tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Julio César Chaves Fernández <he...@hotmail.com>
Subject RE: https & j_security_check now really Solved :P
Date Wed, 20 Aug 2008 04:33:22 GMT
Hi,
 
Yes, it worked with only that connector ... the requests that came from http over apache and
went to the AJP connector were redirected by te port defined as redirectPort in the connector...so
changing this to 443 as in the second scheme you propose did the job...thanks for helping
and again my apologies for all the trouble or headaches caused ;).
 
Julio César



> Date: Tue, 19 Aug 2008 13:14:51 -0400> From: chris@christopherschultz.net> To:
users@tomcat.apache.org> Subject: Re: https & j_security_check apparently Solved :P>
> -----BEGIN PGP SIGNED MESSAGE-----> Hash: SHA1> > Julio,> > Julio César
Chaves Fernández wrote:> > I'm sorry but i read the previous question and now that
i notice i> > doesn't make any sense given that apache is connecting tomcat by AJP>
> connector ... the question would be if there is a way to redirect a> > request
over http for an application that has a confidential> > transport guarantee defined
in the application not through the port> > defined in the AJP connector but by port
443?> > If you want all traffic to be handled by Apache httpd and mod_jk in this>
way:> > Client --- HTTP (80) ---> Apache httpd --- AJP (8100) ---> Tomcat>
Client --- HTTPS (443) ---> Apache httpd --- AJP (8100) ---> Tomcat> > Then you
need only a single connector:> > <Connector port="8100" protocol="AJP/1.3" />>
> (Plus any other settings you want to add).> > Apache httpd will handle all of the
HTTPS stuff for you. Remove all> other connectors from Tomcat.> > If you want to
be able to support alternate ports that go directly to> Tomcat, like this:> > Client
--- HTTP (80) ---> Tomcat> Client --- HTTPS (443) ---> Tomcat> > Then you will
need two connectors:> > <Connector port="80" />> <Connector port="443" scheme="https"
sslProtocol="TLS"/>> > (Plus any other settings you want to add).> > If you
want to support both configurations at the same time, you will> need 3 connectors, but
each with unique port numbers. Something like this:> > Client --- HTTP (80) --->
Apache httpd --- AJP (8100) ---> Tomcat> Client --- HTTPS (443) ---> Apache httpd
--- AJP (8100) ---> Tomcat> Client --- HTTP (8080) ---> Tomcat> Client --- HTTPS
(8443) ---> Tomcat> > <Connector port="8100" protocol="AJP/1.3" /> <!--
for AJP -->> <Connector port="8080" redirectPort="8443" /> <!-- for HTTP -->>
<Connector port="8443" scheme="https" sslProtocol="TLS"/>> > If you want to use
port 443 as the redirect port for your 8080> connector, then go ahead and do it. However,
to me it only makes sense> to support /either/ direct-to-Tomcat /or/ via-Apache-httpd configurations.>
> - -chris> > -----BEGIN PGP SIGNATURE-----> Version: GnuPG v1.4.9 (MingW32)>
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org> > iEYEARECAAYFAkiq/4sACgkQ9CaO5/Lv0PC7dwCgky/b57zH2RYKBc14jPo1mNXQ>
/g8AnAhjkevlaEyaoG0B7Pz3txgn8FFp> =BhcA> -----END PGP SIGNATURE-----> > --------------------------------------------------------------------->
To start a new topic, e-mail: users@tomcat.apache.org> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org>
For additional commands, e-mail: users-help@tomcat.apache.org> 
_________________________________________________________________
Connect to the next generation of MSN Messenger 
http://imagine-msn.com/messenger/launch80/default.aspx?locale=en-us&source=wlmailtagline
Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message