Pivotal Cloud Foundry® (PCF)
The purpose of this KB is to help the reader troubleshoot load balancer issues when configuring SSL/TLS on Firewalls for PCF.
If you are using an External load balancer you will need to ensure that that you are passing the following header information to PCF.
You will need to enable forwarding of the following headers.
The lack of x-forwarded-* headers can manifest in a couple different ways. It can break redirects, cause the application to get an incorrect remote IP address, cause app to think that incoming traffic is not coming over a secure channel (i.e. not over HTTPS).
You can check x-forwarded-* is working by viewing your logs. What you are looking for is something like the following. Where you see the x_forwarded_for and x_forwarded_proto being passed by your Router.
cf logs your-app-name
2016-11-07T09:43:53.42+0000 [RTR/0] OUT test.pivotal.io - [07/11/2016:09:43:53.059 +0000] "GET /webjars/bootstrap/3.1.1/fonts/glyphicons-halflings-regular.woff HTTP/1.1" 200 0 23320 "http://test.pivotal.io/webjars/bootstrap/3.1.1/css/bootstrap.css" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/18.104.22.168 Safari/537.36" 10.1.0.32:46019 x_forwarded_for:"10.10.18.114, 10.10.16.32" x_forwarded_proto:"http" vcap_request_id:afffe1d2-c5c5-4f9d-432f-b06031cf45b1 response_time:0.015773898 app_id:7e975e8f-dd96-4d29-9350-6cad342cf833
If you are using an AWS Elastic Load Balancer these headers are enabled by default for HTTP/S
For more information please click here .