Description of problem: This issue is related to our VPC migration in early August. This migration moved us from a 10.x.x.x network to a 172.16.x.x network. According to the RemoteIPValve documentation for the internalProxies at https://tomcat.apache.org/tomcat-7.0-doc/api/org/apache/catalina/valves/RemoteIpValve.html : "By default, 10/8, 192.168/16, 169.254/16 and 127/8 are allowed ; 172.16/12 has not been enabled by default because it is complex to describe with regular expressions" The solution is to define the Valve in context.xml slightly differently from what the knowledgebase article describes. The following should work: <Valve className="org.apache.catalina.valves.RemoteIpValve" protocolHeader="x-forwarded-proto" internalProxies="169\.254\.\d{1,3}\.\d{1,3}|127\.\d{1,3}\.\d{1,3}\.\d{1,3}|172.16.\d{1,2}.\d{1,3}" /> Version-Release number of selected component (if applicable): 2.2.6 How reproducible: 100% Steps to Reproduce: # rhc app create jbossews-2.0 -a work -s # rhc cartridge scale jbossews-2.0 --min 2 --max 2 -a work Follow previous instructions https://forums.openshift.com/how-to-redirect-all-http-traffic-to-https-on-tomcat-7-jboss-ews-20-in-war -git add commit push -in private window test the results are weird because everything works but then if you try again with a private window it doesn't - curl to local gear passes Actual results: - Redirect error Expected results: - Work like it did in the past. Additional info: Since we have moved from a 10.x.x.x network to a 172.16.x.x network, should we update the online docs or provide an announcement?
We do not plan on changing the cartridge. This is due to the change allowing all 172.16.0.0 addresses rather than just the 172.16.0.0/12 addresses. Instead, we've made the article that describes the workaround public to all users. This should allow users who may still be hitting this issue to find a workaround: https://access.redhat.com/site/solutions/749733 Closing this.