Fixes #20713. Set protocolHeader="X-Forwarded-Proto".

2021-02-15 15:09:41 +01:00 · 2021-02-15 15:09:41 +01:00 · 94cdecc62a
parent a80dc894f3
commit 94cdecc62a
1 changed files with 10 additions and 3 deletions
--- a/templates/tomcat-server.xml.j2
+++ b/templates/tomcat-server.xml.j2
@ -98,6 +98,16 @@
    
    <Engine name="Catalina" defaultHost="localhost">

+{% if not item.ajp_enabled %}
+      <!-- Automatically substitutes the IP with the one contained
+             in the x-forwarded-for header if that header is set -->
+           <Valve className="org.apache.catalina.valves.RemoteIpValve"
+                  remoteIpHeader="X-Forwarded-For"
+                  protocolHeader="X-Forwarded-Proto"
+                  protocolHeaderHttpsValue="https"
+                  />
+{% endif %}
+
      <!-- Use the LockOutRealm to prevent attempts to guess user passwords
           via a brute-force attack -->
      <Realm className="org.apache.catalina.realm.LockOutRealm">
@ -123,9 +133,6 @@
            >

 {% if item.access_log_enabled %}
-        <!-- Automatically substitutes the IP with the one contained
-             in the x-forwarded-for header if that header is set -->
-        <Valve className="org.apache.catalina.valves.RemoteIpValve" />
        <!-- Access log processes all example.
             Documentation at: /docs/config/valve.html
             Note: The pattern used is equivalent to using pattern="combined" -->