tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Pete Stokes <stok...@quinn-direct.com>
Subject Re: ajp over ssl
Date Thu, 05 Aug 2004 10:31:07 GMT
Problem with IPSEC / ssh tunnels between two machines is that if someone 
compromises one machine, then you've made their life 500% easier getting 
to the next one. Good stuff to connect your home LAN to office LAN, but 
I wouldn't......

I had trouble with the same thing, and the easy solution I found was to 
ReverseProxy apache to Tomcat and in the proxy directive to simply say 
pass it on to https://, and configure Tomcat with it's keystore and hey 
presto. Deviation from connector scene I know, but it works perfectly.

Pete.




Michael Jürgens wrote:

>
>
> Ruth, Brice wrote:
>
>> That's the best idea I can think of, too. With SSH tunnels using 
>> public key authentication, you can set it up so that the tunnel is 
>> setup from a system script, without user intervention.
>
>
> But what if the tunnel breaks? How can I determine that automaticly?
>
> regards,
>
> Michael
>
>>
>> David Smith wrote:
>>
>>> I'm not sure this can be done.  Admittedly I didn't look all that 
>>> hard -- maybe someone who did development work on the connectors can 
>>> anwer.
>>>
>>> I can suggest what I did which is setup a tunnel (SSH tunnel in my 
>>> case) between the two machines.  Then they (the servers) can talk 
>>> all they want and it covers all services routed through the tunnel 
>>> -- not just apache and tomcat.  Ipsec would work just as well I 
>>> suspect.
>>>
>>> Probably not what you wanted, but it's a suggestion still....
>>>
>>> --David
>>>
>>> Michael Jürgens wrote:
>>>
>>>>
>>>>
>>>> Ruth, Brice wrote:
>>>>
>>>>> Michael Jürgens wrote:
>>>>>
>>>>>> Oh sorry I was a little bit tired in the morning.
>>>>>> I want to connect the Apache securesd over an unsecure medium 
>>>>>> (Internet)
>>>>>>
>>>>>> An my question ist how to connect AJP 1.3 over SSL (not ssh) with

>>>>>> jk or jk2.
>>>>>>
>>>>>> regards,
>>>>>>
>>>>>> Michael
>>>>>>
>>>>>>
>>>>> Michael,
>>>>>
>>>>> I believe you'll want to configure your Apache VirtualHost to 
>>>>> serve your SSL requests, then use the mod_jk (or jk2) module to 
>>>>> communicate with Tomcat. Is there any reason that your 
>>>>> web-application (on Tomcat) needs to be aware of the SSL security? 
>>>>> You can find documentation on securing Apache via SSL on the main 
>>>>> Apache site (httpd.apache.org). And communicating betw. Apache and 
>>>>> Tomcat via JK has abundant documentation as well.
>>>>>
>>>>> Good luck!
>>>>>
>>>> No I want to connect an apache webserver over internet to a tomcat
>>>> server. So far I have no problem.
>>>> My problem is, how to secure the connection between apache and tomcat.
>>>>
>>>> regards,
>>>>
>>>> Michael
>>>>
>>>>
>>>>
>>>> ---------------------------------------------------------------------
>>>> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
>>>> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>>>>
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
>>> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>>>
>>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>
>


---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


Mime
View raw message