tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Peter Crowther <peter.crowt...@melandra.com>
Subject Re: SSL/HTTPS forwarding under Apache + mod_jk + tomcat
Date Tue, 13 Oct 2009 07:12:44 GMT
[This should really be a new thread, but...]

2009/10/13 Tezza <auspakwa@hotmail.com>:
> I got 1 apache and 2 tomcat servers (all on different machines).
> I already got SSL set up on individual Tomcat machines to work on port 8443.
> There is no SSL installed on Apache.
> I got mod_jk installed on apache to forward "all" HTTP requests to tomcat
> servers for load balancing. It works fine.
>
> I like to also forward all HTTPS requests to tomcat servers.
>
> Question:
> Do I must install certificate (SSL) on apache server?

Yes.

> and remove from tomcat servers???

No need - they're not doing any harm, they just won't be used in your
environment.

> If possible: I prefer to leave SSL on tomcat servers, and just tell apache
> to forward all HTTPS to tomcats just like HTTP. My tomcat servers will
> handle the workload fine with https. Can it be done?

No.  If your clients use SSL to httpd, httpd must be able to handle
the SSL connection - mod_jk has no way of forwarding raw encrypted
data to Tomcat.  Therefore httpd must have SSL set up locally -
including the certificate.

- Peter

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message