tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Schultz <ch...@christopherschultz.net>
Subject Re: Tomcat Https loadbalancing??
Date Thu, 03 Dec 2009 14:40:55 GMT
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

David,

On 12/3/2009 8:42 AM, David Cassidy wrote:
> It would be interesting if you are running on non-standard ports (ie
> not 80 and 443 ) to see what happens....

I do that, and it works just fine.

AJP doesn't use the proxyPort stuff because the HTTP port isn't being
changed. All that is necessary if you are using mod_proxy_http because
the HTTP port often changes between Apache httpd (listening on port 80
to the outside world) and Tomcat (listening to, say, 8080 only to the
internal network). In this case, Tomcat is convinced that the real port
number being used is 8080 and would return URLs to the client using
:8080 appended to them. Without using proxyName and proxyPort, Tomcat
might return bad URLs to the user. The 'secure' attribute is necessary,
here, if you are terminating SSL somewhere else but still consider the
(non-encrypted) HTTP connection going to Tomcat to be secure.

The AJP connector does in fact have proxyName and proxyPort attributes
available, but I believe they are either superfluous, or auto-filled by
the incoming HTTP request, anyway.

In both cases, the default redirectPort is 443.

I think if you are using HTTP connectors, your claim is true: to support
both "secure" and "non-secure" channels where both channels are actually
non-secure HTTP, you'll need two <Connectors>: one with secure=true and
one with secure=false (or unspecified, and it defaults to false).

- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAksXzfYACgkQ9CaO5/Lv0PAGYwCgkwzr/s+M50PG1qnXDECwcZdq
HK8An0chpHBpxTMpi5awXScqpAtR5OHk
=GWlN
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message