tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From André Warnier ...@ice-sa.com>
Subject Re: SSl Query-- please help
Date Mon, 22 Oct 2012 06:34:38 GMT
vicky007aggarwal@yahoo.co.in wrote:
> All/Andre,
> 
> 
> """You could probably do this using mod_proxy_http instead of mod_jk (and a HTTPS Connector
in Tomcat).  But you should then also accept the overhead."""
> 
> Queries :
> 
> 1. Based on above comment does that mean i can use mod_proxy module in order to have
ssl communication between apache & tomcat.???
> 

I think so, but you'd have to check that with the Apache documentation.

> 2. Load balancing wont work using mod _proxy , correct ??

Wrong.  Look at the Apache documentation, mod_proxy_balancer

> 
> 3. What overhead you're talking in setting up in setting up mod_proxy for ssl communication
between apache & tomcat
> 

Setting it up is not the overhead problem. The overhead is because :

browser <- HTTPS -> Apache <- HTTPS -> Tomcat.

meaning :
- the browser encrypts (you don't care)
- Apache decrypts (overhead, but unavoidable)
- Apache encrypts (overhead, avoidable)
- Tomcat decrypts (overhead, avoidable)

and that is for every single request and response.
It's ok if you do not expect a lot of traffic.  But since you are talking load-balancing,

you may expect a lot of traffic.

> Thanks,
> Vicky
> 
> 
> On Oct 22, 2012, at 1:30 AM, Christopher Schultz <chris@christopherschultz.net>
wrote:
> 
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> Vivek,
>>
>> On 10/20/12 2:22 AM, vivek aggarwal wrote:
>>> I need to setup the SSL over my tomcat ,which i am able to do it
>>> by generating Self signed certificate using Keytool
>> Good.
>>
>>> But when  i am redirecting the request form apache using "mod_jk 
>>> "module its not working.
>> What part doesn't work?
>>
>>> I am not sure how to make Apache & Tomcat work in SSL when using 
>>> Mod_jk module as i need load balancing
>> mod_jk does not support SSL communication between httpd <-> Tomcat:
>> you'll have to terminate SSL at the httpd level. If you want to
>> encrypt the traffic between httpd and Tomcat, you'll need to use a
>> VPN, ssh tunnel or stunnel (which is just an automated ssh tunnel).
>>
>>> Can someone please share the steps for doing ssl setup when apache
>>> is used along with Tomcat
>> Have you been able to get httpd working with SSL? Once you do that,
>> everything else should be straightforward (not that getting httpd
>> working with SSL is at all difficult).
>>
>> Just be aware that httpd doesn't use Java keystores, so you'll need to
>> create your keys and certificates using 'openssl' from the
>> command-line instead of working with 'keytool'.
>>
>> - -chris
>> -----BEGIN PGP SIGNATURE-----
>> Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
>> Comment: GPGTools - http://gpgtools.org
>> Comment: Using GnuPG with Mozilla - http://www.enigmail.net/
>>
>> iEYEARECAAYFAlCEVHMACgkQ9CaO5/Lv0PAlIACeIxE9lgHiZaDpiPszUFBD5hiF
>> lNIAn2MseZynznuQ94/6xitYHJZb05lb
>> =PUqf
>> -----END PGP SIGNATURE-----
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>> For additional commands, e-mail: users-help@tomcat.apache.org
>>
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
> 
> 


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message