tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Aditya <adi...@grot.org>
Subject Re: SSL redirects with mod_jk
Date Mon, 15 Apr 2002 17:07:28 GMT
On Mon, Apr 15, 2002 at 09:26:40AM -0400, Rich wrote:
> I'm curious about a few things. Why did you choose mod_jk over mod_webapp?

- I needed to send everything Apache receives to Tomcat

- We auto-add contexts to appbase and I don't need to update the config and
restart apache each time that happens

> And when you enabled the SSL connector, did you also add jsse and basically
> configure tomcat as a standalone SSL enabled server?

yes, in order to get Tomcat running with the SSL connector, it had to have
jsse etc. -- for testing I'd already configured Tomcat with SSL standalone and
a self-signed cert, and so that was straightforward.

At this point it "works" but I had to make the non-intutive leap of adding the
SSL connector and thought others might benefit from knowing about it.

Thanks,
Adi

> -----Original Message-----
> From: Aditya [mailto:aditya@mighty.grot.org]
> Sent: Sunday, April 14, 2002 3:47 PM
> To: tomcat-user@jakarta.apache.org
> Subject: SSL redirects with mod_jk
> 
> 
> I have apache 1.3+mod_ssl and mod_jk (ajp13) "fronting" a Tomcat 4.0.3
> server
> which has a servlet protected by:
> 
>       <user-data-constraint>
>         <transport-guarantee>CONFIDENTIAL</transport-guarantee>
>       </user-data-constraint>
> 
> I assume that for performance reasons that it would be best if I could run
> no
> connectors other than the AJP13 one.
> 
> Ideally, calls to the above servlet as http should be redirected to the
> equivalent https page. To that end, I have, in my server.xml:
> 
>     <!-- Define an AJP 1.3 Connector on port 8009 -->
>     <Connector className="org.apache.ajp.tomcat4.Ajp13Connector"
>                port="8009" minProcessors="30" maxProcessors="150"
>                acceptCount="10" debug="0"
>                enableLookups="false" redirectPort="443"
>                secure="false" scheme="http"
>                address="127.0.0.1"
>                tomcatAuthentication="true"/>
> 
> however the redirect won't work (Status 500 error) unless I put in an HTTPS
> connector as well in server.xml (note that it doesn't have to be accessible
> at
> all, hence the 127.0.0.1 and port 8443 is blocked off so it doesn't seem to
> play any part in the whole deal other than to signal to Tomcat that it can
> handle redirects to SSL):
> 
>     <!-- Define an SSL HTTP/1.1 Connector on port 8443 -->
>     <Connector className="org.apache.catalina.connector.http.HttpConnector"
>                address="127.0.0.1" port="8443" minProcessors="5"
> maxProcessors="75"
>                enableLookups="false"
>                acceptCount="10" debug="0" scheme="https" secure="true">
>       <Factory className="org.apache.catalina.net.SSLServerSocketFactory"
>                clientAuth="false" protocol="TLS"
>                keystorePass="foo"/>
>     </Connector>
> 
> (I tried putting in an additional ajp13 connector that mod_jk sent anything
> that showed up as SSL to, but that didn't work).
> 
> Is this how it's supposed to work? If so, it should be documented
> somewhere...
> 
> Thanks,
> Adi
> 
> --
> To unsubscribe:   <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
> For additional commands: <mailto:tomcat-user-help@jakarta.apache.org>
> Troubles with the list: <mailto:tomcat-user-owner@jakarta.apache.org>
> 
> 

--
To unsubscribe:   <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
For additional commands: <mailto:tomcat-user-help@jakarta.apache.org>
Troubles with the list: <mailto:tomcat-user-owner@jakarta.apache.org>


Mime
View raw message