Re: Tomcat-Apache and SSL- Re-Post
The localPort that mod_jk(2) sends depends on the Apache setting for UseCannonicalName. If you set it to 'off', then it should always send the TCP port (as opposed to the configured port). Wade Billings [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] The AJP port is 8009 (stock), but the issue lies where our application takes the port (80/8000) and determines whether or not the page is suppose to be secure (https). Since the load balancer does all of the SSL for us, everything is passed to the web/app server as http, and it appears that tomcat is assuming that because it is http, it came from port 80. Apache is currently configured to listen for http traffic on both ports 80 and 8000. Jrun is able to take the port number and pass that to the app. When we do a request.getLocalPort(), it returns port 80, when it should be returning port 8000. Is there a way to tell tomcat (using the AJP/13 connector) to pass through the port number from the requestor? Do you think that this is an Apache, or Tomcat configuration issue? Again, any help is greatly appreciated. Cheers, Q. Wade Billings -Original Message- From: news [mailto:[EMAIL PROTECTED] On Behalf Of Bill Barker Sent: Sunday, September 12, 2004 1:12 PM To: [EMAIL PROTECTED] Subject: Re: Tomcat-Apache and SSL- Re-Post If 8000 is the Apache port, then use request.getLocalPort(). If 8000 is the AJP port, it can't be done. Wade Billings [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Here is a fun one for ya all... We recently decided to migrate from a Jrun/Apahe platform to an Apache2.0/Tomcat5.0 platform. Everything went great until we placed it into production and found that our SSL sites were broken. Here are the details, and forgive me, as I am not a developer so I may misquote some Java terminology Be patient... WE determine whether or not a page is secured via which port it is sourced from. We have a pair of load balancers, which handle all of the SSL, and pass only HTTP/1.1 back to the actual web servers where the JVM sits. IN order for the app to determine whether or not it is secure, we source all SSL'ized traffic from port 8000. This setup works very well on Jrun, but not so well on Tomcat. It appears that for some reason, the source port of 8000 is either lost or ignored during the Apache/AJP13/Tomcat conversation. What I need to be able to do is to get Tomcat to recognize that the source port from the load balancer has changed from port 80 to port 8000 so our app will behave correctly and will present our pages as secure. Any help is greatly appreciated. Cheers, Q. Wade Billings - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Tomcat-Apache and SSL- Re-Post
Thank you for the suggestion, I will try this tomorrow and post the results. Cheers, Q. Wade Billings -Original Message- From: news [mailto:[EMAIL PROTECTED] On Behalf Of Bill Barker Sent: Tuesday, September 14, 2004 7:27 PM To: [EMAIL PROTECTED] Subject: Re: Tomcat-Apache and SSL- Re-Post The localPort that mod_jk(2) sends depends on the Apache setting for UseCannonicalName. If you set it to 'off', then it should always send the TCP port (as opposed to the configured port). Wade Billings [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] The AJP port is 8009 (stock), but the issue lies where our application takes the port (80/8000) and determines whether or not the page is suppose to be secure (https). Since the load balancer does all of the SSL for us, everything is passed to the web/app server as http, and it appears that tomcat is assuming that because it is http, it came from port 80. Apache is currently configured to listen for http traffic on both ports 80 and 8000. Jrun is able to take the port number and pass that to the app. When we do a request.getLocalPort(), it returns port 80, when it should be returning port 8000. Is there a way to tell tomcat (using the AJP/13 connector) to pass through the port number from the requestor? Do you think that this is an Apache, or Tomcat configuration issue? Again, any help is greatly appreciated. Cheers, Q. Wade Billings -Original Message- From: news [mailto:[EMAIL PROTECTED] On Behalf Of Bill Barker Sent: Sunday, September 12, 2004 1:12 PM To: [EMAIL PROTECTED] Subject: Re: Tomcat-Apache and SSL- Re-Post If 8000 is the Apache port, then use request.getLocalPort(). If 8000 is the AJP port, it can't be done. Wade Billings [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Here is a fun one for ya all... We recently decided to migrate from a Jrun/Apahe platform to an Apache2.0/Tomcat5.0 platform. Everything went great until we placed it into production and found that our SSL sites were broken. Here are the details, and forgive me, as I am not a developer so I may misquote some Java terminology Be patient... WE determine whether or not a page is secured via which port it is sourced from. We have a pair of load balancers, which handle all of the SSL, and pass only HTTP/1.1 back to the actual web servers where the JVM sits. IN order for the app to determine whether or not it is secure, we source all SSL'ized traffic from port 8000. This setup works very well on Jrun, but not so well on Tomcat. It appears that for some reason, the source port of 8000 is either lost or ignored during the Apache/AJP13/Tomcat conversation. What I need to be able to do is to get Tomcat to recognize that the source port from the load balancer has changed from port 80 to port 8000 so our app will behave correctly and will present our pages as secure. Any help is greatly appreciated. Cheers, Q. Wade Billings - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Tomcat-Apache and SSL- Re-Post
The AJP port is 8009 (stock), but the issue lies where our application takes the port (80/8000) and determines whether or not the page is suppose to be secure (https). Since the load balancer does all of the SSL for us, everything is passed to the web/app server as http, and it appears that tomcat is assuming that because it is http, it came from port 80. Apache is currently configured to listen for http traffic on both ports 80 and 8000. Jrun is able to take the port number and pass that to the app. When we do a request.getLocalPort(), it returns port 80, when it should be returning port 8000. Is there a way to tell tomcat (using the AJP/13 connector) to pass through the port number from the requestor? Do you think that this is an Apache, or Tomcat configuration issue? Again, any help is greatly appreciated. Cheers, Q. Wade Billings -Original Message- From: news [mailto:[EMAIL PROTECTED] On Behalf Of Bill Barker Sent: Sunday, September 12, 2004 1:12 PM To: [EMAIL PROTECTED] Subject: Re: Tomcat-Apache and SSL- Re-Post If 8000 is the Apache port, then use request.getLocalPort(). If 8000 is the AJP port, it can't be done. Wade Billings [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Here is a fun one for ya all... We recently decided to migrate from a Jrun/Apahe platform to an Apache2.0/Tomcat5.0 platform. Everything went great until we placed it into production and found that our SSL sites were broken. Here are the details, and forgive me, as I am not a developer so I may misquote some Java terminology Be patient... WE determine whether or not a page is secured via which port it is sourced from. We have a pair of load balancers, which handle all of the SSL, and pass only HTTP/1.1 back to the actual web servers where the JVM sits. IN order for the app to determine whether or not it is secure, we source all SSL'ized traffic from port 8000. This setup works very well on Jrun, but not so well on Tomcat. It appears that for some reason, the source port of 8000 is either lost or ignored during the Apache/AJP13/Tomcat conversation. What I need to be able to do is to get Tomcat to recognize that the source port from the load balancer has changed from port 80 to port 8000 so our app will behave correctly and will present our pages as secure. Any help is greatly appreciated. Cheers, Q. Wade Billings - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Tomcat-Apache and SSL- Re-Post
Here is a fun one for ya all... We recently decided to migrate from a Jrun/Apahe platform to an Apache2.0/Tomcat5.0 platform. Everything went great until we placed it into production and found that our SSL sites were broken. Here are the details, and forgive me, as I am not a developer so I may misquote some Java terminology Be patient... WE determine whether or not a page is secured via which port it is sourced from. We have a pair of load balancers, which handle all of the SSL, and pass only HTTP/1.1 back to the actual web servers where the JVM sits. IN order for the app to determine whether or not it is secure, we source all SSL'ized traffic from port 8000. This setup works very well on Jrun, but not so well on Tomcat. It appears that for some reason, the source port of 8000 is either lost or ignored during the Apache/AJP13/Tomcat conversation. What I need to be able to do is to get Tomcat to recognize that the source port from the load balancer has changed from port 80 to port 8000 so our app will behave correctly and will present our pages as secure. Any help is greatly appreciated. Cheers, Q. Wade Billings
