tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Andreas Mohrig <andreas.moh...@cadooz.de>
Subject RE: Adding HTTPS to Tomcat/Apache/mod_jk install on NT
Date Fri, 23 Aug 2002 14:05:45 GMT
In fact I have to admit that my statement is based on inference as well,
since the way I understand socket connections it would be quite difficult to
switch a persistent socket connection used between client (browser) and
server (apache) to exchange encrypted information over to tomcat, so that
tomcat could then communicate with the client directly. Even if this can or
could be done at all it seems to be much easier not to worry about all that
(for someone implementing a connector) but to just send the information back
to apache and let it do the rest. For apache itself this would be quite
common as well, simple cgi-scripts work similar (only via environment
variables and stdout than via a special connector and it's protocol).

Didn't we have a discussion about this under the thread "SSL Connection
Tomcat and Apache" recently?

Andreas Mohrig

-----Original Message-----
From: Turner, John [mailto:JTurner@AAS.com]
Sent: Friday, August 23, 2002 2:20 PM
To: 'Tomcat Users List'
Subject: RE: Adding HTTPS to Tomcat/Apache/mod_jk install on NT



OK, thanks.  It was my understanding that the connectors were one-way,
apache->tomcat, and that responses were not sent back to apache but served
directly by tomcat, though that was an assumption based on inference, I've
never seen anyone specifically make a statement one way or the other.

I didn't realize the connectors were bi-directional.

John Turner
jturner@NOSPAM.aas.com

-----Original Message-----
From: Andreas Mohrig [mailto:andreas.mohrig@cadooz.de]
Sent: Friday, August 23, 2002 8:02 AM
To: 'Tomcat Users List'
Subject: RE: Adding HTTPS to Tomcat/Apache/mod_jk install on NT


As Milt pointed out a couple of times, apache does the encryption and
decryption if tomcat is running behind it and connected via a connector
(e.g. mod_jk). An encrypted request is decrypted by apache and forward (in
plain, unencrypted text) over the connector to tomcat. Tomcat's reply (over
the connector to apache) is unencrypted as well. Then apache encrypts the
response and sends it encrypted to the client.
So Tomcat "knows" nothing about this encryption (if you don't query the
environment). The encryption happens because the apache-port 443 is used
instead of the plain tomcat port 8080 to request something from the server.

Andreas Mohrig

-----Original Message-----
From: Turner, John [mailto:JTurner@AAS.com]
Sent: Friday, August 23, 2002 1:43 PM
To: 'Tomcat Users List'
Subject: RE: Adding HTTPS to Tomcat/Apache/mod_jk install on NT



Hmmm...either I'm missing something, or SSL doesn't work the way I thought
it worked.  How does tomcat know to encrypt the response vs just sending
back unencrypted text?

John Turner

-----Original Message-----
From: Milt Epstein [mailto:mepstein@uiuc.edu]
Sent: Thursday, August 22, 2002 5:00 PM
To: Tomcat Users List
Subject: RE: Adding HTTPS to Tomcat/Apache/mod_jk install on NT


On Thu, 22 Aug 2002, Turner, John wrote:

> Assuming your connector is configured correctly, tomcat is serving
> anything with a .jsp on it, so requests for JSPs on 443 will be
> handled by tomcat.

Hate to be a broken record, but the issue with SSL set up is not who's
serving the request, but who's initially handling it -- that's who
negotiates the SSL connection.  Now, it's possible to set up Tomcat
with SSL such that it's handling requests on port 443, but the more
typical setup is to have Apache with SSL there (as described in my
previous note).


