tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Harsimranjit singh Kler <simran...@gmail.com>
Subject Re: SSL for modjk and tomcat
Date Thu, 10 Nov 2011 08:28:59 GMT
Thanks guys .i will take care while posting in future.

So far i will go for ssl between browser and httpd only.

On Thu, Nov 10, 2011 at 1:40 PM, chris derham <chris@derham.me.uk> wrote:

> >
> > Simple i have setup httpd,modjk,tomcat .i want to enable SSL(i.e i can
> > handle everything on https).
> >
>
> If you have httpd sending traffic via mod_jk to tomcat, you are nearly
> there. Just configure httpd to listen over ssl.
>
> >
> > > If (instead) you want to encrypt the AJP connection between HTTPD and
> > Tomcat, you'll have to use an SSH tunnel because the AJP protocol is not
> > encrypted.
> >
> >  Now AJP not support SSL fine. i.e AJP protocol is not
> > encrypted.
> > i dont want SSH tunnel.
> >
>
> That's fine if you don't want/need a tunnel
>
> >
> > What other approach i can follow now.i mean other way ?
> >
>
> > i am not sure where to configure those mod jk directive and what
> > configurations at tomcat side?
> >
>
> I don't think you quite understand how this list works. You need to ask a
> specific question, and people will generally try to provide a specific
> answer. In your email you say you have httpd/mod_jk/tomcat communicating.
> You keep saying that you want to "turn on ssl". As 3 people have already
> pointed out, you can have ssl between browser and httpd. You can have ssl
> between httpd and tomcat, but you said you don't want that. If you
> configure httpd for ssl, then you're probably there. IMO you only to worry
> about those mod_jk directives if you need tomcat to know that it is being
> handed a connection that has come from an ssl connection. Perhaps explain
> why you need this ssl information in your app? Perhaps supply a copy of
> web.xml with the security constraints?
>
> In short help us help you -
> http://www.catb.org/~esr/faqs/smart-questions.html
>
> Chris
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message