tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Schultz <ch...@christopherschultz.net>
Subject Re: https server behind apache
Date Mon, 18 Jul 2011 14:56:47 GMT
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Angelo,

On 7/18/2011 4:55 AM, AngeloChen wrote:
> I set up a virtual host for ssl in apache, www.sample.com, it uses
> mod_proxy to redirect to a tomcat server:
> 
> ProxyPass /  https://localhost:8443/ ProxyPassReverse /
> https://localhost:8443/ ProxyPreserveHost on
> 
> SSLEngine on SSLProxyEngine on
> 
> SSLCertificateFile /etc/httpd/sample.crt SSLCertificateKeyFile
> /etc/httpd/sample.key
> 
> do I need a jks in the tomcat side? Thanks,

No, because you are not using AJP, you're using HTTP(S).

If you trust your web server and you have a secured network, you don't
need to have the link between httpd and Tomcat use HTTPS. You'll get a
performance improvement if you drop that SSL connection. Also, you might
want to make sure you are using the APR connector on the Tomcat side,
which will significantly improve your SSL performance in Tomcat.

- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk4kSa8ACgkQ9CaO5/Lv0PCAiACdEcslVe78JP1p60s7MvphvNYr
VQYAnRlE5U9Ix8++n5Ouwa0tM5TMSGYf
=G8x9
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message