> -----Original Message-----
> From: Kenny G. Dubuisson, Jr. [mailto:kdubuisson@kcmria.com]
> Sent: Thursday, August 22, 2002 2:25 PM
> To: tomcat-user@jakarta.apache.org
> Subject: Fw: Adding HTTPS to Tomcat/Apache/mod_jk install on NT
>
>
> OK dumb question 317...I want the user's to navigate to a main page
(non-SSL
> on port 80).  That page is an immediate redirect to an "index.jsp" on port
> 443; which "server" is serving the "index.jsp" page (I'm assuming Tomcat)?
> In the case I described, do I only need SSL on Tomcat?  Thanks for all the
> help,
> Kenny
>
> ----- Original Message -----
> From: "Turner, John" <JTurner@AAS.com>
> To: "'Tomcat Users List'" <tomcat-user@jakarta.apache.org>
> Sent: Thursday, August 22, 2002 1:10 PM
> Subject: RE: Adding HTTPS to Tomcat/Apache/mod_jk install on NT
>
>
> >
> > If the content served by apache needs SSL, then SSL needs to be enabled
> and
> > configured for Apache.
> >
> > If the content served by tomcat needs SSL, then SSL needs to be enabled
> and
> > configured for tomcat.
> >
> > Setting up one does not automatically set up the other, nor does SSL
> ability
> > on one hold true for the other.
> >
> > John Turner
> > jturner@NOSPAM.aas.com
> >
> > -----Original Message-----
> > From: Kenny G. Dubuisson, Jr. [mailto:kdubuisson@kcmria.com]
> > Sent: Thursday, August 22, 2002 2:04 PM
> > To: tomcat-user@jakarta.apache.org
> > Subject: Fw: Adding HTTPS to Tomcat/Apache/mod_jk install on NT
> >
> >
> > Is this for if you have Tomcat only (no Apache) or you will need this in
> > addition to the SSL config for Apache?  What I'm trying to figure out is
> > does Tomcat have to also be configured for SSL or only Apache?  Apache
is
> my
> > web server where Tomcat's handling the JSP.  Thanks,
> > Kenny
> >
> > ----- Original Message -----
> > From: "Turner, John" <JTurner@AAS.com>
> > To: "'Tomcat Users List'" <tomcat-user@jakarta.apache.org>
> > Sent: Thursday, August 22, 2002 8:59 AM
> > Subject: RE: Adding HTTPS to Tomcat/Apache/mod_jk install on NT
> >
> >
> > >
> > > And for the tomcat side:
> > > http://jakarta.apache.org/tomcat/tomcat-4.0-doc/ssl-howto.html
> > >
> > > John Turner
> > >
> > >
> > > -----Original Message-----
> > > From: Andreas Mohrig [mailto:andreas.mohrig@cadooz.de]
> > > Sent: Thursday, August 22, 2002 9:56 AM
> > > To: 'Tomcat Users List'
> > > Subject: RE: Adding HTTPS to Tomcat/Apache/mod_jk install on NT
> > >
> > >
> > > http://httpd.apache.org/docs-2.0/ssl/
> > >
> > > Andreas Mohrig
> > >
> > > -----Original Message-----
> > > From: Kenny G. Dubuisson, Jr. [mailto:kdubuisson@kcmria.com]
> > > Sent: Thursday, August 22, 2002 3:49 PM
> > > To: tomcat-user@jakarta.apache.org
> > > Subject: Adding HTTPS to Tomcat/Apache/mod_jk install on NT
> > >
> > >
> > > Hello again all listers.  I was wondering if anyone could point me in
> the
> > > right direction on setting up HTTPS on my Apache 2.0.40 / Tomcat 4.0.4
/
> > > mod_jk installation on WinNT 4?  Any help would be greatly
appreciated.
> > > Thanks,
> > > Kenny
> > >
> > >
> > > --
> > > To unsubscribe, e-mail:
> > > <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
> > > For additional commands, e-mail:
> > > <mailto:tomcat-user-help@jakarta.apache.org>
> > >
> > > --
> > > To unsubscribe, e-mail:
> > > <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
> > > For additional commands, e-mail:
> > > <mailto:tomcat-user-help@jakarta.apache.org>
> > >
> > > --
> > > To unsubscribe, e-mail:
> > <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
> > > For additional commands, e-mail:
> > <mailto:tomcat-user-help@jakarta.apache.org>
> >
> >
> > --
> > To unsubscribe, e-mail:
> > <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
> > For additional commands, e-mail:
> > <mailto:tomcat-user-help@jakarta.apache.org>
> >
> > --
> > To unsubscribe, e-mail:
> <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
> > For additional commands, e-mail:
> <mailto:tomcat-user-help@jakarta.apache.org>
>
>
> --
> To unsubscribe, e-mail:
> <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
> For additional commands, e-mail:
> <mailto:tomcat-user-help@jakarta.apache.org>
>
> --
> To unsubscribe, e-mail:
<mailto:tomcat-user-unsubscribe@jakarta.apache.org>
> For additional commands, e-mail:
<mailto:tomcat-user-help@jakarta.apache.org>
>

Milt Epstein
Research Programmer
Systems and Technology Services (STS)
Campus Information Technologies and Educational Services (CITES)
University of Illinois at Urbana-Champaign (UIUC)
mepstein@uiuc.edu


--
To unsubscribe, e-mail:
<mailto:tomcat-user-unsubscribe@jakarta.apache.org>
For additional commands, e-mail:
<mailto:tomcat-user-help@jakarta.apache.org>

--
To unsubscribe, e-mail:
<mailto:tomcat-user-unsubscribe@jakarta.apache.org>
For additional commands, e-mail:
<mailto:tomcat-user-help@jakarta.apache.org>

--
To unsubscribe, e-mail:
<mailto:tomcat-user-unsubscribe@jakarta.apache.org>
For additional commands, e-mail:
<mailto:tomcat-user-help@jakarta.apache.org>

--
To unsubscribe, e-mail:
<mailto:tomcat-user-unsubscribe@jakarta.apache.org>
For additional commands, e-mail:
<mailto:tomcat-user-help@jakarta.apache.org>

--
To unsubscribe, e-mail:   <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
For additional commands, e-mail: <mailto:tomcat-user-help@jakarta.apache.org>


Mime
View raw message