Using FlexDeploy with a load Balancer that offloads HTTPS
If you are using a Load Balancer that offloads HTTPS, FlexDeploy will see the incoming connections from the load balancer as HTTP. This will cause it to generate relative paths with http:// instead of https://. Those URLS are redirected by the load balancer, starting a infinite loop. There is a great article about it here: Broadcom Community - VMTN, Mainframe, Symantec, Carbon Black
To avoid that loop, have the load balancer, there are 2 options:
Option 1 - using RemoteIpValve and x-forwarded-proto
This way will allow users to access FlexDeploy with or without the loadbalancer.
1 In your server.xml in the host section where you will see other valves add an additional valve:
<Valve className="org.apache.catalina.valves.RemoteIpValve" internalProxies="192\.168\.0\.10|192\.168\.0\.11" remoteIpHeader="x-forwarded-for" proxiesHeader="x-forwarded-by" protocolHeader="x-forwarded-proto" />
Modify the ip addresses shown here to your Load Blanacer IP addresses.
Keep the format of the ip addresses like this in regex format \. instead of ., and use | for OR.
2 in your load balancer configuration, set the X-Forwarded-Proto header.
See RemoteIpValve (Apache Tomcat 9.0.97 API Documentation) for more information about how that works.
The example titled “Sample with internal proxies” is likely the one closest to the needs of most customers with load balancers.
3 Restart FlexDeploy
Option 2 - Using Connector settings
This way will redirect users to the loadbalancer.
1 In your server.xml in the http connector (that is not commented out) add this line:
proxyport="443" scheme="https" secure="true" proxyname="example.com"
2 Change “example.com” to the hostname of the loadbalancer.
3 Restart Flexdeploy
- style