tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From André Warnier ...@ice-sa.com>
Subject Re: Apache HTTP + Tomcat + SSL
Date Mon, 30 Sep 2013 13:40:00 GMT
Hi.

Do not top-post on this list.  If someone looks at your last message, he has to then 
scroll dow the message to try to figure out what you are responding to.  That is annoying.
So I moved your responses where they belong.

> 
> On Mon, Sep 30, 2013 at 10:11 AM, André Warnier <aw@ice-sa.com> wrote:
> 
>> Daniel Mikusa wrote:
>>
>>> On Sep 30, 2013, at 8:20 AM, Leonardo Torres <leonardotorres9@gmail.com>
>>> wrote:
>>>
>>>  Hi guys,
>>>> I have the following structure :
>>>>
>>>> Apache HTTP (Proxy) --> Tomcat .
>>>>
>>>> So, I have configured SSL on Apache HTTP, how do I configure SSL in my
>>>> application in Tomcat?
>>>>
>>> Need some more info here...
>>>
>>> 1.) What version of HTTPD & Tomcat are you using?

> Tomcat version is 7.0.42

>>> 2.) Do you need SSL between HTTPD & Tomcat?  or do you just want Tomcat
>>> to know that SSL has been terminated by HTTPD?
>>> 3.) How is HTTPD communicating with Tomcat?  via AJP or HTTP?

 > Currently, the communication between httpd and tomcat is via HTTP.

Ok, but you have not answered the question entirely yet.  What is the Apache httpd "proxy

module" that is used to communicate between Apache httpd and Tomcat ?
Can you copy here the Apache httpd configuration lines that have "proxy" in them ?

>>>
>>> Dan
>>>
>>>  and the reasons for the above judicious questions are :
>> browser <-- SSL --> httpd + mod_proxy_http <-- SSL or not --> Tomcat
>> HTTP/HTTPS Connector
>>                  or httpd + mod_proxy_AJP  <-- not SSL    --> Tomcat AJP
>> Connector
>>                  or httpd + mod_jk         <-- not SSL    --> Tomcat AJP
>> Connector
>>
>> 2) SSL is "expensive". Apache has to decrypt the browser communication
>> anyway.
>> The if you use SSL between Apache and Tomcat, Apache has to re-encrypt the
>> data, and Tomcat to re-decrypt it. That takes resources, so if you don't
>> need it, don't do it.
>> Even if you use HTTP/AJP, httpd can pass on to Tomcat the received SSL
>> headers, so Tomcat can inspect them.
>> 3) AJP does not support SSL
>>
>>

 >
 >
 > I have a resource within the tomcat that needs to be accessed via SSL, but
 > the SSL is configured on HTTPD.  How can I configure that ?
 >
 > Excuse me, but I'm newbie in server configuration.
 >

Understood, and that is not a sin.

The question is now : why does that application require HTTPS ?
An application usually doesn't care how it is accessed, except if some configuration of 
the application requires it to get some information from the SSL protocol (like a user 
certificate or so).  What does this application need ?



---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message