-
Type:
Improvement
-
Status: Resolved
-
Priority:
Major
-
Resolution: Done
-
Affects Version/s: 6.0 (LTS), 7.10, 8.10
-
Fix Version/s: None
-
Component/s: Administration, Developer documentation
-
Tags:
By default, the secure flag is not set:
<Connector port="8080" protocol="HTTP/1.1" URIEncoding="UTF-8"
address="0.0.0.0"
compression="on"
compressionMinSize="512"
compressableMimeType="text/css,application/javascript,text/xml,text/html"
connectionTimeout="20000" />
If everything is compatible with this flag it would be better to enable it by default:
<Connector port="8080" protocol="HTTP/1.1" URIEncoding="UTF-8"
address="0.0.0.0"
compression="on"
compressionMinSize="512"
compressableMimeType="text/css,application/javascript,text/xml,text/html"
connectionTimeout="20000" secure="true" />
https://tomcat.apache.org/tomcat-7.0-doc/config/http.html
This flag is already mentioned in the Nuxeo https documentation:
https://doc.nuxeo.com/nxdoc/http-and-https-reverse-proxy-configuration/