A Pound reverse proxy sits between the browser client(s) and the Tomcat web server(s). Its function is to forward requests received on one port to a web server on a different port. It can terminate HTTPS connections and redirect to an HTTP web server. It can also provide load-balancing by forwarding to a list of web servers.

The instructions here are for installing Pound on a Linux Ubuntu distribution and configuring it as an HTTPS server, forwarding to an HTTP web server on a non-standard port. These instructions assume that you have already created an SSL certificate in pem format.

More information on how to configure pound can be found on help.ubuntu.com/community/Pound.

Install Pound

These instructions assume that you are an administrator with sudo access.

To download and install Pound:

sudo apt-get install pound

Configure Pound

Save the certificate pem file in /etc/ssl/private. Give it a meaningful name that relates to the url that it protects.

Edit the pound configuration file:

sudo vi /etc/pound/pound.cfg

so that it looks something like this:

##      2       extended
##      3       Apache-style (common log format)
LogLevel        1

## check backend every X secs:
Alive           30

ListenHTTPS
    Address 0.0.0.0
    Port    443
    Cert    "/etc/ssl/private/my.host.com.pem"
    Client  20
    RewriteLocation 1
End
Service
    BackEnd
        Address 127.0.0.1
        Port    8080
    End
End
 

This tells pound to terminate the encryption on any request received on port 443 (using the certificate in /etc/ssl/private/my.host.com.pem) and forward the request unencrypted to port 8080 on the same host (127.0.0.1). RewriteLocation 1 is the default setting; this is required so that pound rewrites the Location in any redirects to HTTPS.

Enable pound

sudo vi /etc/default/pound

Change it from startup=0 to startup=1.

Start the service

sudo /etc/init.d/pound start