-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Al,
On 5/27/12 2:43 PM, al so wrote: > I've used standalone Tomcat to serve as web server+SSL+web > container in the past. > > Now, I am trying to front Tomcat with apache reverse proxy+SSL. > > 1. Is it not redundant to configure the SSL in the Tomcat as well > when the fronting reverse proxy is already configured to handle > SSL. I see lot of posts on the internet which configure SSL at both > Tomcat and Reverse proxy. Am I missing something? The real question is whether or not you need to protect the communication between httpd and Tomcat. If you are on a trusted network, then you probably don't need any kind of SSL between the two, and it would be redundant to configure Tomcat to handle SSL and have the proxy re-negotiate an SSL connection with it. On the other hand, if you are communicating across an untrusted network, then you probably do want to encrypt the communication. One way of doing that is by using something like mod_proxy_http and just making sure that you use an https:// URL for the backend. If you want to use AJP, you'll have to tunnel it yourself using stunnel, ssh, a VPN which provides similar behavior, or some similar external tool because AJP itself does not support any kind of encryption. - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk/E46wACgkQ9CaO5/Lv0PD3VQCdES7sfLOQxNzouCuqOIFfq6NU fdMAmwd8RebyOoB+ESkPzvlsUJFWBpUT =KJ3O -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org