Re: Tomcat Internal Proxies with Load Balancer #cf

Ben Hale <bhale@...>

From some informal discussions with the the buildpack maintainers, it seems like this is not gonna be merged, because they don't want to support some specific tomcat conf parameters.
We were pointed to providing a custom Tomcat external configuration (as per that could also be set as standard env group (and thus be operator-friendly), but it looks like we can not ship one external config that works for both Tomcat 7 and Tomcat 8.
At this time I'm not planning on adding support for configuring the internalProxies explicitly both because it sets a precedent that I'm not comfortable with, and that it hasn't shown to be a big issue so far. In nearly every single installation of CF, the incoming request from either the `gorouter` or some other replacement for it comes via a Class A, B, or C private IP address. Even in cases where the router has a public IP address (like an F5 at the network edge), that router has a **second** private IP address for communicating back to the CF application instances. In this case, Tomcat's standard configuration works well. Needing to configure this value is only required in systems where the edge router communicates back to the application instances using a public (non-Class A, B, or C) IP address.

This is not to say that your networks are not configured in such a way that the application instances are called from public IP addresses, but rather that it's a rare enough occurrence that I don't feel the need to promote it to a top-level configuration item rather than using existing configuration strategies. I'm open to being convinced otherwise by issues/upvotes in GitHub.

-Ben Hale
Cloud Foundry Java Experience

Join { to automatically receive all group messages.