Glassfish 3.1.2.2 behind an SSL terminating load balancer

Question

The organisation I'm working for is currently running an application on Glassfish 3.1.2.2 behind a hardware (same issue with software/cloud) load balancer that is also in charge of SSL termination. We are currently having issues with Glassfish not knowing that it is behind an SSL connection and therefor generating certain things incorrectly. Specifically the following:

• session cookies are not flagged as secure
• redirects generated from Glassfish are done as http:// instead of https://
• request.isSecure() is not returning the correct value
• request.getScheme() is not returning the correct value

In theory we could rewrite all of these things in the load balancer, but on previous projects using Tomcat and have been able to solve all of them at the container level.

In Tomcat I can just set the secure flag and the scheme value on the HTTP connector definition and everything is good to go. But I can't seem to find equivalents on Glassfish.

Anyone have any ides?

Answer 1

If your load balancer provides X-Forwarded-Proto header you can try to use scheme-mapping attribute in the http definition of your domain.xml:

<http default-virtual-server="server"
      max-connections="100"
      scheme-mapping="X-Forwarded-Proto">...

For example nginx can be configured to provide this header very easily:

location / {
    proxy_set_header X-Forwarded-Proto https;
    proxy_pass http://glassfish;
}

Looks like glassfish has some known issues related to scheme-mapping support though.