Peter Crowther wrote:
> 2009/10/13 Tezza <auspa...@hotmail.com>:
>> So in server.xml, I can leave the <Connector SSLEnabled="true"
>> port="8443"...other other SSL related attributes.../> ???
>
> If you want to, you can leave it. It's an extra way into your server,
> and might be considered an extra attack vector for a cracker, so you
> might also want to remove it :-).
>
>> Also, my current AJP connection is like this:
>>
>> <Connector port="8009" address="${jboss.bind.address}"
>> protocol="AJP/1.3"
>> emptySessionPath="true" enableLookups="false" redirectPort="8443"
>> />
>>
>> Do I need another connector in server.xml for mod_jk worker to forward HTTPS
>> traffic???
>
> I'll leave that to one of the experts - I know the theory, but have
> never had to maintain an AJP system in reality.
No, you don't need a separate connector to proxy SSL over AJP. The AJP
protocol is smart enough to pass along the SSL info Tomcat needs.
Mark
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
