minfrin commented on pull request #382: URL: https://github.com/apache/tomcat/pull/382#issuecomment-735452576
> Is this complete from your POV? I'd like to give this a spin next month on FreeBSD. > Did you run some numbers how it compares for your usecase against localhost? It's complete from my POV. My chief interest is getting rid of passwords rather than performance. If I run a server on localhost I need to prevent someone or something trying to connect to that endpoint through the backdoor, and that means shared secrets to protect credentials that show up in backups, etc. What I want is for httpd to do it's proxy magic, and connect to tomcat over UDS. I can configure this so that only httpd is allowed to connect to tomcat and nothing else. I can then pass certificate credentials from httpd to tomcat using unencrypted JWT, and life becomes easy. Exposing tomcat directly is no good as there are many tomcats in my case, and I want them separate from one another, but exposed through the same webserver. AJP over UDS for credential transfer is also theoretically possible, but people are starting to withdraw support for AJP. ---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
