tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Harsimranjit singh Kler <simran...@gmail.com>
Subject Re: SSL for modjk and tomcat
Date Wed, 09 Nov 2011 11:20:47 GMT
hi

Thanks for reply.

There are some parameters whate they are for i saw like:
:



JkExtractSSL On

JkHTTPSIndicator HTTPS

JkSESSIONIndicator SSL_SESSION_ID

JkCIPHERIndicator SSL_CIPHER

JkCERTSIndicator SSL_CLIENT_CERT
and


JkOptions +ForwardKeySize +ForwardURICompat -ForwardDirectories

JkExtractSSL

etc etc

these are not helpful?

and some one post like this:

http://ask.metafilter.com/53101/How-do-I-force-HTTPS-in-Tomcat-through-Apache-and-modjk

is also wrong?









On Wed, Nov 9, 2011 at 3:47 PM, André Warnier <aw@ice-sa.com> wrote:

> Harsimranjit singh Kler wrote:
>
>> Hi
>> I am using httpd 2.2.17 modjk 1.2.30 tomcat 6.0.I want to enable SSL in my
>> setup.
>>
>> i Am able to successfully on httpd.but there is lot of confusion how to
>> enable between httpd to AJP  & AJP to tomcat.
>>
>> There is no confusion. You can't do that. There is no SSL variant of the
> AJP protocol.
>
>
> There is not specific documentation also.
>>
>
> For the same reason.
>
>
>
>> 1) what are step for modjk configurations?
>> 2)Is AJP support SSL?
>>
>
> No. That should have been the first question.
>
>
> 3)Changes in server.xml for AJP port to support SSL requests via modjk?
>>
>> None, see above.
>
> Note : what you /can/ do, is to use mod_jk to pass all relevant SSL
> information about the original client<->Apache connection, to Tomcat, via
> HTTP headers.
>
> Additional note : of course, if you would really must do this, you could
> still run the mod_jk-to-Tomcat connection over an SSL tunnel.  But that
> would be something set up totally outside of Apache, Tomcat and their
> configuration.
> E.g.
>
> browser <-- HTTPS -->  apache + mod_jk -> localhost:localport1
>
> localport1 <-- SSL tunnel --> remoteport1 --> remote AJP port 8009 -->
> Tomcat
>
> ------------------------------**------------------------------**---------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.**apache.org<users-unsubscribe@tomcat.apache.org>
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message