tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Schultz <ch...@christopherschultz.net>
Subject Re: Secure AJP load balancing problem
Date Thu, 03 Jan 2013 03:38:27 GMT
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Arun,

On 1/2/13 4:45 PM, Arunkumar Janarthanan wrote:
> I have Apache 2.2.22 and Tomcat 5.5 running on SSL 8443, I have
> tried my balancer members to use HTTPS port

So you are trying to use HTTPS over AJP? Did you mean APR?

Please post your <Connectors> from server.xml and your relevant httpd
configuration (e.g. ProxyPass). It would also be helpful if you were
to describe any <transport-guarantee> that you may have in your web
application(s).

> and finds the JSP pages doing ok for some reason the struts /
> action servlets would not accept secure protocol instead it
> redirects infinitely with the Tomcat server hostname and non-ssl 
> port.

Try a protocol trace using something like Mozilla Firefox's "web
console" or similar tools for other web browsers. This will show you
the request as sent by the browser and the response as seen by the
browser: it should show the pattern you describe above with more detail.

> Anybody had similar experience try configuring secure connectors on
> such environment ?

FWIW, I use stunnel to secure the back-channel between httpd and
Tomcat (using an AJP connector). While I haven't actually
performance-tested the two configurations against each other, my
rationale for this configuration was to reduce the number of SSL
handshakes that occur between httpd and Tomcat. Also, I've always used
AJP to tunneling AJP made more sense for us than switching-over to
HTTPS reverse-proxying.

- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with undefined - http://www.enigmail.net/

iEYEAREIAAYFAlDk/TMACgkQ9CaO5/Lv0PAidwCgguSezH47shnxzVXOBF564rFm
piIAnAy/8p0uTsF5Uxh2ViGVT7PFwgPY
=sm58
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message