Return-Path: X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183]) by cust-asf2.ponee.io (Postfix) with ESMTP id 03895200A5B for ; Wed, 25 May 2016 18:09:25 +0200 (CEST) Received: by cust-asf.ponee.io (Postfix) id E51FE160A29; Wed, 25 May 2016 16:09:24 +0000 (UTC) Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by cust-asf.ponee.io (Postfix) with SMTP id 36F1D160A0F for ; Wed, 25 May 2016 18:09:24 +0200 (CEST) Received: (qmail 6659 invoked by uid 500); 25 May 2016 15:58:27 -0000 Mailing-List: contact users-help@httpd.apache.org; run by ezmlm Precedence: bulk Reply-To: users@httpd.apache.org list-help: list-unsubscribe: List-Post: List-Id: Delivered-To: mailing list users@httpd.apache.org Received: (qmail 6636 invoked by uid 99); 25 May 2016 15:58:27 -0000 Received: from Unknown (HELO spamd1-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 25 May 2016 15:58:27 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd1-us-west.apache.org (ASF Mail Server at spamd1-us-west.apache.org) with ESMTP id E3670C9927 for ; Wed, 25 May 2016 15:56:15 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd1-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: 0.733 X-Spam-Level: X-Spam-Status: No, score=0.733 tagged_above=-999 required=6.31 tests=[KAM_LAZY_DOMAIN_SECURITY=1, NO_RDNS_DOTCOM_HELO=0.433, RCVD_IN_DNSWL_LOW=-0.7] autolearn=disabled Received: from mx1-lw-eu.apache.org ([10.40.0.8]) by localhost (spamd1-us-west.apache.org [10.40.0.7]) (amavisd-new, port 10024) with ESMTP id zSDaecNy67Df for ; Wed, 25 May 2016 15:56:14 +0000 (UTC) Received: from vms173023pub.verizon.net (vms173023pub.verizon.net [206.46.173.23]) by mx1-lw-eu.apache.org (ASF Mail Server at mx1-lw-eu.apache.org) with ESMTPS id 604FC5F252 for ; Wed, 25 May 2016 15:56:13 +0000 (UTC) Received: from vz-proxy-m002.mx.aol.com ([64.236.83.3]) by vms173023.mailsrvcs.net (Oracle Communications Messaging Server 7.0.5.32.0 64bit (built Jul 16 2014)) with ESMTPA id <0O7Q002P2PL1XDA0@vms173023.mailsrvcs.net> for users@httpd.apache.org; Wed, 25 May 2016 10:55:50 -0500 (CDT) X-CMAE-Score: 0 X-CMAE-Analysis: v=2.1 cv=WcjxEBVX c=1 sm=1 tr=0 a=yQ9kT6OsLgv7WE5tBE7I5g==:117 a=IkcTkHD0fZMA:10 a=yrkiwgmsf1kA:10 a=mV9VRH-2AAAA:8 a=j4nzMFrpAAAA:8 a=QfKxxUxMAAAA:8 a=6wVSRF8GYEQCArUfNxgA:9 a=QEXdDO2ut3YA:10 Received: by 71.127.40.115 with SMTP id 01a34e0d; Wed, 25 May 2016 15:55:50 GMT To: users@httpd.apache.org References: From: Christopher Schultz Message-id: <5745CB05.5050603@christopherschultz.net> Date: Wed, 25 May 2016 11:55:49 -0400 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:38.0) Gecko/20100101 Thunderbird/38.7.2 MIME-version: 1.0 In-reply-to: Content-type: text/plain; charset=utf-8 Content-transfer-encoding: 7bit Subject: Re: [users@httpd] Secured connection between Apache Httpd and Tomcat over AJP protocol archived-at: Wed, 25 May 2016 16:09:25 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mohanavelu, On 5/25/16 10:16 AM, Mohanavelu Subramanian wrote: > Hi All, > > Good Morning. > > I have Httpd process and Tomcat instances both running on 2 > different machines. The communication between them happens through > AJP protocol (mod_jk) which doesnt support encryption. But we are > using some features of mod_jk like automatic passing of security > information like SSL certificate to tomcat which inturn is accessed > in our application, validated and verified. > > Now, we have requirement to make the communication between them as > Secured. Since AJP doesnt support encryption, I came to know that > we need to use SSH, IPSec. But I could not find any proper document > to configure SSH or IPSec for AJP. Could please share if you any. > > I have considered mod_proxy_http as well for supporting security > which is easy to configure as well. But as I mentioned above we are > already making use mod_jk features. Again it will require more > efforts to migrate from mod_jk to mod_proxy_http. https://wiki.apache.org/tomcat/AJP%20with%20stunnel - -chris -----BEGIN PGP SIGNATURE----- Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEARECAAYFAldFywUACgkQ9CaO5/Lv0PD+HgCfRLwHwEDFFPXcWUhHNUQw/E6o BH0An2M8pvWl/RNK+K3dNOJRQSDoTgtC =INoF -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org For additional commands, e-mail: users-help@httpd.apache.org