Aladin Dajani wrote:
Hello,
Terminating SSL at the Apache level assumes all tomcat servers behind
Apache are on a secure, externally inaccessible, network.
My response assumed that, and assumed that the OP wanted to continue using mod_jk for
whatever reason.
But In
cloud-based, hosted systems, there is no guarantee someone isn't
listening. Does this make a case for securing Apache<->tomcat
communication?
One could easily argue that if those servers are on different "cloud-based, hosted
systems", any thought of a high level of security is a bit of a stretch anyway.
And that anyone who manages to usefully listen on those links, is probably already so deep
inside your cloud infrastructure that this is not the worst they're doing.
Or that the risk of ditto, compared to the risk constituted by umpteen buggy and
virus-infected user workstations, pales into insignificance.
In an absolute sense though, you are right. If you want to really secure the
Apache-Tomcats link, then you will have to re-encrypt the data at the Apache level and
decrypt it at the Tomcat level.
You could probably do this using mod_proxy_http instead of mod_jk (and a HTTPS Connector
in Tomcat). But you should then also accept the overhead.
Or you could set up SSL tunnel connections for AJP between Apache and Tomcat, but the
overhead would still be there.
On Oct 21, 2012, at 6:09 AM, "vicky007aggar...@yahoo.co.in"
<vicky007aggar...@yahoo.co.in> wrote:
Thanks André for such a elaborate reply.
Just want to check another thing, is it possible to setup SSL at tomcat level
using mod_proxy module.. But i think it does not work in load balancing case.
Does my understanding is correct??
Thanks for your support,
Vicky
On Oct 20, 2012, at 7:21 PM, André Warnier <a...@ice-sa.com> wrote:
vivek aggarwal wrote:
Hello All,
I need to setup the SSL over my tomcat ,which i am able to do it by generating
Self signed certificate using Keytool
But when i am redirecting the request form apache using "mod_jk "module its
not working.
I am not sure how to make Apache & Tomcat work in SSL when using Mod_jk module
as i need load balancing
Can someone please share the steps for doing ssl setup when apache is used
along with Tomcat
A simplified graphical view of the recommended setup :
browser <- HTTPS -> Apache + mod_jk <- AJP -> Tomcat-1 (AJP Connector)
<- AJP -> Tomcat-2 (AJP Connector)
...
<- AJP -> Tomcat-n (AJP Connector)
In other words, you should handle the HTTPS/SSL at the front-end Apache httpd level, not
at the Tomcat level. (This is also sometimes called "terminating SSL at the Apache
level").
The reason is that the AJP protocol does not support HTTPS/SSL (so, there is no way to
set up the AJP Connector in Tomcat for SSL) (and no way to set up mod_jk to "talk
SSL to Tomcat").
What the Apache/mod_jk combination can do however, is pass on all the required
SSL headers of the original requests to Tomcat, over the AJP connection, so
that a Tomcat application could make use of them.
To see how to set up Apache for SSL, check the Apache httpd on-line
documentation.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