AW: Tomcat-Apache and SSL- Re-Post
Hi ... that the source port from the load balancer has changed from port 80 to port 8000 so our app will behave correctly and will present our pages as secure. Are you sure, you are talking about source ports? Since you need to contact tomcat on the same port every time and your target and source ips are always the same too, there would be no way for the tcp/ip stack to associate packets with connection... Regards, Steffen - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat-Apache and SSL- Re-Post
If 8000 is the Apache port, then use request.getLocalPort(). If 8000 is the AJP port, it can't be done. Wade Billings [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Here is a fun one for ya all... We recently decided to migrate from a Jrun/Apahe platform to an Apache2.0/Tomcat5.0 platform. Everything went great until we placed it into production and found that our SSL sites were broken. Here are the details, and forgive me, as I am not a developer so I may misquote some Java terminology Be patient... WE determine whether or not a page is secured via which port it is sourced from. We have a pair of load balancers, which handle all of the SSL, and pass only HTTP/1.1 back to the actual web servers where the JVM sits. IN order for the app to determine whether or not it is secure, we source all SSL'ized traffic from port 8000. This setup works very well on Jrun, but not so well on Tomcat. It appears that for some reason, the source port of 8000 is either lost or ignored during the Apache/AJP13/Tomcat conversation. What I need to be able to do is to get Tomcat to recognize that the source port from the load balancer has changed from port 80 to port 8000 so our app will behave correctly and will present our pages as secure. Any help is greatly appreciated. Cheers, Q. Wade Billings - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Tomcat-Apache and SSL
Here is a fun one for ya all... We recently decided to migrate from a Jrun/Apahe platform to an Apache2.0/Tomcat5.0 platform. Everything went great until we placed it into production and found that our SSL sites were broken. Here are the details, and forgive me, as I am not a developer so I may misquote some Java terminology Be patient... WE determine whether or not a page is secured via which port it is sourced from. We have a pair of load balancers, which handle all of the SSL, and pass only HTTP/1.1 back to the actual web servers where the JVM sits. IN order for the app to determine whether or not it is secure, we source all SSL'ized traffic from port 8000. This setup works very well on Jrun, but not so well on Tomcat. It appears that for some reason, the source port of 8000 is either lost or ignored during the Apache/AJP13/Tomcat conversation. What I need to be able to do is to get Tomcat to recognize that the source port from the load balancer has changed from port 80 to port 8000 so our app will behave correctly and will present our pages as secure. Any help is greatly appreciated. Cheers, Q. Wade Billings
RE: Stable tomcat + apache + mod_j2 + ssl
Thanks a lot. Your help has been invaluable. I am not seeing Tomcat 4.1.24 download files on the website. I can see the Tomcat 4.1.27 downloads. Is there any place in particular I should be looking for the old binaries. -Original Message- From: John Turner [mailto:[EMAIL PROTECTED] Sent: Tuesday, August 05, 2003 11:38 AM To: Tomcat Users List Subject: Re: Stable tomcat + apache + mod_j2 + ssl It seems stunnel is available for Windows, assuming you have a functional SSL library installed on both the web server and app server. John John Turner wrote: Mod_ssl is an Apache module that allows SSL encryption between the webserver and the client. It is not involved in any way with the communications between Apache and Tomcat. There is no such thing as an Apache connector that encrypts transmissions to Tomcat, SSL or otherwise. As far as I know, you have two options: 1) hack the Apache module source code and implement SSL yourself or 2) use an external application such as stunnel or some other tool to tunnel the AJP protocol over an encrypted channel. I am not familiar with any such tools on a Windows OS, they may or may not exist...on a UNIX or Linux it wouldn't be very hard to setup. John - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Stable tomcat + apache + mod_j2 + ssl
