tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Pid <...@pidster.com>
Subject Re: SSL for modjk and tomcat
Date Wed, 09 Nov 2011 12:22:23 GMT
On 09/11/2011 11:20, Harsimranjit singh Kler wrote:

Please don't top-post.

> hi
> 
> Thanks for reply.
> 
> There are some parameters whate they are for i saw like:
> :
> 
> 
> 
> JkExtractSSL On
> 
> JkHTTPSIndicator HTTPS
> 
> JkSESSIONIndicator SSL_SESSION_ID
> 
> JkCIPHERIndicator SSL_CIPHER
> 
> JkCERTSIndicator SSL_CLIENT_CERT
> and
> 
> 
> JkOptions +ForwardKeySize +ForwardURICompat -ForwardDirectories
> 
> JkExtractSSL
> 
> etc etc
> 
> these are not helpful?

They are helpful and do serve a purpose.

Whether that has any bearing on your problem is a different matter
altogether.  You might consider explaining more clearly what you are
trying to achieve.


> and some one post like this:
> 
> http://ask.metafilter.com/53101/How-do-I-force-HTTPS-in-Tomcat-through-Apache-and-modjk
> 
> is also wrong?

Have you read any of the Tomcat documentation, or are you just googling?


p


> On Wed, Nov 9, 2011 at 3:47 PM, André Warnier <aw@ice-sa.com> wrote:
> 
>> Harsimranjit singh Kler wrote:
>>
>>> Hi
>>> I am using httpd 2.2.17 modjk 1.2.30 tomcat 6.0.I want to enable SSL in my
>>> setup.
>>>
>>> i Am able to successfully on httpd.but there is lot of confusion how to
>>> enable between httpd to AJP  & AJP to tomcat.
>>>
>>> There is no confusion. You can't do that. There is no SSL variant of the
>> AJP protocol.
>>
>>
>> There is not specific documentation also.
>>>
>>
>> For the same reason.
>>
>>
>>
>>> 1) what are step for modjk configurations?
>>> 2)Is AJP support SSL?
>>>
>>
>> No. That should have been the first question.
>>
>>
>> 3)Changes in server.xml for AJP port to support SSL requests via modjk?
>>>
>>> None, see above.
>>
>> Note : what you /can/ do, is to use mod_jk to pass all relevant SSL
>> information about the original client<->Apache connection, to Tomcat, via
>> HTTP headers.
>>
>> Additional note : of course, if you would really must do this, you could
>> still run the mod_jk-to-Tomcat connection over an SSL tunnel.  But that
>> would be something set up totally outside of Apache, Tomcat and their
>> configuration.
>> E.g.
>>
>> browser <-- HTTPS -->  apache + mod_jk -> localhost:localport1
>>
>> localport1 <-- SSL tunnel --> remoteport1 --> remote AJP port 8009 -->
>> Tomcat
>>
>> ------------------------------**------------------------------**---------
>> To unsubscribe, e-mail: users-unsubscribe@tomcat.**apache.org<users-unsubscribe@tomcat.apache.org>
>> For additional commands, e-mail: users-help@tomcat.apache.org
>>
>>
> 


-- 

[key:62590808]


Mime
View raw message