Arian Abrahantes wrote:
Hi Filik:
I understood what he wanted to do. My post is about how needed is this
for him?. If it is a company requirement ok. But if there is no
requirement why to slow the server down?.
IMHO, in a properly set apache proxy configuration nobody except
apache will interact with the aplication (you name it) that lies
bellow him. So even if companies or users wishes this double
encryption I seriously doubt they will be getting more security.
Anyway, as far as I know both servers can share the same keys for
authentication (I am pretty sure there is a quite close in date
-previous month- thread posted in this list or in Opencms' one) and
just looking into his config it should work so just try it out. He is
just missing the addition of the DocumentRoot where his contents under
tomcat lies.
uh, absolutely not, never point your DocumentRoot to the Tomcat file
structure unless you know exactly how to secure it.
Filip
hth,
arian
Filip Hanik - Dev Lists wrote:
I think what he wants is
browser -> http -> Apache -> http -> tomcat
browser -> https-> Apache -> https-> tomcat
a lot of companies have these requirements
Filip
Arian Abrahantes wrote:
Hi:
I think this has alraedy being discussed somewhere here. Why do you
need double enchriptation? It is enough with the apache one. Use
something like:
broweser -> https -> Apache -> http -> tomcat
pro:
1- Single enchiptation fast server response.
cons (at least fo security):
1- none
I may be wrong plesa verify in the mailing list archive
Filip Hanik - Dev Lists wrote:
question, does it work? or does it always send requests to 8080,
for both http and https?
for your SSL, you can/need to add in your httpd client certificate,
ie, the certificate to use when contacting Tomcat for SSL
<VirtualHost *:443>
SSLProxyEngine On
ProxyPass / https://localhost:8443/
ProxyPassReverse / https://localhost:8443/
#
# Put your Proxy SSL Certificate directives here
#
</VirtualHost>
Filip
Roger wrote:
Hi there!
I have some questions about how to setup Apache and Tomcat with SSL
support. Currently I have the following setup:
- Windows 2003
- Tomcat 6.0.13
- Apache 2.0.59 with
- openssl 0.9.7j
- mod_ssl
- mod_proxy
- mod_rewrite (not used)
I have generated keys that work with Apache. So I can open a page
like
https://localhost/. I've tried to use mod_proxy to redirect all
traffic to Tomcat, which works for http and https, using the
following
setup:
<IfModule mod_ssl.c>
Include conf/ssl.conf
</IfModule>
ProxyPass / http://localhost:8080/
ProxyPassReverse / http://localhost:8080/
<VirtualHost *:443>
SSLProxyEngine On
ProxyPass https://localhost:443/ https://localhost:8443/
ProxyPassReverse https://localhost:443/ https://localhost:8443/
</VirtualHost>
I have the following questions:
1) Is this a normal setup? Anything that could cause a problem?
2) I want to be able to route traffic for one webapp to https, not
allowing it to be used via http. I don't care if this is done using
mod_rewrite or mod_proxy or anything else.
All suggestions are appreciated!
Thanks,
Roger
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
