Vaadin application with HTTP instead of HTTPS

Because of a reverse proxy it is not longer needed to secure my application with SSL (because I do it already with nginx). At least I think so :wink: So I tried to removed it, but unfortunatley I always receive the error behind of setCookiesDisabledNotificationEnabled().

This configuration was removed:
server.ssl.enabled-protocols=+TLSv1.2,+TLSv1.3
server.ssl.key-store=xxx
server.ssl.key-store-password=xxx
server.ssl.keyStoreType=xxx
server.ssl.keyAlias=xxx

This also happens if I set it explicit to false: server.ssl.enabled=false

Does anyone have an idea?

Probably wrong / insufficient Reverse Proxy Config (but I have no experience with nginx)

I’m not able to execute the application within eclipse (without nginx)

Well then it sounds like you still have weird stuff in your application config

@glorious-elephant reverse proxy bad configuration. In no case you need to disable TLS. (Unless you are in China where encryption will lead you for 5 years in jail :slightly_smiling_face: . Please send your nginx configuration, will try to find the typo

His latest comment ruled out the reverse proxy :grimacing:

@quirky-zebra Mhh… application properties looks fine (no special configurations). But I receive in the logfile 2024-02-18 15:50:19,832 INFO | http-nio-38443-exec-10 | org.apache.coyote.http11.Http11Processor | Error parsing HTTP request header
Note: further occurrences of HTTP request parsing errors will be logged at DEBUG level.
java.lang.IllegalArgumentException: Invalid character found in method name [0x160x030x050x030x000x010x000x010xfc0x030x060x7f0x1480xe3%0x90|0x06U0xc30x120xff0x100xce ]. HTTP method names must be tokens

That’s related to http/https mismatch. Something in your config still wants SSL or some service worker cache? Dunno never used those

What do you mean with service worker cache?

PWA registration in your browser

I do not use PWA. mmh… Is there a way to find out what causes the issue (debugging or something else)?

Probably… hard to say without knowing exactly how it behaves

Any chance you opened a different application using PWA on localhost? It might have installed the service worker. I would try to clean application data in the browser, as knoobie suggested

I trxed to run it on a different port in browsers privacy modus. This does not help. It starts with HTTP

2024-02-19 20:57:12,531 INFO | main | org.apache.coyote.http11.Http11NioProtocol | Starting ProtocolHandler [“http-nio-38443”]

2024-02-19 20:57:12,626 INFO | main | o.s.boot.web.embedded.tomcat.TomcatWebServer | Tomcat started on port 38443 (http) with context path ‘’

Isn’t it expected that it’s using http? I understood that you have removed SSL configurations form the app because https is handled by the reverse proxy :thinking:

Yes, it is correct that the application is running now on http (instead of https), but by opening the application in the browser I receive an error and nothing is shown

To make things short. It’s not Vaadin direct problem. You need to have proxy reverse and proxy headers correctly configured.

It has currently nothing to do with the reverse proxy (this is the final goal on productive system). I start the application from eclipse without reverse proxy and I’m not able to run the application on my laptop.