Forum Discussion
Engenharia_CSHG
Nimbostratus
NimbostratusIntegrating SSL in Big IP and JBoss/Tomcat
Hi,
We are configuring a big ip box (LTN 9.4.5) with a jboss server (4.3.0EAP).
Our big deal now is the ssl configuration.
Follows the workflow:
1. When a connection arrives in the 80 port, I redirect it to JBoss.
2. JBoss then checks if the URL should be encrypted or not.
3. If it is, it then sends a redirect back to the browser to force the connection to go over the ssl port.
Our main problem, is that as the big ip offloads the ssl connection to a common http connection to JBoss, it is never able to decide if the connection was received from the ssl/443 port of the http/80 port.
Is there a way to signal the web server (in this case JBoss) that the connection came from a ssl port? Could we append to parameter to the header or something like that?
We searched a lot on the web and dev central without any success. And it seams to be a very common situation for people using the big ip product.
Thanks in advance for any help.
Fernando
3 Replies
- The_BhattmanHi Fernando,
A couple of things. If you have locked down the JBOSS so that nothing except the client can access it through the Virtual address then the assumption is that it is encrypted. However, another way is to associate an irule that attaches a custom HTTP header that can be sent to JBOSS. The idea is that if it has this custom header only when accessed via the VIP that carries the SSL. I am sure you can search for a script that allows you to attach a custom HTTP header.
Hope this helps
CB 
tux43_94790Bump - having exacltly the same problem. Did you get this solved?
L4L7_53191Have a look at the proxyPort setting, which will tell the container how to build a self-referential redirect with the proxy's port (BigIP, in this case): http://docs.jboss.org/jbossweb/3.0.x/proxy-howto.html
-Matt
