Hello, As Ronald said, we made some drawings on a detailed document "Tomcat, SSL, secure communications and X-Forwarded-Proto" (1) that explains solutions to handle HTTPS at the Tomcat, Apache Httpd and Load Balancer layers. The document is written in french but the google translation is quite good (2).
My preference is to use a level 7 load balancer in front of Apache httpd servers with mod_proxy_http+mod_proxy_balancer and then Tomcat servers. Of course, this topology is not always the best one but is very often relevant. Hope this helps, Cyrille -- Cyrille Le Clerc clecl...@xebia.fr http://blog.xebia.fr (1) http://blog.xebia.fr/2009/11/13/tomcat-ssl-communications-securisees-et-x-forwarded-proto/ (2) http://translate.google.com/translate?js=y&prev=_t&hl=en&ie=UTF-8&u=http%3A%2F%2Fblog.xebia.fr%2F2009%2F11%2F13%2Ftomcat-ssl-communications-securisees-et-x-forwarded-proto%2F&sl=fr&tl=en On Wed, Nov 25, 2009 at 11:45 AM, Ronald Klop <ronald-mailingl...@base.nl> wrote: > Always make a drawing. > > client -> https -> tcp-loadbalancer -> still same https connection-> > multiple tomcats > > client -> https -> http-loadbalancer (Apache, proxy) -> new ajp/http(s) > connection-> multiple tomcats > > Normally the loadbalancer and tomcats are in the same private network. It is > your choice if that is secure enough. In the end the data is unencrypted in > the database I guess, so normally you trust your own network. > > Ronald. > > > Op woensdag, 25 november 2009 10:18 schreef jkv <j.kumara...@gmail.com>: >> >> >> Hello, >> >> We are using Tomcat 6.0 and running HTTPS (enabled SSL). The number of >> requests has grown up and we have decided to do go for clustering and >> loadbalancing. We have decided to go for Apache and mod_proxy/mod_jk >> loadbalacing. My certificate resides in Tomcat. >> In order to loadbalance HTTPS request using Apache and mod_proxy/mod_jk, >> should I configure Apache to handle HTTPS and tell it about my certificate >> details? >> While loadbalancing I understand that http/https request to Apache is >> converted to ajp and tunneled to Tomcat, so is ajp protocol secure? should >> I >> enable SSL in tomcat to handle this request? >> Should I have two copies of my certificate files if Apache and Tomcat >> reside >> on two different physical machines(Horizontal Clustering)? >> >> I searched the forums and they are too advanced for my question. I am >> really >> new to clustering and load balancing and any help is deeply appreciated. >> Thanks in advance. >> >> Regards >> jkv >> -- >> View this message in context: >> http://old.nabble.com/Tomcat-Https-loadbalancing---tp26509573p26509573.html >> Sent from the Tomcat - User mailing list archive at Nabble.com. >> >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >> For additional commands, e-mail: users-h...@tomcat.apache.org >> >> >> >> > > --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
