tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Schultz <ch...@christopherschultz.net>
Subject Re: Help with security-constraint in web.xml
Date Tue, 05 Jan 2010 21:41:46 GMT
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Joe,

On 1/4/2010 6:45 PM, Joe Hansen wrote:
> I just forgot to enable the HTTPS Connector! Login form is working now
> over https.
> 
> <Connector port="8080" protocol="HTTP/1.1" connectionTimeout="20000"
> redirectPort="8443" />
>
> <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
> maxThreads="150" scheme="https" secure="true"
>         clientAuth="false" sslProtocol="TLS" />
> <Connector port="8009" protocol="AJP/1.3" redirectPort="443" />

As Chuck has suggested, you ought to be able to handle HTTPS via Apache
httpd.

If you're already using httpd out in front, I would (also) recommend
using it for SSL termination. In that case, only a single connector
would be necessary: the one you already have for port 8009. Apache httpd
using either mod_jk or mod_proxy_ajp can be configured to proxy both
HTTP and HTTPS traffic through a single connector in Tomcat: each
connection "knows" whether the incoming connection is secure, because
the AJP protocol forwards that information across to Tomcat. There is no
need for multiple connectors to handle these two situations.

Hope that helps,
- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAktDshoACgkQ9CaO5/Lv0PC29gCfV1SlUiaAn9nwbtslMj6I/qlA
fikAn0/GgIrJ20sqZrCnHdgflGuUeY/Y
=17bw
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message