HTTPS Using External SSL Termination

Yellowfin FAQ shared this question 1 month ago
Answered

I manage my Certificate for HTTPS through an external source, such as a load balancer or other external device.

Yellowfin keeps reverting to HTTP in this case. Is it possible to prevent Yellowfin from reverting to HTTP?

Best Answer
photo

If you are managing your certificate using an external device, you can tell Yellowfin to expect the HTTPS protocol on the standard connector.

Edit your <YellowfinInstall>/appserver/conf/server.xml file and find your connector port. We need to add the following parameters to the port to tell Tomcat to expect HTTPS: scheme="https" secure="true":

    <Connector port="8080" protocol="HTTP/1.1" maxHttpHeaderSize="8192"
               maxThreads="150" minSpareThreads="25"
               enableLookups="false" redirectPort="8443" acceptCount="100"
               connectionTimeout="20000" disableUploadTimeout="true"
               URIEncoding="UTF-8" compression="on" compressionMinSize="2048"
               noCompressionUserAgents="gozilla, traviata"
               compressibleMimeType="text/html,application/x-javascript,text/css,application/javascript,text/javascript,text/plain,text/xml,application/json,application/vnd.ms-fontobject,application/x-font-opentype,application/x-font-truetype,application/x-font-ttf,application/xml,font/eot,font/opentype,font/otf,image/svg+xml,image/vnd.microsoft.icon,image/svg,text/comma-separated-values,application/csv" 
               useSendfile="false" 
               scheme="https" secure="true" />

This should resolve any failures to redirect to the proper HTTPS protocol.

Thanks,

Ryan

Comments (1)

photo
2

If you are managing your certificate using an external device, you can tell Yellowfin to expect the HTTPS protocol on the standard connector.

Edit your <YellowfinInstall>/appserver/conf/server.xml file and find your connector port. We need to add the following parameters to the port to tell Tomcat to expect HTTPS: scheme="https" secure="true":

    <Connector port="8080" protocol="HTTP/1.1" maxHttpHeaderSize="8192"
               maxThreads="150" minSpareThreads="25"
               enableLookups="false" redirectPort="8443" acceptCount="100"
               connectionTimeout="20000" disableUploadTimeout="true"
               URIEncoding="UTF-8" compression="on" compressionMinSize="2048"
               noCompressionUserAgents="gozilla, traviata"
               compressibleMimeType="text/html,application/x-javascript,text/css,application/javascript,text/javascript,text/plain,text/xml,application/json,application/vnd.ms-fontobject,application/x-font-opentype,application/x-font-truetype,application/x-font-ttf,application/xml,font/eot,font/opentype,font/otf,image/svg+xml,image/vnd.microsoft.icon,image/svg,text/comma-separated-values,application/csv" 
               useSendfile="false" 
               scheme="https" secure="true" />

This should resolve any failures to redirect to the proper HTTPS protocol.

Thanks,

Ryan

Comments have been locked on this page!