tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rainer Jung <rainer.j...@kippdata.de>
Subject Re: Tomcat Https loadbalancing??
Date Thu, 03 Dec 2009 21:33:05 GMT
Some of this is also explained in

http://tomcat.apache.org/connectors-doc/generic_howto/proxy.html

On 03.12.2009 15:40, Christopher Schultz wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> David,
>
> On 12/3/2009 8:42 AM, David Cassidy wrote:
>> It would be interesting if you are running on non-standard ports (ie
>> not 80 and 443 ) to see what happens....
>
> I do that, and it works just fine.
>
> AJP doesn't use the proxyPort stuff because the HTTP port isn't being
> changed. All that is necessary if you are using mod_proxy_http because
> the HTTP port often changes between Apache httpd (listening on port 80
> to the outside world) and Tomcat (listening to, say, 8080 only to the
> internal network). In this case, Tomcat is convinced that the real port
> number being used is 8080 and would return URLs to the client using
> :8080 appended to them. Without using proxyName and proxyPort, Tomcat
> might return bad URLs to the user. The 'secure' attribute is necessary,
> here, if you are terminating SSL somewhere else but still consider the
> (non-encrypted) HTTP connection going to Tomcat to be secure.
>
> The AJP connector does in fact have proxyName and proxyPort attributes
> available, but I believe they are either superfluous, or auto-filled by
> the incoming HTTP request, anyway.
>
> In both cases, the default redirectPort is 443.
>
> I think if you are using HTTP connectors, your claim is true: to support
> both "secure" and "non-secure" channels where both channels are actually
> non-secure HTTP, you'll need two<Connectors>: one with secure=true and
> one with secure=false (or unspecified, and it defaults to false).
>
> - -chris
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.10 (MingW32)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
>
> iEYEARECAAYFAksXzfYACgkQ9CaO5/Lv0PAGYwCgkwzr/s+M50PG1qnXDECwcZdq
> HK8An0chpHBpxTMpi5awXScqpAtR5OHk
> =GWlN
> -----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message