Return-Path: 
 <users-return-229604-apmail-tomcat-users-archive=tomcat.apache.org@tomcat.apache.org>
X-Original-To: apmail-tomcat-users-archive@www.apache.org
Delivered-To: apmail-tomcat-users-archive@www.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id 1312B7E38
	for <apmail-tomcat-users-archive@www.apache.org>;
 Wed, 23 Nov 2011 12:30:08 +0000 (UTC)
Received: (qmail 62305 invoked by uid 500); 23 Nov 2011 12:30:04 -0000
Delivered-To: apmail-tomcat-users-archive@tomcat.apache.org
Received: (qmail 62133 invoked by uid 500); 23 Nov 2011 12:30:04 -0000
Mailing-List: contact users-help@tomcat.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:users-help@tomcat.apache.org>
List-Unsubscribe: <mailto:users-unsubscribe@tomcat.apache.org>
List-Post: <mailto:users@tomcat.apache.org>
List-Id: <users.tomcat.apache.org>
Reply-To: "Tomcat Users List" <users@tomcat.apache.org>
Delivered-To: mailing list users@tomcat.apache.org
Received: (qmail 62124 invoked by uid 99); 23 Nov 2011 12:30:04 -0000
Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136)
    by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 23 Nov 2011 12:30:04 +0000
X-ASF-Spam-Status: No, hits=-0.0 required=5.0
	tests=SPF_PASS
X-Spam-Check-By: apache.org
Received-SPF: pass (athena.apache.org: domain of aw@ice-sa.com designates
 212.85.38.228 as permitted sender)
Received: from [212.85.38.228] (HELO tor.combios.es) (212.85.38.228)
    by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 23 Nov 2011 12:29:56 +0000
Received: from [192.168.245.129] (p549E95AD.dip0.t-ipconnect.de
 [84.158.149.173])
	by tor.combios.es (Postfix) with ESMTPA id D5A65DA0184
	for <users@tomcat.apache.org>; Wed, 23 Nov 2011 13:29:31 +0100 (CET)
Message-ID: <4ECCE731.90202@ice-sa.com>
Date: Wed, 23 Nov 2011 13:29:37 +0100
From: =?UTF-8?B?QW5kcsOpIFdhcm5pZXI=?= <aw@ice-sa.com>
Reply-To: Tomcat Users List <users@tomcat.apache.org>
User-Agent: Thunderbird 2.0.0.23 (Windows/20090812)
MIME-Version: 1.0
To: Tomcat Users List <users@tomcat.apache.org>
Subject: Re: tomcat http connector
References: 
 <B815C26F687D26448A336840033924ED42030D6BEE@INDIAMBX01.corp.adobe.com>
 <99C8B2929B39C24493377AC7A121E21FB00B77B945@USEA-EXCH8.na.uis.unisys.com>
 <B815C26F687D26448A336840033924ED42030D6BFC@INDIAMBX01.corp.adobe.com>
 <99C8B2929B39C24493377AC7A121E21FB00B77B947@USEA-EXCH8.na.uis.unisys.com>
 <B815C26F687D26448A336840033924ED42030D6C05@INDIAMBX01.corp.adobe.com>
 <4ECC155B.40701@christopherschultz.net> <4ECC18DF.8000507@ice-sa.com>
 <B815C26F687D26448A336840033924ED42030D6E2B@INDIAMBX01.corp.adobe.com>
In-Reply-To: 
 <B815C26F687D26448A336840033924ED42030D6E2B@INDIAMBX01.corp.adobe.com>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 8bit

It is easier to follow the conversation if questions/responses follow in a logical order.
In other words, please do not "top-post".


Asha K S wrote:
> Hi,
> 
> Thank you all for helping me in this regard. Can you please point me to documentation which helps me configure https between Apache and Tomcat.
> Also in AJPv13 extensions proposal (http://tomcat.apache.org/connectors-doc/ajp/ajpv13ext.html) one add on suggests "Basic authorisation system, where a shared secret key is present in web server and servlet engine" do we know if this is still under consideration.
> 

As far as I know, this exists already, at least with mod_jk.
Look at the documentation for the mod_jk connector , and at the AJP <Connector> 
documentation in Tomcat.
I don't know about mod_proxy_ajp.


> Thanks,
> Asha
> 
> -----Original Message-----
> From: André Warnier [mailto:aw@ice-sa.com] 
> Sent: Wednesday, November 23, 2011 3:19 AM
> To: Tomcat Users List
> Subject: Re: tomcat http connector
> 
> Christopher Schultz wrote:
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> Asha,
>>
>> On 11/22/11 2:15 AM, Asha K S wrote:
>>> Is there any performance comparison document available already
>>> between http and AJP
>> It should be easy to test in your own environment.
>>
>> If you are using AJP through another web server, the overhead of the
>> server itself is obviously non-zero.
>>
>> If you're asking about connecting httpd and Tomcat via HTTP or AJP,
>> then you'll have to do your own testing. I'm not sure there are any
>> current performance comparisons out there.
>>
>> If you are using HTTPS in to Tomcat (that is, terminating SSL at
>> httpd, then using HTTPS between httpd and Tomcat) then you definitely
>> want to use the APR (aka "native") connector as it's crypto
>> implementation is much faster than the Java one.
>>
> 
> Addendum : but if you do the above, and you are looking for performance, then you should 
> at least think of what it means :
> 
> browser (1) <-- HTTPS A --> (2) Apache (3) <-- HTTPS B --> (4) Tomcat
> 
> (1) encryption (by the browser)
> (2) decryption (by Apache)
> (3) encryption (by Apache)
> (4) decryption (by Tomcat)
> 
> encryption/decryption is a CPU-intensive process, so you will want to do it only where it 
> is necessary.  If the link between Apache and Tomcat is "safe" (in other words, they are 
> both on the same host, or the link is a safe internal network), then you probably do not 
> want to use HTTPS there.
> Even if the link between Apache and Tomcat is unencrypted HTTP (or AJP), you can still 
> pass information from Apache to Tomcat about the browser/Apache HTTPS connection, if you 
> need to.
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
> 


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org