tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Darryl Miles <>
Subject Re: Tomcat 5.5 / Apache 2 / Join (Tomcat-) Session with SSL-Session / Which mod should be used?
Date Fri, 19 May 2006 09:54:47 GMT
Michael Decker wrote:
> 1.) Which mod should I use?
> Configuration: Apache and Tomcat are running on same pc. I expect low
> traffic, because it's an intranet application.
> I've read about mod_jk, mod_jk2, mod_proxy [1], mod_proxy_ajp [2]
> According to Apache FAQ [3] and JBoss FAQ [4] only mod_jk or
> mod_proxy_ajp should be used.
> What are the differences?

The FAQs are sound, my understanding:

mod_jk (good for apache 1.3.x and 2.0.x)
mod_proxy_ajp (good for apache 2.2.x, maybe 2.0.x ???)

mod_jk2 (is abandonded development now)
mod_proxy (is a supporting library in apache, which I think you need to 
load in order to use mod_proxy_ajp or mod_proxy_xyzanything).

> 2.) How to join application and SSL session?
> I've read in an old tomcat-apache-ssl documentation [5] that mod_jk is
> able to forward SSL session information to tomcat. So I wonder, how
> configure tomcat using ssl session as application session.

If you are front ending with apache, then you want mod_ssl.  If you are 
using mod_ssl it will handle the SSL session.

The AJP protocol will convery the SSL information to tomcat fairly 
seamlessly, the idea being from the web-app's point of view it can't 
tell the difference between an Apache fronted HTTP session and one 
coming in via a AJP connector.

The AJP protocol is not secure from traffic snooping or secure again 
pirate connections hijacking it directly, if you intend to run both on 
the same machine I suggesting making Tomcat listen on 
Otherwise run on a private network address and firewall accordingly.



To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message