tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Filip Hanik - Dev Lists <>
Subject SSL Connectors - config proposal
Date Tue, 17 Oct 2006 16:39:58 GMT
gents and ladies,

currently we are doing SSL a little bit differently between APR and the 
Java connectors.
The APR connector requires an attribute sslEngine="On" to kick in.

I believe this attribute to be useful for two reasons:

Config should be as consistent as possible.

If I use a SSL network card, or apache doing SSL etc, I would like to 
trick Tomcat into thinking it is running in SSL
for example:

Apache Port 80 -> mod_proxy(http) -> Tomcat 8080
<Connector protocol="HTTP/1.1" port="8080"/>
Apache Port 443 -> mod_proxy(http) -> Tomcat 8081
<Connector protocol="HTTP/1.1" port="8081" secure="true" scheme="https" 

This example here is with Apache, but if you use any kind of SSL 
accelerator, be it a network card or an appliance,
there is a risk of getting stuck in a redirect loop when using 
in web.xml

Currently, you have to work around it using Valves or filters, but it 
can get a little messy.



To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message