Using FlexDeploy with a load Balancer that offloads HTTPS
If you are using a Load Balancer that offloads HTTPS, FlexDeploy will see the incoming connections from the load balancer as HTTP. This will cause it to generate relative paths with http:// instead of https://. Those URLS are redirected by the load balancer, starting a infinite loop. There is a great article about it here: https://community.pivotal.io/s/article/Purpose-of-the-X-Forwarded-Proto-HTTP-Header?language=en_US
To avoid that loop, have the load balancer, there are 2 options:
Option 1 - using RemoteIpValve and x-forwarded-proto
This way will allow users to access FlexDeploy with or without the loadbalancer.
1 In your server.xml in the host section where you will see other valves add an additional valve:
<Valve className="org.apache.catalina.valves.RemoteIpValve" internalProxies="192\.168\.0\.10|192\.168\.0\.11" remoteIpHeader="x-forwarded-for" proxiesHeader="x-forwarded-by" protocolHeader="x-forwarded-proto" />
Modify the ip addresses shown here to your Load Blanacer IP addresses.
Keep the format of the ip addresses like this in regex format \. instead of ., and use | for OR.
2 in your load balancer configuration, set the X-Forwarded-Proto header.
See https://tomcat.apache.org/tomcat-9.0-doc/api/org/apache/catalina/valves/RemoteIpValve.html for more information about how that works.
The example titled “Sample with internal proxies” is likely the one closest to the needs of most customers with load balancers.
3 Restart FlexDeploy
Option 2 - Using Connector settings
This way will redirect users to the loadbalancer.
1 In your server.xml in the http connector (that is not commented out) add this line:
proxyport="443" scheme="https" secure="true" proxyname="example.com"
2 Change “example.com” to the hostname of the loadbalancer.
3 Restart Flexdeploy
- style