tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From André Warnier>
Subject Re: Change Default SSL port on Tomcat
Date Fri, 16 Dec 2011 19:04:24 GMT
Pid * wrote:
>> Thank you pid,
>> I looked in Catalina.out and found out 443 port is already in use error
>> and I had listen 443 in apache, so removed it and now tomcat
>> comes up and all is good.
>> I am not sure if it is better to serve ssl and https through Tomcat or Apache
> So your plan is to serve normal traffic via HTTPD, mod_jk but send the
> SSL traffic straight to Tomcat?
> That would be, erm, unusual.
Yes, there is something in that whole explanation which didn't sound quite right.

To the Original Poster, if this wasn't clear yet :
The AJP protocol does not support SSL connections.
In other words, if your connection schema is :

browser <-(1)-> Apache + mod_jk  <-(2)-> AJP Connector on port 8009 + Tomcat
                    (or mod_proxy_ajp)

then (2) cannot be a HTTPS connection.
The normal thing is to have (1) be a HTTPS connection, which ends at the Apache level.
Then mod_jk (or mod_proxy_ajp) forwards the requests to Tomcat via (2), but that is an AJP

protocol connection, which is not encrypted.
It can forward the original SSL headers, so that Tomcat can have a look at them, but 
that's it.

Most likely, when you are establishing an HTTPS connection between the browser and Tomcat,

it goes "around" Apache httpd, directly to Tomcat, like this :

browser <--(1)-------------------------> HTTPS Connector + Tomcat

            Apache + mod_jk (totally unaware of what's going on now)

Maybe you are just unaware of this because both Apache httpd and Tomcat are running on the

same host, so have the same hostname and IP address, which just the port being different.

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message