To Christopher and Rainer, Thanks, that resolved the issue completely.
Best Regards, Brett On Thu, 2010-07-22 at 17:35 -0400, Christopher Schultz wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Brett, > > On 7/22/2010 1:31 PM, Brett Delle Grazie wrote: > > Tomcat 6.0.28 (binary distribution from apache). > > > > My question is, in the Tomcat server.xml, do I require _two_ AJP > > connectors as follows: > > > > (executor omitted for simplicity) > > > > <!-- AJP connector pair (HTTP and fake HTTPS), proxied --> > > <Connector executor="tomcatThreadPool" > > enableLookups="false" > > port="8009" protocol="org.apache.coyote.ajp.AjpAprProtocol" > > redirectPort="8010" > > proxyPort="80" /> > > > > <Connector executor="tomcatThreadPool" > > enableLookups="false" > > port="8010" protocol="org.apache.coyote.ajp.AjpAprProtocol" > > scheme="https" secure="true" > > proxyPort="443" /> > > In addition to Rainer's notes, I have a couple of comments: > > It's not necessary to specify > protocol="org.apache.coyote.ajp.AjpAprProtocol" in the <Connector>. If > libapr isn't available, you'll be left with no working connectors. If, > instead, you simply have protocol="AJP/1.3", your <Connector> can > fall-back to the BIO (i.e. blocking pure-Java connector). > > Your redirectPort should point to the port that is visible to the > outside world, not to the port that is being used for Tomcat. Probably, > your redirectPort should be set to "443" so that requests will be > redirected (remember, via the user agent) and hit your Apache httpd > instance out in front of Tomcat. If you specify "8010", and that port is > blocked to the outside world, you'll find that your users will receive a > "cannot contact server" message. if port 8010 is /not/ blocked, they'll > get a weird SSL error saying that the server isn't speaking HTTPS.... > because it's speaking AJP! > > Hope that helps, > - -chris > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.10 (MingW32) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ > > iEYEARECAAYFAkxIuZcACgkQ9CaO5/Lv0PBAfwCfQN9zGWDLjE8flIPh3xpmUoWx > MrUAn1Epj1dKmzh0/SAD2KI+C44i2bvX > =xF9L > -----END PGP SIGNATURE----- > -- Best Regards, Brett Delle Grazie ______________________________________________________________________ This email has been scanned by the MessageLabs Email Security System. For more information please visit http://www.messagelabs.com/email ______________________________________________________________________ --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
