Skip to Content
1
Former Member
May 22, 2018 at 05:15 PM

HTTPS HYBRIS: How to configure Hybris for SSL offloading

963 Views

Hi,

I'm trying to do the SSL offloading in my Load Balancer. I'm dealing with the configuration in order to allow Hybris to work correctly. I attached my configuration in order to show my scenarios.

Apache Frontal Node Default Virtual Host

 #RequestHeader set X-Forwarded-Proto "https"
 ProxyPass "/" "ajp://172.23.24.153:8009/"
 ProxyPassReverse "/" "ajp://172.23.24.153:8009/"

Apache Frontal Node SSL Virtual Host

 #RequestHeader set X-Forwarded-Proto "https"
 ProxyPass "/" "ajp://172.23.24.153:8009/"
 ProxyPassReverse "/" "ajp://172.23.24.153:8009/"

Tomcat Hybris using the AJP connector at port 8009

 <Valve className="org.apache.catalina.valves.RemoteIpValve"
 remoteIpHeader="x-forwarded-for"
 proxiesHeader="x-forwarded-by"
 protocolHeader="x-forwarded-proto"
 />

Hybris:

 OOTB - No modification spring-security-conf.xml

[CUSTOMER BROWSER]---HTTPS--->[LOADBALANCER HTTPS]----HTTP--->[APACHE]---AJP13--->[HYBRIS-TOMCAT] -> Ideal configuration for working in SSL offloading in Load Balancer.

Scenario 1)

With the previous configuration I'm able to connect to my hybris node, but all the times is using the HTTPS connection as is defined in the spring-security-conf. xml OOTB, so the SSL offloading done it the Load Balancer is not useful as the Apache -> Tomcat done a SSL connection again. Hybris still working all the time in HTTPS mode and evething works well. However, this is not the target to accomplish.

Scenario 2)

In this scenario I uncommented the 'RequestHeader set X-Forwarded-Proto "https"' from the Apache virtual host and when I'm trying to connect to Hybris the connection is in HTTP. I'm able to enter in my website without the internal redirection. The issue appears at the moment to register a user (for example), as this error shows:

 http://IP/site/en/EUR/j_spring_security_check -> Server Error -> WARN  [ajp-bio-8009-exec-60]   [10.34.19.129] [PageNotFound] Request method 'POST' not supported

Looks, that this action form tries to establish an HTTPS connection or something and the server crashes. What is the configuration directive for "web/webroot/WEB-INF/config/spring-security-config.xml" to tell the hybris application that the connection is secure and that there is no need to rewrite the connection? Is something missing in order to fix this issue?

Regards, Pau