tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From André Warnier ...@ice-sa.com>
Subject Re: Share war file / virtual hosts
Date Mon, 22 Sep 2008 19:23:50 GMT
Mathias P.W Nilsson wrote:
[...]
 From the questions and answers ping-pong here, I get the impression 
that you are trying to square the circle, and either bump into a Tomcat 
issue or a Hibernate one (whatever that is).

Summary :
- for some reason I don't know nor would understand, you want only one 
instance of this Hibernate to start, and that can only be the case if 
you have a single Host.
- but you also want to be able to access this through 3 distinct IP 
addresses, (not that I really understand HTTPS either but) because this 
is HTTPS and HTTPS requires 3 different IP addresses for your 3 
certificates.
- in Tomcat, different server IP addresses are handled at the Connector 
level.  But each Connector is linked to one Engine..

and there I am getting lost..
(although I believe you can have 3 Connectors for one Engine containing 
one Host, and the one Host does not give a damn which name it's called 
through as long as it is the default Host, but since I'm not on solid 
ground there, I'll skip that discussion..)

But .. I have an alternative scenario for you :

Imagine you have one Apache httpd server front-end, set up to handle 3 
different IP addresses with HTTPS.  That should work, with IP-based 
Virtual Hosts.
So these Apache Hosts handle the HTTPS part (certificates, decrypting 
and such), and now inside each of these Apache Hosts we have things back 
in clear (unencrypted).

Now each of these 3 Apache Virtual Hosts has a mod_jk Apache/Tomcat 
connector, connecting to ... a single Tomcat back-end, with a single 
Connector, a single Engine and a single Host (with no HTTPS needed), 
under which you start a single Hibernate, et voila !

The Apache/mod_jk will nicely pass all (decrypted) headers to your 
Tomcat back-end, where of course now it belongs to you to analyse the 
"Host:" header to figure out which alias the original Client really 
wanted to talk to.

You can also do all kinds of neat tricks with mod_rewrite, mod_headers, 
mod_setenvif, mod_proxy, mod_auth_xxx and so on on the Apache side 
before you even let Tomcat and Hibernate see anything at all of the 
request. Even change the "Host:" header if you are so inclined.

The above will of course all work nicely on one machine, so the 
Apache's/Tomcat connection is perfectly safe and maybe you do not need 
to be concerned about HTTPS and authentication and all that stuff at all 
on the Tomcat side.  But even if you were to need this, the Apache hosts 
can also pass on to Tomcat all the HTTPS stuff and you can still bother 
with it if you want.

This sounds way too simple, there must be a snag somewhere.
But Apache httpd being a cousin of Apache Tomcat, at least the gurus on 
this list will have to be polite when shooting down the solution.




---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message