tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From André Warnier ...@ice-sa.com>
Subject Re: Apache HTTP + Tomcat + SSL
Date Mon, 30 Sep 2013 13:11:19 GMT
Daniel Mikusa wrote:
> On Sep 30, 2013, at 8:20 AM, Leonardo Torres <leonardotorres9@gmail.com> wrote:
> 
>> Hi guys,
>>
>> I have the following structure :
>>
>> Apache HTTP (Proxy) --> Tomcat .
>>
>> So, I have configured SSL on Apache HTTP, how do I configure SSL in my
>> application in Tomcat?
> 
> Need some more info here...
> 
> 1.) What version of HTTPD & Tomcat are you using?
> 2.) Do you need SSL between HTTPD & Tomcat?  or do you just want Tomcat to know that
SSL has been terminated by HTTPD?
> 3.) How is HTTPD communicating with Tomcat?  via AJP or HTTP?
> 
> Dan
> 
and the reasons for the above judicious questions are :

browser <-- SSL --> httpd + mod_proxy_http <-- SSL or not --> Tomcat HTTP/HTTPS
Connector
                  or httpd + mod_proxy_AJP  <-- not SSL    --> Tomcat AJP Connector
                  or httpd + mod_jk         <-- not SSL    --> Tomcat AJP Connector

2) SSL is "expensive". Apache has to decrypt the browser communication anyway.
The if you use SSL between Apache and Tomcat, Apache has to re-encrypt the data, and 
Tomcat to re-decrypt it. That takes resources, so if you don't need it, don't do it.
Even if you use HTTP/AJP, httpd can pass on to Tomcat the received SSL headers, so Tomcat

can inspect them.
3) AJP does not support SSL

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message