A Pound reverse proxy sits between the browser client(s) and the tomcat web server(s). Its function is to forward requests received on one port to a web server on a different port. It can terminate HTTPS connections and redirect to an HTTP web server. It can also provide load-balancing by forwarding to a list of web servers.

The instructions here are for installing pound on ubuntu and configuring it as an HTTPS server forwarding to an HTTP web server on a non-standard port. These instructions assume that you have already created an SSL certificate in pem format.

More information on how to configure pound can be found here.

Install Pound

These instructions assume that you are an administrator with sudo access.

To download and install Pound:

sudo apt-get install pound

Configure Pound

Save the certificate pem file in /etc/ssl/private. Give it a meaningful name that relates to the url that it protects.

Edit the pound configuration file:

sudo vi /etc/pound/pound.cfg

so that it looks something like this:

##      2       extended
##      3       Apache-style (common log format)
LogLevel        1

## check backend every X secs:
Alive           30

ListenHTTPS
    Address 0.0.0.0
    Port    443
    Cert    "/etc/ssl/private/my.host.com.pem"
    Client  20
    RewriteLocation 1
End
Service
    BackEnd
        Address 127.0.0.1
        Port    8080
    End
End
 

This tells pound to terminate the encryption on any request received on port 443 (using the certificate in /etc/ssl/private/my.host.com.pem) and forward the request unencrypted to port 8080 on the same host (127.0.0.1). RewriteLocation 1 is the default setting; this is required so that pound rewrites the Location in any redirects to HTTPS.

Enable pound

sudo vi /etc/default/pound

Change it from startup=0 to startup=1.

Start the service

sudo /etc/init.d/pound start