tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Arunkumar Janarthanan <arunkumar.webad...@gmail.com>
Subject Re: mod_proxy SSL protocol support for balancermember
Date Fri, 07 Dec 2012 16:34:05 GMT
Thanks for the response Gentlemen, I am not really particular about the AJP
for secure communication as long as I can use https that should work for
me, the reason for specific secure communication between Apache and Tomcat
is the PCI compliance enforcing us not to have any other protocol other
than https.

Please let me know if you have any questions.

Thanks,
Arun Janarthanan

On Fri, Dec 7, 2012 at 11:09 AM, André Warnier <aw@ice-sa.com> wrote:

> Vladimir,
>
> on this list, the rule is to not "top post".
> Post your answer below the original message, or below the question to
> which it refers.
> This way, one can follow the conversation logically.
>
>
>
>>
>> ----- Original Message -----
>> From: Arunkumar Janarthanan <arunkumar.webadmin@gmail.com>
>> To: Tomcat Users List <users@tomcat.apache.org>
>> Cc: Sent: Friday, December 7, 2012 5:49 PM
>> Subject: mod_proxy SSL protocol support for balancermember
>>
>> Hi,
>>
>> I am using Apache 2.2.22 version on RHEL5 and there are instances runs for
>> credit card data processing, now that the communication between Apache and
>> Tomcat through proxy balancing uses AJP protocol for the communication and
>> data tranfer.
>>
>> I was wondering if there is a way we can use HTTPS protocol in Apache
>> balancer member after enabling SSL on tomcat engine.
>>
>> I did enable https on balancer configuration which doesn't work for me got
>> a 500 error without any appropriate error message on Apache logs.
>>
>>  Vladimir Girnet wrote:
> > Here is my working configuration - httpd proxy (also on RHEL 5)
> > ----------------------
> >   SSLProxyEngine On
> >   <Proxy balancer://tomcat_cluster>
> >     BalancerMember https://10.10.10.11:8443
> >     BalancerMember https://10.10.10.12:8443
> >   </Proxy>
> >
> >
> >   # Pass requests to balancer
> >   ProxyPass / balancer://tomcat_cluster/
> >   ProxyPassReverse / balancer://tomcat_cluster/
> > ---------------------
> >
> > --
>
> Yes, but this is not using the AJP protocol.
> The AJP protocol does not support SSL (so using mod_proxy_AJP will not
> work, and mod_jk neither)
> If you really need AJP, there are possibilities using SSL tunnels etc.
> Search the list archives for those.
>
> But maybe a question first : the usual setup with a front-end
> load-balancer is to use HTTPS between the client browser and the front-end,
> but "terminate" HTTPS at the front-end, and make a normal connection from
> the front-end to the back-end tomcats, which tend to be in the same local
> network as the front-end anyway.
> Having a first encryption-decryption and then a second
> encryption-decryption again introduces a significant overhead.
> So, do you have a specific reason for which you want to do this ?
>
>
>
>
>
>
> ------------------------------**------------------------------**---------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.**apache.org<users-unsubscribe@tomcat.apache.org>
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message