tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From André Warnier ...@ice-sa.com>
Subject Re: Secure AJP over ssl
Date Wed, 23 Feb 2011 23:09:46 GMT
Christopher Schultz wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> André,
> 
> On 2/23/2011 2:56 PM, André Warnier wrote:
>> Personally, in such a case I would see the solution with an SSH or VPN
>> tunnel as much simpler to put in place, and requiring much less "opening
>> of ports".
> 
> There's nothing that says that port 8009 has to be used for AJP: you can
> use HTTPS over port 8009 just as well. So, the congressional approval
> necessary will only need to cover the switch from mod_proxy_ajp to
> mod_proxy_http.
> 
> I would think you'd have to get approval for any of these actions... why
> not just pick the one that makes the most sense and request permission
> to do that?
> 

My mistake.  I thought, incorrectly, that the OP was using mod_jk as a connector right 
now, and the tunnel solution then looked simpler with respect to the (lack of) 
configuration changes required in that case.
But if he is using mod_proxy_ajp now, then the situation is reversed.


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message