vicky007aggar...@yahoo.co.in wrote:
All/Andre,
"""You could probably do this using mod_proxy_http instead of mod_jk (and a HTTPS Connector in
Tomcat). But you should then also accept the overhead."""
Queries :
1. Based on above comment does that mean i can use mod_proxy module in order to
have ssl communication between apache & tomcat.???
I think so, but you'd have to check that with the Apache documentation.
2. Load balancing wont work using mod _proxy , correct ??
Wrong. Look at the Apache documentation, mod_proxy_balancer
3. What overhead you're talking in setting up in setting up mod_proxy for ssl
communication between apache & tomcat
Setting it up is not the overhead problem. The overhead is because :
browser <- HTTPS -> Apache <- HTTPS -> Tomcat.
meaning :
- the browser encrypts (you don't care)
- Apache decrypts (overhead, but unavoidable)
- Apache encrypts (overhead, avoidable)
- Tomcat decrypts (overhead, avoidable)
and that is for every single request and response.
It's ok if you do not expect a lot of traffic. But since you are talking load-balancing,
you may expect a lot of traffic.
Thanks,
Vicky
On Oct 22, 2012, at 1:30 AM, Christopher Schultz <ch...@christopherschultz.net>
wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Vivek,
On 10/20/12 2:22 AM, vivek aggarwal wrote:
I need to setup the SSL over my tomcat ,which i am able to do it
by generating Self signed certificate using Keytool
Good.
But when i am redirecting the request form apache using "mod_jk
"module its not working.
What part doesn't work?
I am not sure how to make Apache & Tomcat work in SSL when using
Mod_jk module as i need load balancing
mod_jk does not support SSL communication between httpd <-> Tomcat:
you'll have to terminate SSL at the httpd level. If you want to
encrypt the traffic between httpd and Tomcat, you'll need to use a
VPN, ssh tunnel or stunnel (which is just an automated ssh tunnel).
Can someone please share the steps for doing ssl setup when apache
is used along with Tomcat
Have you been able to get httpd working with SSL? Once you do that,
everything else should be straightforward (not that getting httpd
working with SSL is at all difficult).
Just be aware that httpd doesn't use Java keystores, so you'll need to
create your keys and certificates using 'openssl' from the
command-line instead of working with 'keytool'.
- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Mozilla - http://www.enigmail.net/
iEYEARECAAYFAlCEVHMACgkQ9CaO5/Lv0PAlIACeIxE9lgHiZaDpiPszUFBD5hiF
lNIAn2MseZynznuQ94/6xitYHJZb05lb
=PUqf
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
