This is currently how I have my CAS 5.2 install setup. We use Apache as the SSL handler because it is usually more up to date cipher wise than Tomcat. The setup isn't too difficult, you just need to enable mod_proxy, mod_proxy_html, rewrite, and ssl in apache. Then you want to create a vhost like the one attached with your values plugged in.
After that you want to let tomcat know that you're using a proxy by setting up your connector like so in server.xml: <Connector port="8080" protocol="org.apache.coyote.http11.Http11AprProtocol" connectionTimeout="20000" URIEncoding="UTF-8" server="Apache" address="127.0.0.1" maxThreads="150" proxyPort="443" proxyName="<your server fqdn here>" scheme="https" secure="true"/> you also want to setup a valve for your proxy setup in server.xml. Put your servers IP in the regex for internalProxies <!-- Get client IP from proxy --> <Valve className="org.apache.catalina.valves.RemoteIpValve" internalProxies="127\.0\.0\.1|10\.0\.0\.23" remoteIpHeader="x-forwarded-for" protocolHeader="x-forwarded-proto" requestAttributesEnabled="true" /> That should get you off to a good start. You may also want to default all your traffic to SSL by creating a rewrite rule in the 000-default.conf file for apache. --Mike K. On Mon, Apr 16, 2018 at 9:26 PM, Lionel Samuel <lionel.samue...@gmail.com> wrote: > Hello All: > > Our University will be installing CAS, and are currently looking at > installing CAS in Tomcat, and proxying connections via Apache HTTP (fall on > same server). > > The rationale is that Tomcat is never directly exposed, so the proxying > via Apache HTTP offers a measure of added cocooning. > > Has anyone done the same? We don't want to be trailblazers or > over-engineer. > > > > > -- > - Website: https://apereo.github.io/cas > - Gitter Chatroom: https://gitter.im/apereo/cas > - List Guidelines: https://goo.gl/1VRrw7 > - Contributions: https://goo.gl/mh7qDG > --- > You received this message because you are subscribed to the Google Groups > "CAS Community" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to cas-user+unsubscr...@apereo.org. > To view this discussion on the web visit https://groups.google.com/a/ > apereo.org/d/msgid/cas-user/c6997220-cc9a-4f6f-95a9- > b2c39e942b60%40apereo.org > <https://groups.google.com/a/apereo.org/d/msgid/cas-user/c6997220-cc9a-4f6f-95a9-b2c39e942b60%40apereo.org?utm_medium=email&utm_source=footer> > . > -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CALfsmq5URTX_tMfaF%2BOf-aV6Se-X52Edoz3v2QXH18%2BgAu8w5g%40mail.gmail.com.
Description: Binary data