| 311 | |
| 312 | '''Nota:''' En caso de tener un servidor proxy y el proporcionará el servicio https con los certificados SSL, se debe obviar todos los pasos anteriores y solo agregar las siguientes lineas en server.xml: |
| 313 | |
| 314 | {{{ |
| 315 | root@debian9:/var/lib/tomcat8/conf# vim server.xml |
| 316 | }}} |
| 317 | |
| 318 | {{{ |
| 319 | <!-- Mark HTTP as HTTPS forward from SSL termination at nginx proxy --> |
| 320 | <Valve className="org.apache.catalina.valves.RemoteIpValve" |
| 321 | remoteIpHeader="x-forwarded-for" |
| 322 | remoteIpProxiesHeader="x-forwarded-by" |
| 323 | protocolHeader="x-forwarded-proto" |
| 324 | internalProxies="X\.X\.X\.X"/> |
| 325 | |
| 326 | Donde X.X.X.X es la dirección IP de escucha del servicio Proxy. |
| 327 | }}} |
| 328 | |
| 329 | Posteriormente agregar las siguientes lineas en web.xml (@@ -391,18 +391,6 @@) |
| 330 | |
| 331 | {{{ |
| 332 | root@debian9:/var/lib/tomcat8/conf# vim web.xml |
| 333 | }}} |
| 334 | {{{ |
| 335 | <!-- agregado para redirigir trafico HTTP a HTTPS --> |
| 336 | <security-constraint> |
| 337 | <web-resource-collection> |
| 338 | <web-resource-name>Protected Context</web-resource-name> |
| 339 | <url-pattern>/*</url-pattern> |
| 340 | </web-resource-collection> |
| 341 | <!-- auth-constraint goes here if you requre authentication --> |
| 342 | <user-data-constraint> |
| 343 | <transport-guarantee>CONFIDENTIAL</transport-guarantee> |
| 344 | </user-data-constraint> |
| 345 | </security-constraint> |
| 346 | }}} |
| 347 | |