Return-Path: Delivered-To: apmail-httpd-users-archive@www.apache.org Received: (qmail 17503 invoked from network); 1 May 2007 12:44:51 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 1 May 2007 12:44:51 -0000 Received: (qmail 84934 invoked by uid 500); 1 May 2007 12:44:47 -0000 Delivered-To: apmail-httpd-users-archive@httpd.apache.org Received: (qmail 84921 invoked by uid 500); 1 May 2007 12:44:47 -0000 Mailing-List: contact users-help@httpd.apache.org; run by ezmlm Precedence: bulk Reply-To: users@httpd.apache.org list-help: list-unsubscribe: List-Post: List-Id: Delivered-To: mailing list users@httpd.apache.org Received: (qmail 84909 invoked by uid 99); 1 May 2007 12:44:47 -0000 Received: from herse.apache.org (HELO herse.apache.org) (140.211.11.133) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 01 May 2007 05:44:47 -0700 X-ASF-Spam-Status: No, hits=0.0 required=10.0 tests= X-Spam-Check-By: apache.org Received-SPF: pass (herse.apache.org: local policy includes SPF record at spf.trusted-forwarder.org) Received: from [68.142.229.217] (HELO smtp103.biz.mail.re2.yahoo.com) (68.142.229.217) by apache.org (qpsmtpd/0.29) with SMTP; Tue, 01 May 2007 05:44:39 -0700 Received: (qmail 85518 invoked from network); 1 May 2007 12:44:18 -0000 Received: from unknown (HELO tiger) (ryan.murray@elementn.com@207.234.184.159 with login) by smtp103.biz.mail.re2.yahoo.com with SMTP; 1 May 2007 12:44:17 -0000 X-YMail-OSG: bzcZMKcVM1lUQ.jyxRnGqgxQmPPMWZnU1tsrNjTCcp4utU0UZZUsevZAjoiC9y4PRv86H.IPNXXIwQVQVkv826YId3wIKPHqta8RGXHP4ktIIlljH3A- From: "Ryan Murray" To: Date: Tue, 1 May 2007 15:44:15 +0300 Organization: element^n Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit X-Mailer: Microsoft Office Outlook 11 In-Reply-To: <192248.51058.qm@web51605.mail.re2.yahoo.com> X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2900.2180 thread-index: AceL6pyknzNav1HeSwq/KcMc5IxAhAAA2F7Q X-Virus-Checked: Checked by ClamAV on apache.org Subject: RE: [users@httpd] apache pass ssl+http to tomcat > >----- Original Message ---- > >From: Krist van Besien > > > >You can't do what you are trying to do. Passing SSL without > decrypting > >it to tomcat is something that can't be done with apache. > How is apache > >to know what to do with a request when the request is just a > stream of > >apparently random noise? > > > >It is also something you don't need apache for. Just do a > port forward > >on the OS level. > > Thank you for the reply. > > > > Unfortunately I can't do a port forward at the os level. My > environment is on a shared server. Many domains are setup on > the machine - all of course for port 80/443. At the os level > can I determine that the request was for a certain domain and > forward to a different > port based on that domain? I think the way the hosting > company has it > setup is that multiple domains are mapping to one ip - though > it might be a slightly different setup. The requests then > all go to the one box where apache is sitting in front and > using connectors to direct the requests to the particular > instance of tomcat ( in the case of the ssl request it is > decrypting the request and directing them). > > > My issue is that in Tomcat I want to have any http request > redirected to https. mod_proxy creates an infinite loop in > this situation since apache turns the https into http and > tomcat thinks it needs to redirect. mod_jk handles this > properly and is able to pass extra heuristics to tomcat but > for some reason creates a massive performance problem. > Rather than figure out why mod_jk is creating this > performance problem I was hoping there was someway just to > have apache send the ssl on.... seems like I am stuck either > switching to a dedicated machine and removing apache from the > equation or figureing out the problem with mod_jk. > > > Any other ideas? > I presume your problem is that someone can access the Tomcat directly via HTTP as well as through Apache. If it's just Apache then you can set up your virtual hosts to only forward HTTPS connections to the Tomcat and not proxy HTTP ones. Another solution is to forward the SSL-decrypted connection from Apache to a different HTTP connector (ie different port) on Tomcat which only accepts connection from Apache. On this HTTP connector set "isSecure" to true. Then your application should only redirect back to https if the the connection is on the other HTTP connector (ie when the request returns isSecure=false). Ryan Murray element^n berytech technology centre mkalles-beirut, lebanon +961 4 533 040 ext. 3030 (office) +961 3 767 083 (lebanon mobile) +973 3603 9118 (bahrain mobile) www.elementn.com This email message is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure, or distribution is prohibited. If you are not the intended recipient(s) please contact the sender by reply email and destroy all copies of the original message and any attachments. --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See for more info. To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org " from the digest: users-digest-unsubscribe@httpd.apache.org For additional commands, e-mail: users-help@httpd.apache.org