TIBCO Spotfire® Server and Environment - Installation and Administration

Terminating TLS in a load balancer or reverse proxy

You can make the server behave as if it uses HTTPS (e.g., set secure cookies etc.) by providing some parameters in the HTTP Tomcat connector, present in server.xml, even when the server itself has not been configured with HTTPS.

About this task

If HTTPS is enabled on the Spotfire Server, then this results in a number of behavior changes, including that HTTP session cookies are marked as secure.

However, it is also possible to configure a load balancer or reverse-proxy with HTTPS, and use plain HTTP between the load balancer and the Spotfire Server. In these cases, the Spotfire Server will not automatically know that the connection is secure (from the client's point of view) and it will need some additional steps to set the secure attribute on cookies.

To indicate that the connection should be seen as secure, even though it uses HTTP, follow the instructions below:
Note: These steps must be performed on all servers in a cluster.

Procedure

  1. Open the following file in an XML editor or a text editor: <server installation dir>/tomcat/conf/server.xml
  2. Locate the information about the HTTP connector (at the top of the file).
  3. Add the following attributes to the list:
    scheme="https"
    secure="true"
    proxyPort="443" (or the port that your load balancer uses)
    proxyName="example.com" (the host name of your load balancer)
    The most important attribute here is secure – the other attributes are used only in some special cases (normally, the configured public address is used instead).
  4. Save and close the file.
  5. Restart the Spotfire Server.

Example:

<Connector port="80"
	maxHttpHeaderSize="65536"
	connectionTimeout="30000"
	enableLookups="false"
	URIEncoding="UTF-8"
	disableUploadTimeout="true"
	server="TIBCO Spotfire Server"
	compression="on"
	compressibleMimeType="text/html,text/xml,text/plain,text/css,application/json,application/javascript,image/svg+xml,application/xml"
	acceptorThreadCount="2"
	keepAliveTimeout="30000"
	maxKeepAliveRequests="-1"
	maxThreads="2000"
	scheme="https"
	secure="true"
	proxyPort="443" 
	proxyName="example.com"/>
Copyright © Cloud Software Group, Inc. All rights reserved.