We help IT Professionals succeed at work.
Get Started

Tomcat 7 > Apache 2.x > Coyote Point Load Balancer

Last Modified: 2012-07-09
Where do I start...? lol..

We have our web server configuration setup behind a Coyote Point Load Balancer which directs request to one of two web servers. On the web servers we have Apache 2 setup, primarily for rewrite functionality, and Tomcat 7 sitting behind Apache as the servlet container. We're using AJP for handling static content sitting on Apache.

The issue I'm hoping to get some direction on is that our load balancer is handling the SSL and certificates. So from my understanding all encryption/decryption is happening on the load balancer. The problem is I need to somehow tell Tomcat that the incoming request was over HTTPS so I can set the secure flag on our JSessionID cookie.

Currently everything seems to be working as far as handling requests and such, but I cannot seem to get the secure flag set. I know if Apache itself was handling the SSL I could configure a connector on Tomcat to know the the incoming request was secure, however how does it work with Apache as the middle man between the Coyote load balancer and Tomcat?

I'm not specifically looking for line by line configuration answers, but a high level configuration direction for example: configure such and such connector on Tomcat to handle requests from Apache which should have such and such setting so it knows it received a secure request from the load balancer, even though the load balancer is handling the decryption and SSL...

Basically how do I pass down a flag letting Tomcat know the original request was a secure request so I can ultimately set the secure flag on the JSESSIONID cookie. I know once the load balancer gets the requests and decrypts that generally I shouldn't have to worry about SSL from there, however for security scan concerns, they're insistent on having the JSESSIONID cookie's flag set to secure when behind HTTPS.  

Thanks in advance...
Watch Question
This problem has been solved!
Unlock 1 Answer and 3 Comments.
See Answer
Why Experts Exchange?

Experts Exchange always has the answer, or at the least points me in the correct direction! It is like having another employee that is extremely experienced.

Jim Murphy
Programmer at Smart IT Solutions

When asked, what has been your best career decision?

Deciding to stick with EE.

Mohamed Asif
Technical Department Head

Being involved with EE helped me to grow personally and professionally.

Carl Webster
CTP, Sr Infrastructure Consultant
Ask ANY Question

Connect with Certified Experts to gain insight and support on specific technology challenges including:

  • Troubleshooting
  • Research
  • Professional Opinions
Did You Know?

We've partnered with two important charities to provide clean water and computer science education to those who need it most. READ MORE