Spring/spring-boot
Spring/spring-boot
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-boot.git synced 2024-07-15 01:07:30 +08:00
Code Issues Packages Projects Releases Wiki Activity

Tighten up documentation on SSL and HTTPS

Browse Source 
Fixes gh-640
This commit is contained in:
Phillip Webb 2014-04-23 23:24:59 +01:00
parent 59496abf85
commit 6268322c76
1 changed files with 28 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

34
spring-boot-docs/src/main/asciidoc/howto.adoc
View File

@ -448,6 +448,8 @@ that sets up the connector to be secure:
} }
---- ----
[[howto-enable-multiple-connectors-in-tomcat]] [[howto-enable-multiple-connectors-in-tomcat]]
=== Enable Multiple Connectors Tomcat === Enable Multiple Connectors Tomcat
Add a `org.apache.catalina.connector.Connector` to the Add a `org.apache.catalina.connector.Connector` to the
@ -488,6 +490,26 @@ HTTPS connector:
---- ----
[[howto-use-tomcat-behind-a-proxy-server]]
=== Use Tomcat behind a front-end proxy server
Spring Boot will automatically configure Tomcat's `RemoteIpValve` if it detects some
environment settings. This allows you to transparently use the standard `x-forwarded-for`
and `x-forwarded-proto` headers that most front-end proxy servers add.
You can switch on the valve by adding some entries to application.properties, e.g.
[indent=0]
----
server.tomcat.remote_ip_header=x-forwarded-for
server.tomcat.protocol_header=x-forwarded-proto
----
Alternatively, you can add the `RemoteIpValve` yourself by adding a
`TomcatEmbeddedServletContainerFactory` bean.
[[howto-use-jetty-instead-of-tomcat]] [[howto-use-jetty-instead-of-tomcat]]
=== Use Jetty instead of Tomcat === Use Jetty instead of Tomcat
The Spring Boot starters (`spring-boot-starter-web` in particular) use Tomcat as an The Spring Boot starters (`spring-boot-starter-web` in particular) use Tomcat as an
@ -1163,16 +1185,16 @@ is a useful template to follow.
[[howto-enable-https]] [[howto-enable-https]]
=== Enable HTTPS === Enable HTTPS when running behind a proxy server
Ensuring that all your main endpoints are only available over HTTPS is an important Ensuring that all your main endpoints are only available over HTTPS is an important
chore for any application. If you are using Tomcat as a servlet container, then chore for any application. If you are using Tomcat as a servlet container, then
Spring Boot will add Tomcat's own `RemoteIpValve` automatically if it detects some Spring Boot will add Tomcat's own `RemoteIpValve` automatically if it detects some
environment settings, and you should be able to rely on the `HttpServletRequest` to environment settings, and you should be able to rely on the `HttpServletRequest` to
report whether it is secure or not (even downstream of the real SSL termination). The report whether it is secure or not (even downstream of a proxy server that handles the
standard behavior is determined by the presence or absence of certain request headers real SSL termination). The standard behavior is determined by the presence or absence of
(`x-forwarded-for` and `x-forwarded-proto`), whose names are conventional, so it should certain request headers (`x-forwarded-for` and `x-forwarded-proto`), whose names are
work with most front end proxies. You can switch on the valve by adding some entries to conventional, so it should work with most front end proxies. You can switch on the valve
`application.properties`, e.g. by adding some entries to `application.properties`, e.g.
[source,properties,indent=0] [source,properties,indent=0]
---- ----