tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Schultz <ch...@christopherschultz.net>
Subject Re: mod_jk errors with tomcat 6.0.20 and Apache 2.0.52
Date Fri, 22 Jan 2010 19:53:21 GMT
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Matt,

On 1/22/2010 9:25 AM, Matt Turner wrote:
> In my case sometimes I do need to pass through the SSL to Tomcat, as
> I'm running CAS which requires geniune SSL requests.

mod_jk ought to be able to forward all SSL information to Tomcat.
Specifically, what does CAS require?

> (I do also have some SSL requests that tomcat doesn't need to see -
> which I will send via 8009 as has been suggested).
> 
> The SSL pass-through requirement explains why I was attempting to
> pass through to :8443 directly - but it sounds like that's the wrong
> approach.

Unless something specific is actually not working, you ought to be able
to use a vanilla AJP connection for both secure and non-secure HTTP
(even via the same worker/<Connector>).

> Should I just use something like..
> 
> ProxyPass /cas https://10.13.0.218:8443/cas ?

Now, you're switching from mod_jk to mod_proxy_http(s). Can CAS really
not function properly with an AJP connection?

If you proxy HTTPS you are likely to get in all kinds of trouble because
the client is no longer your user... it's your web server. And the
server is no longer the web server... it's Tomcat.

- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAktaAjEACgkQ9CaO5/Lv0PAV6ACfYlbK3Kws26nq7xPYICSlucmC
JqMAoLyACwFx0JxEBozCMWt81KvGmq+B
=Br3o
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message