It seems stunnel is available for Windows, assuming you have a functional SSL library installed on both the web server and app server. John John Turner wrote: Mod_ssl is an Apache module that allows SSL encryption between the webserver and the client. It is not involved in any way with the communications between Apache and Tomcat. There is no such thing as an Apache connector that encrypts transmissions to Tomcat, SSL or otherwise. As far as I know, you have two options: 1) hack the Apache module source code and implement SSL yourself or 2) use an external application such as stunnel or some other tool to tunnel the AJP protocol over an encrypted channel. I am not familiar with any such tools on a Windows OS, they may or may not exist...on a UNIX or Linux it wouldn't be very hard to setup. John - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Stable tomcat + apache + mod_j2 + ssl
You do have a very good point. At one point we need to trust somebody. If we send the data in a readable format then the number of point of attack area increases. I mean the network packets could be read by people who maintain the network. Of course, I agree the network hops would be minimal but still that needs to be accounted in our case. -Original Message- From: John Turner [mailto:[EMAIL PROTECTED] Sent: Tuesday, August 05, 2003 12:06 PM To: Tomcat Users List Subject: Re: Stable tomcat + apache + mod_j2 + ssl The systems administrators will be the ones setting up stunnel and OpenSSL. Thus, they will have access to the configuration files, certificates, keys and other resources used by OpenSSL. Thus, they will most likely have the ability to decrypt whatever communications are sent over the network. Sooner or later, at some point, you have to trust somebody. Otherwise, it gets really lonely out there. John Ramanan Ramadoss wrote: We have our webserver and app server on two separate physical machines but on the same LAN sub-net. But the information has to be in encrypted form so that the information is not in a readable form even to the system/network administrators who are maintaining the machines. -Original Message- From: Rick Roberts [mailto:[EMAIL PROTECTED] Sent: Tuesday, August 05, 2003 11:45 AM To: Tomcat Users List Subject: Re: Stable tomcat + apache + mod_j2 + ssl Are you sure that you need to encrypt traffic between Apache and Tomcat? That is an unusual requirement, because usually both tomcat and Apache are running on the same computer or at least running in the same LAN sub-net. Ramanan Ramadoss wrote: Thanks for your reply. We need to implement end to end encryption. I do not have an option with respect to the OS. I have Windows 2000 as our OS for both the webserver and app server. Due to end to end encryption, we have to secure the communication between the webserver and app server. I have heard about mod_ssl but have not used it. Would that be an option to secure the communication between apache and tomcat. Your opinion is highly appreciated. --Ramanan - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Stable tomcat + apache + mod_j2 + ssl
Use the most current. I've been on vacation lately, and forgot that a new release came out. John Ramanan Ramadoss wrote: Thanks a lot. Your help has been invaluable. I am not seeing Tomcat 4.1.24 download files on the website. I can see the Tomcat 4.1.27 downloads. Is there any place in particular I should be looking for the old binaries. -Original Message- From: John Turner [mailto:[EMAIL PROTECTED] Sent: Tuesday, August 05, 2003 11:38 AM To: Tomcat Users List Subject: Re: Stable tomcat + apache + mod_j2 + ssl It seems stunnel is available for Windows, assuming you have a functional SSL library installed on both the web server and app server. John John Turner wrote: Mod_ssl is an Apache module that allows SSL encryption between the webserver and the client. It is not involved in any way with the communications between Apache and Tomcat. There is no such thing as an Apache connector that encrypts transmissions to Tomcat, SSL or otherwise. As far as I know, you have two options: 1) hack the Apache module source code and implement SSL yourself or 2) use an external application such as stunnel or some other tool to tunnel the AJP protocol over an encrypted channel. I am not familiar with any such tools on a Windows OS, they may or may not exist...on a UNIX or Linux it wouldn't be very hard to setup. John - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Stable tomcat + apache + mod_j2 + ssl
