问题
Could anything be different when using nginx (nginx controller in Kubernetes cluster) to do SSL termination and sending data to apache and tomcat as plain HTTP which could prevent our app from detecting the login session?
Everything works fine expect that our app has something called DetectLogin class and it doesn't detect the user session when using nginx SSL termination. If I disable nginx SSL termination and enable SSL passthrough then our app can detect the Login session.
In the logs I see that Port 8009 AJP port is handling the detect login but it isn't detecting the session.
Our traffic flow is like LB -> Nginx controller -> Apache httpd (for static content) -> Tomcat (for serving JSP content). Apache forwards all JSP related to tomcat using AJP port using (mod_jk).
Any suggestions on troubleshooting this will help.
回答1:
@Piotr P. Karwasz Thanks for your comment I was able to figure out that nginx session cookie name was same as TOMCAT cookie name. I disabled all of the following since I was just testing if it had any effect. Disabling or changing the session-cookie-name resolved the issue.
nginx.ingress.kubernetes.io/affinity: "cookie"
nginx.ingress.kubernetes.io/session-cookie-name: "JSESSIONID"
nginx.ingress.kubernetes.io/affinity-mode: "persistent"
nginx.ingress.kubernetes.io/session-cookie-expires: "172800"
nginx.ingress.kubernetes.io/session-cookie-max-age: "172800"
来源:https://stackoverflow.com/questions/65986301/tomcat-when-doing-ssl-termination-session-isnt-detected