I don't know if this will actually help Mike do what he wants to do. I don't
think he needs to know about Tomcat SSL configuration.
I think we do exactly what Mike wants to do...we have a network load balancer
with SSL accelerator in front of all of our Tomcat instances. All of our
incoming SSL connections terminate on the load balancer. The load balancer acts
as a sort of reverse proxy to Tomcat. The Tomcat instances do not have any SSL
configuration whatsoever--communications between the load balancer and Tomcat
is via HTTP. Some load balancers support re-encrypting traffic between the load
balancer and the web/app server. You could setup your environment like this,
and it might solve your problem. We didn't do it this way though.
To make this work in our environment, we had to engineer our applications to be
SSL-aware, even though Tomcat wasn't. To do this, we did two major pieces of
engineering effort:
1) Used relative links in our apps as much as possible. If you could make
all of your URL's relative, then you wouldn't have any problems, as there would
never be any miscommunication between the browser, the load balancer and Tomcat.
2) Whenever we generated full URL's inside of an SSL-enabled application,
we had to make sure that our code generated an HTTPS URL, and not an HTTP URL.
You don't normally have to do this, as Tomcat can do it for you. But since
Tomcat isn't aware that the connection is SSL-enabled, you have to write code
to force the kind of URL that you want. For our HTTP apps, we had to make sure
that HTTP URL's were generated.
Hope this helps.
Brian
----- Original Message ----
From: Martin Gainty <[EMAIL PROTECTED]>
To: Tomcat Users List <users@tomcat.apache.org>
Sent: Monday, October 13, 2008 7:20:48 PM
Subject: RE: SSL Accelerator - Front ending Tomcat
all your <SSL/nonSSL> connections are all defined in
$TOMCAT_HOME/conf/server.xml
if you provide information on who/what/why/how specific security features you
want your website to implement
we can be of point you in the right direction
check out
http://tomcat.apache.org/tomcat-5.5-doc/ssl-howto.html
also pay attention to redirectPort of the NON-ssl connector *usually 8443*
a very simple primer located here
http://techtracer.com/2007/09/12/setting-up-ssl-on-tomcat-in-3-easy-steps/
Martin
______________________________________________
Disclaimer and confidentiality note
Everything in this e-mail and any attachments relates to the official business
of Sender. This transmission is of a confidential nature and Sender does not
endorse distribution to any party other than intended recipient. Sender does
not necessarily endorse content contained within this transmission.
> From: [EMAIL PROTECTED]
> Subject: SSL Accelerator - Front ending Tomcat
> Date: Mon, 13 Oct 2008 15:53:35 -0700
> To: users@tomcat.apache.org
>
> Hello Everyone,
>
> I have not been a frequent administrator of Tomcat, but it seems that
> I am becoming one!
>
> So, Here is my setup, I using an SSL accelerator in front of a Tomcat
> server running two instances. When I try to access the website, the
> webserver (rightfully so) redirects me to another page on the same
> machine for the same instance. Thusly, I do not have the "https" URL
> any longer, but have "http" instead, of course this kills the
> connection.
>
> So, I was wondering if anyone has had any experience setting up this
> type of environment. It seems to me that Tomcat doesn't know that
> this is a secure connection.
>
> Any information is good information.
>
> Thanks!
>
> Mike
>
>
> ---------------------------------------------------------------------
> To start a new topic, e-mail: users@tomcat.apache.org
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
_________________________________________________________________
Want to do more with Windows Live? Learn “10 hidden secrets” from Jamie.
http://windowslive.com/connect/post/jamiethomson.spaces.live.com-Blog-cns!550F681DAD532637!5295.entry?ocid=TXT_TAGLM_WL_domore_092008
