Cyrille,
Nice if you've got that sort of money.
it is quite cool because you can off-load the https part
so some custom hardware - again cool if you've got the money
Personally i prefer mod_proxy_ajp with the balancing as well.
D
On 25/11/09 10:57, Cyrille Le Clerc wrote:
Hello,
As Ronald said, we made some drawings on a detailed document
"Tomcat, SSL, secure communications and X-Forwarded-Proto" (1) that
explains solutions to handle HTTPS at the Tomcat, Apache Httpd and
Load Balancer layers. The document is written in french but the google
translation is quite good (2).
My preference is to use a level 7 load balancer in front of Apache
httpd servers with mod_proxy_http+mod_proxy_balancer and then Tomcat
servers. Of course, this topology is not always the best one but is
very often relevant.
Hope this helps,
Cyrille
--
Cyrille Le Clerc
clecl...@xebia.fr
http://blog.xebia.fr
(1)
http://blog.xebia.fr/2009/11/13/tomcat-ssl-communications-securisees-et-x-forwarded-proto/
(2)
http://translate.google.com/translate?js=y&prev=_t&hl=en&ie=UTF-8&u=http%3A%2F%2Fblog.xebia.fr%2F2009%2F11%2F13%2Ftomcat-ssl-communications-securisees-et-x-forwarded-proto%2F&sl=fr&tl=en
On Wed, Nov 25, 2009 at 11:45 AM, Ronald Klop
<ronald-mailingl...@base.nl> wrote:
Always make a drawing.
client -> https -> tcp-loadbalancer -> still same https connection->
multiple tomcats
client -> https -> http-loadbalancer (Apache, proxy) -> new ajp/http(s)
connection-> multiple tomcats
Normally the loadbalancer and tomcats are in the same private network. It is
your choice if that is secure enough. In the end the data is unencrypted in
the database I guess, so normally you trust your own network.
Ronald.
Op woensdag, 25 november 2009 10:18 schreef jkv<j.kumara...@gmail.com>:
Hello,
We are using Tomcat 6.0 and running HTTPS (enabled SSL). The number of
requests has grown up and we have decided to do go for clustering and
loadbalancing. We have decided to go for Apache and mod_proxy/mod_jk
loadbalacing. My certificate resides in Tomcat.
In order to loadbalance HTTPS request using Apache and mod_proxy/mod_jk,
should I configure Apache to handle HTTPS and tell it about my certificate
details?
While loadbalancing I understand that http/https request to Apache is
converted to ajp and tunneled to Tomcat, so is ajp protocol secure? should
I
enable SSL in tomcat to handle this request?
Should I have two copies of my certificate files if Apache and Tomcat
reside
on two different physical machines(Horizontal Clustering)?
I searched the forums and they are too advanced for my question. I am
really
new to clustering and load balancing and any help is deeply appreciated.
Thanks in advance.
Regards
jkv
--
View this message in context:
http://old.nabble.com/Tomcat-Https-loadbalancing---tp26509573p26509573.html
Sent from the Tomcat - User mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
