[mod_cluster-issues] [JBoss JIRA] (MODCLUSTER-296) Set X_FORWARDED_PROTO header when serving SSL

Wed Apr 25 11:01:17 EDT 2012

    [ https://issues.jboss.org/browse/MODCLUSTER-296?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12687634#comment-12687634 ] 

Jean-Frederic Clere commented on MODCLUSTER-296:
------------------------------------------------

what back-end are you using?

> Set X_FORWARDED_PROTO header when serving SSL
> ---------------------------------------------
>
>                 Key: MODCLUSTER-296
>                 URL: https://issues.jboss.org/browse/MODCLUSTER-296
>             Project: mod_cluster
>          Issue Type: Feature Request
>            Reporter: Kevin Menard
>            Assignee: Jean-Frederic Clere
>
> I'm using mod_cluster to connect my Torquebox server to Apache 2, serving up a Rails application.  Since SSL termination is occurring at the Apache level, all communication between Apache and Torquebox (AS 7.1) is done without SSL.  Rails then thinks it's working over plain HTTP and alters it's behavior accordingly: any generated URLs will use the "http" scheme and it will not allow the creation of cookies with the "secure" attribute set.  I don't know if other frameworks behave similarly, but I suspect some do.
> As it turns out, setting the X_FORWARDED_PROTO header to "https" fixes the problem in Rails.  It then knows that it's being served up over SSL.  I've added it to my vhost, but it'd be nice if mod_cluster handled this out of the box.  Unlike other proxy startegies, there's no clear way to tell mod_cluster to communicate over a secure channel to the AS instance.  I think setting this header then is in keeping with the expected behavior.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.jboss.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira