<div dir="ltr"><div>I am currently using v4.0.1, which explains why it didn't work for me when I had tried setting publicHttpUrlPattern before. We implemented a redirect from HTTP to HTTPS on our load balancer to work around the issue until we update to 4.1. <br></div><div><br></div><div>Thanks for the helpful information! </div><div><br></div><div></div><div></div><br></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Wed, Mar 4, 2020 at 12:55 PM Martin <<a href="mailto:martin.de@myself.com" target="_blank">martin.de@myself.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<div>
<p>Hello there,</p>
<p><br>
</p>
<p>yes we configured midpoint to run behind traefik (loadbalancer
for docker). This feature was actually recently implemented into
midpoint 4.1 (-SNAPSHOT) per our request.</p>
<p><br>
</p>
<p>You need to set the following in System Configuration.</p>
<p><i><font size="-1"><infrastructure></font></i></p>
<p><i><font size="-1"><span> <publicHttpUrlPattern></span><span><span><a href="https://$host/midpoint" target="_blank">https://$host/midpoint</a></span></publicHttpUrlPattern></span><br>
</font></i></p>
<p><i><font size="-1"></infrastructure></font></i></p>
<p><br>
</p>
<p>Changing any settings for embedded tomcat is not required. (And
did also not work for us to achieve SSL offloading)</p>
<p><br>
</p>
<p>This solution will work for midpoint 4.1 and above.</p>
<p><br>
</p>
<p>In addition to that and prior to 4.1 we force a redirection from
HTTP -> HTTPS on the loadbalancer. This causes some additional
redirects and causes security issues when authentication headers
and passwords are involved but alteast it is a works.
(<a href="https://docs.traefik.io/v1.4/user-guide/examples/#http-redirect-on-https" target="_blank">https://docs.traefik.io/v1.4/user-guide/examples/#http-redirect-on-https</a>)
<br>
</p>
<p><br>
</p>
<p>Best regards</p>
<p>Martin</p>
<p><br>
</p>
<p> <br>
</p>
<div>Am 04.03.2020 um 16:24 schrieb Keith
Hazelton:<br>
</div>
<blockquote type="cite">
<div style="font-family:Calibri,Arial,Helvetica,sans-serif;font-size:12pt;color:rgb(0,0,0)">
On behalf of Ned Morgan:</div>
<div style="font-family:Calibri,Arial,Helvetica,sans-serif;font-size:12pt;color:rgb(0,0,0)">
<br>
</div>
<div style="font-family:Calibri,Arial,Helvetica,sans-serif;font-size:12pt;color:rgb(0,0,0)">
<span style="color:rgb(29,28,29);font-family:Slack-Lato,appleLogo,sans-serif;font-size:15px;font-variant-ligatures:common-ligatures;text-align:left;background-color:rgb(248,248,248);display:inline">Has anyone tackled
configuring midPoint to work behind a load balancer with SSL
offloading configured? I am attempting to do so and keep
running into an issue where midPoint keeps redirecting the
client to URLs over HTTP. I have tried various combinations of
settings for the embedded tomcat to accept forwarded headers,
but haven't had much luck.</span><br>
</div>
<br>
<fieldset></fieldset>
<pre>_______________________________________________
midPoint mailing list
<a href="mailto:midPoint@lists.evolveum.com" target="_blank">midPoint@lists.evolveum.com</a>
<a href="https://lists.evolveum.com/mailman/listinfo/midpoint" target="_blank">https://lists.evolveum.com/mailman/listinfo/midpoint</a>
</pre>
</blockquote>
</div>
_______________________________________________<br>
midPoint mailing list<br>
<a href="mailto:midPoint@lists.evolveum.com" target="_blank">midPoint@lists.evolveum.com</a><br>
<a href="https://lists.evolveum.com/mailman/listinfo/midpoint" rel="noreferrer" target="_blank">https://lists.evolveum.com/mailman/listinfo/midpoint</a><br>
</blockquote></div>