Terminating TLS in a load balancer or reverse proxy
If HTTPS is enabled on the Spotfire Server, then this results in a number of behavior changes, including that HTTP session cookies are marked as secure. However, it is also possible to configure a load balancer or reverse-proxy with HTTPS, and use plain HTTP between the load balancer and the Spotfire Server.
About this task
In these cases, the Spotfire Server will not automatically know that the connection is secure (from the client's point of view) and it will take some additional steps to set the secure attribute on cookies.
- Using the SpotfireRemoteIpValve to configure Spotfire Server with a load balancer or reverse-proxy
The recommended way to use a load balancer or reverse proxy in front of the Spotfire Server is to enable and configureSpotfireRemoteIpValve
. - Setting the Server attributes to secure by modifying configuration files for each server
As an alternative to using theSpotfireRemoteIpValve
to configure Spotfire Server with a load balancer or reverse-proxy, you can also make the server behave as if it uses HTTPS (e.g., set secure cookies etc.) by providing some parameters in the HTTP Tomcat connector, present in server.xml. Note, however, that this method requires changes on all servers in the cluster, whereas the filter configuration only needs to be done once.
- Using the SpotfireRemoteIpValve to configure Spotfire Server with a load balancer or reverse-proxy
The recommended way to use a load balancer or reverse proxy in front of the Spotfire Server is to enable and configureSpotfireRemoteIpValve
. - Setting the Server attributes to secure by modifying configuration files for each server
As an alternative to using theSpotfireRemoteIpValve
to configure Spotfire Server with a load balancer or reverse-proxy, you can also make the server behave as if it uses HTTPS (e.g., set secure cookies etc.) by providing some parameters in the HTTP Tomcat connector, present in server.xml. Note, however, that this method requires changes on all servers in the cluster, whereas the filter configuration only needs to be done once.
Parent topic: Clustered server deployments
Related concepts