Does the IIS isapi_redirect.dll support encrypting AJP13 traffic?  We are 
setting up IIS 7.5 talking to GlassFish 3.1.2.2 using the 1.2.37 
isapi_redirect.dll.  We have everything working with HTTPS/SSL coming into IIS 
and passing through to GlassFish using unencrypted AJP13, but want to also 
encrypt the traffic between IIS and GlassFish.  There is GlassFish 
documentation for enabling SSL between Apache and GlassFish using mod_jk, and 
it involves setting some mod_jk settings (in addition to some settings in 
GlassFish to enable SSL on that end).  I’ve made the changes to GlassFish to 
enable SSL on the passthrough port, but can’t find any settings for 
isapi_redirect that would indicate using SSL.  The GlassFish documentation for 
using SSL with mod_jk involved some settings like “JkExtractSSL On” and 
“JkHTTPSIndicator HTTPS”, but there is nothing like that available for the 
isapi_redirect configuration.  I can access the site fine using the built-in 
GlassFish HTTPS/SSL port 8181, but I’m getting a 502 error when trying to do 
the IIS passthrough to the SSL-enabled AJP13 port in GlassFish.  Following is 
what I’m seeing in the isapi_redirect log file:

[Thu May 30 17:51:44.219 2013] [224:1172] [debug] 
jk_shutdown_socket::jk_connect.c (732): About to shutdown socket 1300 
[127.0.0.1:61402 -> 127.0.0.1:8009]
[Thu May 30 17:51:44.219 2013] [224:1172] [debug] 
jk_shutdown_socket::jk_connect.c (803): shutting down the read side of socket 
1300 [127.0.0.1:61402 -> 127.0.0.1:8009]
[Thu May 30 17:51:44.219 2013] [224:1172] [debug] 
jk_shutdown_socket::jk_connect.c (814): Shutdown socket 1300 [127.0.0.1:61402 
-> 127.0.0.1:8009] and read 0 lingering bytes in 0 sec.
[Thu May 30 17:51:44.219 2013] [224:1172] [info] 
ajp_connection_tcp_get_message::jk_ajp_common.c (1259): (worker1) can't receive 
the response header message from tomcat, tomcat (127.0.0.1:8009) has forced a 
connection close for socket 1300
[Thu May 30 17:51:44.219 2013] [224:1172] [error] 
ajp_get_reply::jk_ajp_common.c (2126): (worker1) Tomcat is down or refused 
connection. No response has been sent to the client (yet)

Is encrypting the AJP13 traffic possible with isapi_redirect.dll and I just 
don’t have something configured properly, or am I trying to do something that 
isn’t supported natively?  I saw some old posts about needing to use other 
methods to encrypt the traffic, like VPNs or IPSEC, but they also indicated 
that something was in the works to support this natively.

Thanks,
Jonathan

________________________________

This e-mail and any files transmitted with it may be proprietary and are 
intended solely for the use of the individual or entity to whom they are 
addressed. If you have received this e-mail in error please notify the sender. 
Please note that any views or opinions presented in this e-mail are solely 
those of the author and do not necessarily represent those of Exelis Inc. The 
recipient should check this e-mail and any attachments for the presence of 
viruses. Exelis Inc. accepts no liability for any damage caused by any virus 
transmitted by this e-mail.

Reply via email to