A Pound reverse proxy sits between the browser client(s) and the tomcat web server(s). Its function is to forward requests received on one port to a web server on a different port. It can terminate HTTPS connections and redirect to an HTTP web server. It can also provide load-balancing by forwarding to a list of web servers.
The instructions here are for installing pound on ubuntu and configuring it as an HTTPS server forwarding to an HTTP web server on a non-standard port. These instructions assume that you have already created an SSL certificate in pem format.
More information on how to configure pound can be found here.
Install Pound
These instructions assume that you are an administrator with sudo access.
To download and install Pound:
sudo apt-get install pound
Configure Pound
Save the certificate pem file in /etc/ssl/private. Give it a meaningful name that relates to the url that it protects.
Edit the pound configuration file:
sudo vi /etc/pound/pound/cfg
so that it looks something like this:
## 2 extended ## 3 Apache-style (common log format) LogLevel 1 ## check backend every X secs: Alive 30 ListenHTTPS Address 0.0.0.0 Port 443 Cert "/etc/ssl/private/my.host.com.pem" Client 20 End Service BackEnd Address 127.0.0.1 Port 8080 End End
This tells pound to terminate the encryption on any request received on port 443 (using the certificate in /etc/ssl/private/my.host.com.pem) and forward the request unencrypted to port 8080 on the same host (127.0.0.1).
Enable pound
sudo vi /etc/default/pound
Change it from startup=0 to startup=1.
Start the service
sudo /etc/init.d/pound start