6.3 and 6.4 Deploy embedded Tomcat container behind proxy does not work.
317 views
Skip to first unread message
William Jojo
Nov 14, 2021, 6:08:11 PM11/14/21
to CAS Community
Hello all,
Whenever I try to used the Fawnoos doc on configuring the CAS (6.3 or 6.4) embedded Tomcat behind a proxy, I always get:
The AJP Connector is configured with secretRequired="true" but the secret attribute is either null or "". This combination is not valid.
Even with the following:
server.port=8080
server.ssl.enabled=false
cas.server.tomcat.http.enabled=false
cas.server.tomcat.http-proxy.enabled=true
cas.server.tomcat.http-proxy.secure=true
cas.server.tomcat.http-proxy.scheme=https
If I turn all that off and let it start on the default of 8443, then it runs, but not the way it was intended.
Any thoughts on this?
Thank you!
Bill
William Jojo
Nov 14, 2021, 7:14:45 PM11/14/21
to CAS Community, William Jojo
Well, it seems adding the following:
cas.server.tomcat.http-Proxy.protocol=HTTP/1.1
Makes a difference. Not entirely sure why. Can anyone shed light on this?
Thank you!
Bill
William Jojo
Nov 14, 2021, 8:26:08 PM11/14/21
to CAS Community
Ugh, of course it makes a difference. It is not using AJP any more... Clearly some rest is in order...
Bill
He Vincent
Nov 15, 2021, 1:20:38 AM11/15/21
to CAS Community, William Jojo
I guess AJP is used for Apache httpd only.
I use Nginx instead, it works fine.
Pascal Rigaux
Nov 15, 2021, 2:48:14 AM11/15/21
to cas-...@apereo.org
NB : an alternative to cas.server.tomcat.http-proxy.* is server.tomcat.remoteip.internal-proxies (on CAS 6.4), cf https://tomcat.apache.org/tomcat-8.0-doc/api/org/apache/catalina/valves/RemoteIpValve.html
NB2 : it requires rev proxy to set some headers.
- nginx : proxy_set_header X-Forwarded-Proto $scheme
- apache2 httpd : RequestHeader set X-Forwarded-Proto expr=%{REQUEST_SCHEME}
On 15/11/2021 00:07, William Jojo wrote:
> Hello all,
>
> Whenever I try to used the Fawnoos doc on configuring the CAS (6.3 or 6.4) embedded Tomcat behind a proxy, I always get:
>
> *The AJP Connector is configured with secretRequired="true" but the secret attribute is either null or "". This combination is not valid.*
NB2 : it requires rev proxy to set some headers.
- nginx : proxy_set_header X-Forwarded-Proto $scheme
- apache2 httpd : RequestHeader set X-Forwarded-Proto expr=%{REQUEST_SCHEME}
On 15/11/2021 00:07, William Jojo wrote:
> Hello all,
>
> Whenever I try to used the Fawnoos doc on configuring the CAS (6.3 or 6.4) embedded Tomcat behind a proxy, I always get:
>
William Jojo
Nov 15, 2021, 6:46:36 AM11/15/21
to CAS Community
Pascal,
I will take a look at these as well.
Bill
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/13b9ce6d-c47a-d57d-e02f-ed23e15cf206%40univ-paris1.fr.
Reply all
Reply to author
Forward
0 new messages