tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Schultz <>
Subject Re: the best method to secure Apache/tomcat communication
Date Wed, 10 Jan 2007 14:20:04 GMT
Hash: SHA1


lmk wrote:
> I have a question concerning the use of Apache server in front of tomcat, at
> the present time, we use tomcat 4, AJP, apache 2.2 and mod_jk to manage load
> balancing. it work roughly fine; but new security rules require [encrypting] the
> traffic between 2 web servers.
> we cant use solution like IPSEC  or VPN tunnel. so, i think to replace
> mod_jk with mod_proxy ,but, how to  replace mod_jk load balancer?

What about using an ssh tunnel? The only problem with that is you will
need to monitor the ssh connection for disconnects and reconnect if

Are all your servers in the same data center? Often, server farms will
have a primary network interface used for communicating with the
Internet, and then a secondary network interface to a private network
that includes nothing but your own servers. Often, you can use a faster
network than is available to the outside (perhaps gigabit ethernet if
the rest of the center runs on 100baseT, or even better if your data
center will provide it). Then, your servers can communicate on their own
private network. As long as you trust that network, you can avoid
encryption and enjoy better performance.

- -chris

Version: GnuPG v1.4.6 (MingW32)
Comment: Using GnuPG with Mozilla -


To start a new topic, e-mail:
To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message