未检测到执行 ssl 终止会话时的 Tomcat [英] Tomcat when doing ssl termination session isn't detected
问题描述
当使用 nginx(Kubernetes 集群中的 nginx 控制器)执行 SSL 终止并将数据作为纯 HTTP 发送到 apache 和 tomcat 时,会有什么不同吗?这可能会阻止我们的应用程序检测登录会话?
Could anything be different when using nginx (nginx controller in Kubernetes cluster) to do SSL termination and sending data to apache and tomcat as plain HTTP which could prevent our app from detecting the login session?
一切正常,希望我们的应用程序有一个名为 DetectLogin 的类,并且在使用 nginx SSL 终止时它不会检测到用户会话.如果我禁用 nginx SSL 终止并启用 SSL 直通,那么我们的应用程序可以检测到登录会话.
Everything works fine expect that our app has something called DetectLogin class and it doesn't detect the user session when using nginx SSL termination. If I disable nginx SSL termination and enable SSL passthrough then our app can detect the Login session.
在日志中,我看到 Port 8009 AJP 端口正在处理检测登录,但未检测到会话.
In the logs I see that Port 8009 AJP port is handling the detect login but it isn't detecting the session.
我们的流量就像 LB ->Nginx 控制器 ->Apache httpd(用于静态内容)->Tomcat(用于提供 JSP 内容).Apache使用(mod_jk)使用AJP端口转发所有与tomcat相关的JSP.
Our traffic flow is like LB -> Nginx controller -> Apache httpd (for static content) -> Tomcat (for serving JSP content). Apache forwards all JSP related to tomcat using AJP port using (mod_jk).
任何有关故障排除的建议都会有所帮助.
Any suggestions on troubleshooting this will help.
推荐答案
@Piotr P. Karwasz 感谢您的评论,我能够弄清楚 nginx 会话 cookie 名称与 TOMCAT cookie 名称相同.我禁用了以下所有功能,因为我只是在测试它是否有任何效果.禁用或更改 session-cookie-name 解决了该问题.
@Piotr P. Karwasz Thanks for your comment I was able to figure out that nginx session cookie name was same as TOMCAT cookie name. I disabled all of the following since I was just testing if it had any effect. Disabling or changing the session-cookie-name resolved the issue.
nginx.ingress.kubernetes.io/affinity: "cookie"
nginx.ingress.kubernetes.io/session-cookie-name: "JSESSIONID"
nginx.ingress.kubernetes.io/affinity-mode: "persistent"
nginx.ingress.kubernetes.io/session-cookie-expires: "172800"
nginx.ingress.kubernetes.io/session-cookie-max-age: "172800"
这篇关于未检测到执行 ssl 终止会话时的 Tomcat的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
