[midPoint] midPoint and load balancer with SSL offloading
Martin
martin.de at myself.com
Wed Mar 4 18:54:59 CET 2020
Hello there,
yes we configured midpoint to run behind traefik (loadbalancer for
docker). This feature was actually recently implemented into midpoint
4.1 (-SNAPSHOT) per our request.
You need to set the following in System Configuration.
/<infrastructure>/
/ <publicHttpUrlPattern>https://$host/midpoint</publicHttpUrlPattern>
/
/</infrastructure>/
Changing any settings for embedded tomcat is not required. (And did also
not work for us to achieve SSL offloading)
This solution will work for midpoint 4.1 and above.
In addition to that and prior to 4.1 we force a redirection from HTTP ->
HTTPS on the loadbalancer. This causes some additional redirects and
causes security issues when authentication headers and passwords are
involved but alteast it is a works.
(https://docs.traefik.io/v1.4/user-guide/examples/#http-redirect-on-https)
Best regards
Martin
Am 04.03.2020 um 16:24 schrieb Keith Hazelton:
> On behalf of Ned Morgan:
>
> Has anyone tackled configuring midPoint to work behind a load balancer
> with SSL offloading configured? I am attempting to do so and keep
> running into an issue where midPoint keeps redirecting the client to
> URLs over HTTP. I have tried various combinations of settings for the
> embedded tomcat to accept forwarded headers, but haven't had much luck.
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> https://lists.evolveum.com/mailman/listinfo/midpoint
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20200304/e4adf38e/attachment.htm>
More information about the midPoint
mailing list