• United States
IBM?
  • Site map
IBM?
  • Marketplace

  • Close
    Search
  • Sign in
    • Sign in
    • Register
  • IBM Navigation
IBM Developer Answers
  • Spaces
    • Blockchain
    • IBM Cloud platform
    • Internet of Things
    • Predictive Analytics
    • Watson
    • See all spaces
  • Tags
  • Users
  • Badges
  • FAQ
  • Help
Close

Name

Community

  • Learn
  • Develop
  • Connect

Discover IBM

  • ConnectMarketplace
  • Products
  • Services
  • Industries
  • Careers
  • Partners
  • Support
10.190.13.195

Refine your search by using the following advanced search options.

Criteria Usage
Questions with keyword1 or keyword2 keyword1 keyword2
Questions with a mandatory word, e.g. keyword2 keyword1 +keyword2
Questions excluding a word, e.g. keyword2 keyword1 -keyword2
Questions with keyword(s) and a specific tag keyword1 [tag1]
Questions with keyword(s) and either of two or more specific tags keyword1 [tag1] [tag2]
To search for all posts by a user or all posts with a specific tag, start typing and choose from the suggestion list. Do not use a plus or minus sign with a tag, e.g., +[tag1].
  • Ask a question

Simple Java HelloWorld webapp redirect http/https fails on IBM Bluemix but works on Pivotal CF

3100012DPK gravatar image
Question by CodeConjecture  (18) | Dec 22, 2015 at 11:25 AM sslcloudfoundryjava8ibmcloudtomcatbuildpack

There may be a significant IBM Bluemix infrastructure configuration issue on the load balancing side for Cloud Foundry Java Community Buildpacks. IBM Bluemix support team, I would greatly appreciate some feedback.

I am using IBM Bluemix with the Java Community Buildpack (not Liberty), which by default uses Tomcat. I am trying to enable all redirects from http to https, but keep getting a "Too Many Redirects" error message when visiting the webapp in a browser.

Here is the relevant web.xml portion

 <security-constraint>
     <web-resource-collection>
         <web-resource-name>Wildcard means whole app requires authentication</web-resource-name>
         <url-pattern>/*</url-pattern>
         <http-method>GET</http-method>
         <http-method>POST</http-method>
     </web-resource-collection>

     <user-data-constraint>
         <transport-guarantee>CONFIDENTIAL</transport-guarantee>
     </user-data-constraint>
 </security-constraint>

The Java Community Buildpack server.xml, https://github.com/cloudfoundry/java-buildpack/blob/master/resources/tomcat/conf/server.xml, already references:

 <Valve className="org.apache.catalina.valves.RemoteIpValve" protocolHeader="x-forwarded-proto"/>

The best IBM BLuemix link I could find on this is: https://developer.ibm.com/answers/questions/16016/how-do-i-enforce-ssl-for-my-bluemix-application.html, but this does not address Java Community Buildpacks. Furthermore, you'll see that this post mentioned that the proper header is indeed set, "X-Forwarded-Proto"

Any help would be appreciated. Very time sensitive requirement.

Here is a github with the sample app being tested, https://github.com/codeconjecture/bluemix-tomcat-ssl-redirect-fail

Here is the same app failing on Bluemix: http://tomcatredirect.mybluemix.net/hello.jsp (too many redirects error) https://tomcatredirect.mybluemix.net/hello.jsp (too many redirects error)

Here is the same app working on Pivotal CF: http://tomcatredirect.cfapps.io/hello.jsp (redirect to https) https://tomcatredirect.cfapps.io/hello.jsp (works on https)

After checking out, you can push the code with cf push <testappname> -p test.war -b https://github.com/cloudfoundry/java-buildpack

Manglu Balasubramanian

People who like this

  1
Comment
10 |3000 characters needed characters left characters exceeded
  • Viewable by all users
  • Viewable by moderators
  • Viewable by moderators and the original poster

1 reply

  • Sort: 
270007SYRY gravatar image

Answer by jmarrero (16) | Oct 18, 2016 at 02:59 PM

The issue is that the proxy addresses that Bluemix uses are not trusted by tomcat. To accomplish this, just add the internalProxies='.*' configuration option to the RemoteIpValve.

This should look like this in the server.xml:

         <Valve className='org.apache.catalina.valves.RemoteIpValve' protocolHeader='x-forwarded-proto' internalProxies='.*' />

The current default one in the buildpack does not have the internalProxies setting but includes the protocolHeader='x-forwarded-proto'.

         <Valve className='org.apache.catalina.valves.RemoteIpValve' protocolHeader='x-forwarded-proto' />

Documentation about the Valve can be found here: https://tomcat.apache.org/tomcat-7.0-doc/api/org/apache/catalina/valves/RemoteIpValve.html

This details the usage of the RemoteIpValve and gives the option of trusting proxies.

Comment
Manglu Balasubramanian

People who like this

  1   Share
10 |3000 characters needed characters left characters exceeded
  • Viewable by all users
  • Viewable by moderators
  • Viewable by moderators and the original poster

Follow this question

75 people are following this question.

Answers

Answers & comments

Related questions

Which PHP buildpack after migration to cflinuxfs2 stack for DB2 connection? 1 Answer

Cloud Foundry Java / tomcat build pack for 1.7 3 Answers

cf push fails due to buildpack issue 1 Answer

Bluemix showing wrong buildpack 2 Answers

Buildpack for application fails 3 Answers

  • Contact
  • Privacy
  • IBM Developer Terms of use
  • Accessibility
  • Report Abuse
  • Cookie Preferences

Powered by AnswerHub

Authentication check. Please ignore.
  • Anonymous
  • Sign in
  • Create
  • Ask a question
  • Spaces
  • API Connect
  • Analytic Hybrid Cloud Core
  • Application Performance Management
  • Appsecdev
  • BPM
  • Blockchain
  • Business Transaction Intelligence
  • CAPI
  • CAPI SNAP
  • CICS
  • Cloud Analytics
  • Cloud Automation
  • Cloud Object Storage
  • Cloud marketplace
  • Collaboration
  • Content Services (ECM)
  • Continuous Testing
  • Courses
  • Customer Experience Analytics
  • DB2 LUW
  • DataPower
  • Decision Optimization
  • DevOps Services
  • Developers IBM MX
  • Digital Commerce
  • Digital Experience
  • Finance
  • Global Entrepreneur Program
  • Hadoop
  • Hybrid Cloud Core
  • IBM Cloud platform
  • IBM Design
  • IBM Forms Experience Builder
  • IBM Maximo Developer
  • IBM StoredIQ
  • IBM StoredIQ-Cartridges
  • IIDR
  • ITOA
  • InformationServer
  • Integration Bus
  • Internet of Things
  • Kenexa
  • Linux on Power
  • LinuxONE
  • MDM
  • Mainframe
  • Messaging
  • Node.js
  • ODM
  • Open
  • PowerAI
  • PowerVC
  • Predictive Analytics
  • Product Insights
  • PureData for Analytics
  • Push
  • QRadar App Development
  • Run Book Automation
  • Search Insights
  • Security Core
  • Storage
  • Storage Core
  • Streamsdev
  • Supply Chain Business Network
  • Supply Chain Insights
  • Swift
  • UBX Capture
  • Universal Behavior Exchange
  • UrbanCode
  • WASdev
  • WSRR
  • Watson
  • Watson Campaign Automation
  • Watson Content Hub
  • Watson Marketing Insights
  • dW Answers Help
  • dW Premium
  • developerWorks Sandbox
  • developerWorks Team
  • Watson Health
  • More
  • Tags
  • Questions
  • Users
  • Badges