i try https://himesh.com i get the the tomcat
default page, that is all good.
But https://himesh.com/abc ( abc is an application deployed in tomcat),
the browser returns http://himesh.com/abc but now i don’t have nginx
listening on 80, so there is no answer . This only happens with https.
It works fine when iam using just http…
On Thu, Nov 19, 2009 at 06:50:02AM -0500, himesh wrote:
pid /var/run/nginx.pid;
access_log /etc/pound/access.log;
}
Now form the client when i try https://himesh.com i get the the tomcat default page, that is all good.
But https://himesh.com/abc ( abc is an application deployed in tomcat), the browser returns http://himesh.com/abc but now i don’t have nginx listening on 80, so there is no answer . This only happens with https. It works fine when iam using just http…
Please advice…
Depending on backend software you may need various quirks to make
this working. Usually correctly configured proxy_redirect is
enough.
So one way to do this is a layer 4 load balancing at nginx/haproxy
layer.
But What I am trying to do is to do a layer 7 load balancing itself. So
the
first ssl offloading will happen at the nginx/haproxy level. Then it
will be again encrypted and send to the underlaying tomcat(Which are in
another server and subnet). Then tomcat
will offload ssl again.
The reason for this is, I am creating my stack in AWS(amazon web
service) and we do not
want any kind of plan communication happening in amazon network.
So I am not really sure about the configuration which I can do on nginx
which will do the following:
Off load the ssl for the requests coming from client (users) - This
configuration is simple enough
encrypt the communication again and send to underlaying tomcats
so it will be like:
Can I have an SSL from Client to Nginx and another between Nginx and
Tomcat?
So one way to do this is a layer 4 load balancing at nginx/haproxy
layer.
But What I am trying to do is to do a layer 7 encryption itself. So the
first ssl offloading will happen at the nginx/haproxy level. Then it
will be again encrypted and send to the underlaying tomcat. Then tomcat
will offload ssl again.
The reason for this is, I am creating my stack in amazon and we do not
want any kind of plane communication happening in amazon network.
So I am not really sure about the configuration which I can do on nginx
which will do the following:
Off load the ssl for the requests coming from client (users) - This
configuration is simple enough
encrypt the communication again and send to underlaying tomcats
Can I have an SSL from Client to Nginx and another between Nginx and
Tomcat?
Assuming that this happens all on one machine, Tomcat can be set to
listen
only on localhost e.g. 127.0.0.1:8080
in which case SSL from nginx reverse proxy becomes redundant.