[midPoint] Reverse proxying midPoint no longer works with 3.9

Ramón Cahenzli ramon.cahenzli at zhdk.ch
Tue Aug 27 08:50:41 CEST 2019


Hi Steve,

<snip>

> That works, though it’s a hack.

Oh my. Yeah, it does seem like a hack, but thanks -- we could use it as
a last resort.

This shouldn't really be necessary since the headers we give to
midPoint (or its embedded Tomcat) should be enough for it to construct
the correct redirects and URLs, shouldn't they? Other web applications
where I do SSL via Apache reverse proxying seem to work fine this way.

Also this is a bit wasteful since we'd be encrypting and decrypting
the same traffic twice for no benefit. I wonder why the solution
without this worked for Stacy -- I presume port 80 is open on their
midPoint servers and redirecting to HTTPS. It *does* work this way for
us, but as soon as you close port 80, it's game over.

Should I open an issue in Jira for this?

Cheers,

-- 
—
—
Zürcher Hochschule der Künste
Zurich University of the Arts
—
Ramón Cahenzli, MSc.
IT Architect
—
Pfingstweidstrasse 96, Postfach, 8031 Zürich
Tel. +41 43 446 31 63, Fax +41 43 446 45 21
ramon.cahenzli at zhdk.chhttp://www.zhdk.ch
http://itz.zhdk.ch



More information about the midPoint mailing list