Can someone tell me how the request is routed in the following IIS-Tomcat isapiredirect(2.0) config?

Question

I have the following settings:

1. Tomcat server.xml

<Server port="8005" shutdown="SHUTDOWN">

<Service name="Catalina">

<Connector port="8080"
maxHttpHeaderSize="8192" maxThreads="150" 
minSpareThreads="25" maxSpareThreads="75" 
useBodyEncodingForURI="true" enableLookups="false" 
redirectPort="8443" acceptCount="100" 
connectionTimeout="20000" disableUploadTimeout="true" />

<Connector port="8443" maxHttpHeaderSize="8192"
maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
enableLookups="false" disableUploadTimeout="true"
acceptCount="100" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS" />

<Connector port="8009" 
enableLookups="false" redirectPort="8443" 
protocol="AJP/1.3" />

2. worker.properties

[channel.socket:localhost:8009]
info=Ajp13 worker, connects to tomcat instance using AJP 1.3 protocol
tomcatId=localhost:8009

3. IIS

Has a website with port 80 that have isapiredirect filter enabled.

My initial guest is "port HTTP80->HTTP8009->HTTPS8443" "port HTTP8080->HTTP8443"

Answer 1

Your AJP Connector (8009) is not HTTP, it uses the AJP protocol

If a clients connects via IIS, the flow will be

IIS Http80 -> Tomcat AJP 8009 or via Https IIS Https443 -> Tomcat AJP 8009

As far as I know the AJP13 protocol does not support encryption of the data involed in IIS to Tomcat communications, but you can set a parameter to let tomcat know that the front webserver is HTTPS so that request.isSecure() returns true.

Your connectors on pour 8080/8443 on tomcat will only be used if you connect directly to tomcat.