Thanks for the response Gentlemen, I am not really particular about the AJP for secure communication as long as I can use https that should work for me, the reason for specific secure communication between Apache and Tomcat is the PCI compliance enforcing us not to have any other protocol other than https.
Please let me know if you have any questions. Thanks, Arun Janarthanan On Fri, Dec 7, 2012 at 11:09 AM, André Warnier <a...@ice-sa.com> wrote: > Vladimir, > > on this list, the rule is to not "top post". > Post your answer below the original message, or below the question to > which it refers. > This way, one can follow the conversation logically. > > > >> >> ----- Original Message ----- >> From: Arunkumar Janarthanan <arunkumar.webad...@gmail.com> >> To: Tomcat Users List <users@tomcat.apache.org> >> Cc: Sent: Friday, December 7, 2012 5:49 PM >> Subject: mod_proxy SSL protocol support for balancermember >> >> Hi, >> >> I am using Apache 2.2.22 version on RHEL5 and there are instances runs for >> credit card data processing, now that the communication between Apache and >> Tomcat through proxy balancing uses AJP protocol for the communication and >> data tranfer. >> >> I was wondering if there is a way we can use HTTPS protocol in Apache >> balancer member after enabling SSL on tomcat engine. >> >> I did enable https on balancer configuration which doesn't work for me got >> a 500 error without any appropriate error message on Apache logs. >> >> Vladimir Girnet wrote: > > Here is my working configuration - httpd proxy (also on RHEL 5) > > ---------------------- > > SSLProxyEngine On > > <Proxy balancer://tomcat_cluster> > > BalancerMember https://10.10.10.11:8443 > > BalancerMember https://10.10.10.12:8443 > > </Proxy> > > > > > > # Pass requests to balancer > > ProxyPass / balancer://tomcat_cluster/ > > ProxyPassReverse / balancer://tomcat_cluster/ > > --------------------- > > > > -- > > Yes, but this is not using the AJP protocol. > The AJP protocol does not support SSL (so using mod_proxy_AJP will not > work, and mod_jk neither) > If you really need AJP, there are possibilities using SSL tunnels etc. > Search the list archives for those. > > But maybe a question first : the usual setup with a front-end > load-balancer is to use HTTPS between the client browser and the front-end, > but "terminate" HTTPS at the front-end, and make a normal connection from > the front-end to the back-end tomcats, which tend to be in the same local > network as the front-end anyway. > Having a first encryption-decryption and then a second > encryption-decryption again introduces a significant overhead. > So, do you have a specific reason for which you want to do this ? > > > > > > > ------------------------------**------------------------------**--------- > To unsubscribe, e-mail: > users-unsubscribe@tomcat.**apache.org<users-unsubscr...@tomcat.apache.org> > For additional commands, e-mail: users-h...@tomcat.apache.org > >
