tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Schultz <>
Subject Re: mod_jk errors with tomcat 6.0.20 and Apache 2.0.52
Date Fri, 22 Jan 2010 19:53:21 GMT
Hash: SHA1


On 1/22/2010 9:25 AM, Matt Turner wrote:
> In my case sometimes I do need to pass through the SSL to Tomcat, as
> I'm running CAS which requires geniune SSL requests.

mod_jk ought to be able to forward all SSL information to Tomcat.
Specifically, what does CAS require?

> (I do also have some SSL requests that tomcat doesn't need to see -
> which I will send via 8009 as has been suggested).
> The SSL pass-through requirement explains why I was attempting to
> pass through to :8443 directly - but it sounds like that's the wrong
> approach.

Unless something specific is actually not working, you ought to be able
to use a vanilla AJP connection for both secure and non-secure HTTP
(even via the same worker/<Connector>).

> Should I just use something like..
> ProxyPass /cas ?

Now, you're switching from mod_jk to mod_proxy_http(s). Can CAS really
not function properly with an AJP connection?

If you proxy HTTPS you are likely to get in all kinds of trouble because
the client is no longer your user... it's your web server. And the
server is no longer the web server... it's Tomcat.

- -chris
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla -


To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message