Handling HTTPS Connection to Tomcat on AWS with AWS Load balancer

The problem

You have an awesome Java app that is growing like crazy and you need to be on top of it. You will start spawning servers to scale horizontally and putting a reliable balancer in front. AWS ELB is a good one but it will not solve all your needs out of the box. You need to tweak it a little bit to fit your needs.
Your app is secure, you have a SSL certificate installed but the problem is how do I redirect or force all HTTP traffic to HTTPS ?

The approach

Put an NGINX in each Tomcat instance. You will say.. another webserver ? yes, another one. Another point of failure but a very reliable one. Nginx is super reliable and has the smallest footprint I ever seen in a serious web server. (NodeJS is not a serious one, that is why people puts NGINX in front of it)

NGINX Config

NGINX will rewrite all requests to the ELB calling the HTTPS port utilizing status 301.

server {
  listen 80;
  server_name myhost.com;
  # add ssl settings
  return 301 https://myhost.com$request_uri;
}


Tomcat config

Now you need to touch the server.xml configuration of Tomcat (located @ $TOMCAT/conf/server.xml) .
<Connector scheme="https" secure="true" proxyPort="443"
  port="8080" protocol="HTTP/1.1"
  connectionTimeout="25000"
  URIEncoding="UTF-8"
  redirectPort="8443" />

Amazon Elastic Load Balancer

You are not done yet. You have to configure in the AWS ELB the following listeners.
 HTTP 80 -> HTTP 80 (nginx)
 HTTPS 443 -> HTTP 8080 (tomcat)
I hope it works for you.

Comments

Post a Comment

Popular posts from this blog

LLRP XML Messages

XML Messages: <!-- begin snippet: js hide: false --> <!-- language: lang-html -->      989  [Thread-2] INFO  com.dexter.experiments.LLRPHelloWorld  - Received Message:     org.llrp.ltk.generated.messages.READER_EVENT_NOTIFICATION@3e9064fd     989  [main] INFO  com.dexter.experiments.LLRPHelloWorld  - Connection attempt was successful     994  [Thread-2] INFO  com.dexter.experiments.LLRPHelloWorld  - Received Message:     org.llrp.ltk.generated.messages.READER_EVENT_NOTIFICATION@722d50e0     1237 [main] INFO  com.dexter.experiments.LLRPHelloWorld  -  Sending message:     <?xml version="1.0" encoding="UTF-8"?>     <llrp:GET_READER_CAPABILITIES xmlns:llrp="http://www.llrp.org/ltk/schema/core/encoding/xml/1.0" Version="1" MessageID="0">       <llrp:RequestedData>All</llrp:RequestedData...
Read more

Linux Upstart script for tomcat

#!/bin/bash # description: Tomcat Start Stop Restart # processname: tomcat # chkconfig: 234 20 80 #Uncomment services you would like to start  JAVA_HOME=/opt/jrockit export JAVA_HOME PATH=$JAVA_HOME/bin:$PATH export PATH TOMCAT_HOME=/opt/jweb/daemon/tomcat/bin export AMQ_HOME=/opt/jweb/daemon/amq58/bin export LCJMS_HOME=/opt/jweb/daemon/jmsd case $1 in start) /bin/su tom  -c $AMQ_HOME/startup.sh /bin/su tom  -c $TOMCAT_HOME/startup.sh #/bin/su tom  -c $LCJMS_HOME/startup.sh ;;  stop)    /bin/su tom  -c $TOMCAT_HOME/shutdown.sh ;;  restart) /bin/su tom  -c $TOMCAT_HOME/shutdown.sh /bin/su tom  -c $TOMCAT_HOME/startup.sh ;;  esac     exit 0 ## Once you create this script run following command on ubuntu to make it available on boot For Ubuntu:: # update-rc.d <scriptname> defaults For RHEL/Centos/OEL Step 1:  ...
Read more

Linux Custom startup and shutdown script for java or any server application

Startup: #!/bin/bash export JAVA_HOME=/usr/lib/jvm/java-8-oracle export PATH=$PATH:/$JAVA_HOME/bin cd /opt/jweb/daemon/jmsd/ #kill old instance .. just a cleanup pid=`cat ./mpid` kill $pid sleep 2 kill -9 $pid #Following lines will create file name for old log file and archiving it  n=`date +'%F_%T.out'` echo $n mv lcj.out $n gzip -9vf $n #hadoop jar lcjmsdaemon.jar 1 ./applicationContext.xml & #hadoop jar lcjmsdaemon.jar 1 > ./lcj.out 2>&1 & java -server -jar logger.jar & echo $! > ./mpid Shutdown: #!/bin/bash  cd /opt/jweb/daemon/jmsd/ pid=`cat ./mpid` kill $pid sleep 2 kill -9 $pid
Read more