Hello, Terminating SSL at the Apache level assumes all tomcat servers behind Apache are on a secure, externally inaccessible, network. But In cloud-based, hosted systems, there is no guarantee someone isn't listening. Does this make a case for securing Apache<->tomcat communication?
On Oct 21, 2012, at 6:09 AM, "vicky007aggar...@yahoo.co.in" <vicky007aggar...@yahoo.co.in> wrote: > Thanks André for such a elaborate reply. > Just want to check another thing, is it possible to setup SSL at tomcat > level using mod_proxy module.. But i think it does not work in load balancing > case. Does my understanding is correct?? > > Thanks for your support, > Vicky > > > > On Oct 20, 2012, at 7:21 PM, André Warnier <a...@ice-sa.com> wrote: > >> vivek aggarwal wrote: >>> Hello All, >>> I need to setup the SSL over my tomcat ,which i am able to do it by >>> generating Self signed certificate using Keytool >>> But when i am redirecting the request form apache using "mod_jk "module >>> its not working. >>> I am not sure how to make Apache & Tomcat work in SSL when using Mod_jk >>> module as i need load balancing >>> Can someone please share the steps for doing ssl setup when apache is used >>> along with Tomcat >> >> A simplified graphical view of the recommended setup : >> >> browser <- HTTPS -> Apache + mod_jk <- AJP -> Tomcat-1 (AJP Connector) >> <- AJP -> Tomcat-2 (AJP Connector) >> ... >> <- AJP -> Tomcat-n (AJP Connector) >> >> In other words, you should handle the HTTPS/SSL at the front-end Apache >> httpd level, not at the Tomcat level. (This is also sometimes called >> "terminating SSL at the Apache level"). >> The reason is that the AJP protocol does not support HTTPS/SSL (so, there is >> no way to set up the AJP Connector in Tomcat for SSL) (and no way to set up >> mod_jk to "talk SSL to Tomcat"). >> What the Apache/mod_jk combination can do however, is pass on all the >> required SSL headers of the original requests to Tomcat, over the AJP >> connection, so that a Tomcat application could make use of them. >> >> To see how to set up Apache for SSL, check the Apache httpd on-line >> documentation. >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >> For additional commands, e-mail: users-h...@tomcat.apache.org > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
