tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Filip Hanik - Dev Lists <devli...@hanik.com>
Subject SSL Connectors - config proposal
Date Tue, 17 Oct 2006 16:39:58 GMT
gents and ladies,

currently we are doing SSL a little bit differently between APR and the 
Java connectors.
The APR connector requires an attribute sslEngine="On" to kick in.

I believe this attribute to be useful for two reasons:

1.
Config should be as consistent as possible.

2.
If I use a SSL network card, or apache doing SSL etc, I would like to 
trick Tomcat into thinking it is running in SSL
for example:

Apache Port 80 -> mod_proxy(http) -> Tomcat 8080
<Connector protocol="HTTP/1.1" port="8080"/>
Apache Port 443 -> mod_proxy(http) -> Tomcat 8081
<Connector protocol="HTTP/1.1" port="8081" secure="true" scheme="https" 
sslEngine="off"/>

This example here is with Apache, but if you use any kind of SSL 
accelerator, be it a network card or an appliance,
there is a risk of getting stuck in a redirect loop when using 
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
in web.xml

Currently, you have to work around it using Valves or filters, but it 
can get a little messy.

Useful?

Filip




---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org


Mime
View raw message