tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Schultz <ch...@christopherschultz.net>
Subject Re: the best method to secure Apache/tomcat communication
Date Wed, 10 Jan 2007 14:20:04 GMT
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Lmk,

lmk wrote:
> I have a question concerning the use of Apache server in front of tomcat, at
> the present time, we use tomcat 4, AJP, apache 2.2 and mod_jk to manage load
> balancing. it work roughly fine; but new security rules require [encrypting] the
> traffic between 2 web servers.
> we cant use solution like IPSEC  or VPN tunnel. so, i think to replace
> mod_jk with mod_proxy ,but, how to  replace mod_jk load balancer?

What about using an ssh tunnel? The only problem with that is you will
need to monitor the ssh connection for disconnects and reconnect if
necessary.

Are all your servers in the same data center? Often, server farms will
have a primary network interface used for communicating with the
Internet, and then a secondary network interface to a private network
that includes nothing but your own servers. Often, you can use a faster
network than is available to the outside (perhaps gigabit ethernet if
the rest of the center runs on 100baseT, or even better if your data
center will provide it). Then, your servers can communicate on their own
private network. As long as you trust that network, you can avoid
encryption and enjoy better performance.

- -chris

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFFpPYU9CaO5/Lv0PARAuHTAKCOG98BuTnZNm8EUaxrX9lme51yowCfSxrj
I7If0C50/V2oGz93LL79fa8=
=gLAI
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message