Are you sure that you need to encrypt traffic between Apache and Tomcat? That is an unusual requirement, because usually both tomcat and Apache are running on the same computer or at least running in the same LAN sub-net. Ramanan Ramadoss wrote: Thanks for your reply. We need to implement end to end encryption. I do not have an option with respect to the OS. I have Windows 2000 as our OS for both the webserver and app server. Due to end to end encryption, we have to secure the communication between the webserver and app server. I have heard about mod_ssl but have not used it. Would that be an option to secure the communication between apache and tomcat. Your opinion is highly appreciated. --Ramanan -Original Message- From: John Turner [mailto:[EMAIL PROTECTED] Sent: Tuesday, August 05, 2003 11:17 AM To: Tomcat Users List Subject: Re: Stable tomcat + apache + mod_j2 + ssl Apache 2.0.47 Tomcat 4.1.24 There isn't an SSL version of either the mod_jk or jk2 connector. Since JK and JK2 don't ever communicate with a client, there's really no need. You might be able to setup a tunnel using stunnel or similar, but on Windows that will be problematic. Apache binary: http://httpd.apache.org/download.cgi Tomcat binary: http://jakarta.apache.org/site/binindex.cgi Connectors: http://jakarta.apache.org/builds/jakarta-tomcat-connectors/ Connector FAQ: http://jakarta.apache.org/tomcat/faq/connectors.html John Ramanan Ramadoss wrote: Dear friends, I am a newbie and have to set up a secure enviroment between tomcat and apache. Can someone tell me which is the stable production ssl version of tomcat and apache? Is there a ssl version of mod_jk or mod_j2 connector? If no which connector should we use? Where can I get a built version of the webserver, app server and the connectors that work with each other for a windows 2000 environment. Thanks Ramanan - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- *** * Rick Roberts* * Advanced Information Technologies, Inc. * *** - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Stable tomcat + apache + mod_j2 + ssl
Mod_ssl is an Apache module that allows SSL encryption between the webserver and the client. It is not involved in any way with the communications between Apache and Tomcat. There is no such thing as an Apache connector that encrypts transmissions to Tomcat, SSL or otherwise. As far as I know, you have two options: 1) hack the Apache module source code and implement SSL yourself or 2) use an external application such as stunnel or some other tool to tunnel the AJP protocol over an encrypted channel. I am not familiar with any such tools on a Windows OS, they may or may not exist...on a UNIX or Linux it wouldn't be very hard to setup. John Ramanan Ramadoss wrote: Thanks for your reply. We need to implement end to end encryption. I do not have an option with respect to the OS. I have Windows 2000 as our OS for both the webserver and app server. Due to end to end encryption, we have to secure the communication between the webserver and app server. I have heard about mod_ssl but have not used it. Would that be an option to secure the communication between apache and tomcat. Your opinion is highly appreciated. --Ramanan -Original Message- From: John Turner [mailto:[EMAIL PROTECTED] Sent: Tuesday, August 05, 2003 11:17 AM To: Tomcat Users List Subject: Re: Stable tomcat + apache + mod_j2 + ssl Apache 2.0.47 Tomcat 4.1.24 There isn't an SSL version of either the mod_jk or jk2 connector. Since JK and JK2 don't ever communicate with a client, there's really no need. You might be able to setup a tunnel using stunnel or similar, but on Windows that will be problematic. Apache binary: http://httpd.apache.org/download.cgi Tomcat binary: http://jakarta.apache.org/site/binindex.cgi Connectors: http://jakarta.apache.org/builds/jakarta-tomcat-connectors/ Connector FAQ: http://jakarta.apache.org/tomcat/faq/connectors.html John Ramanan Ramadoss wrote: Dear friends, I am a newbie and have to set up a secure enviroment between tomcat and apache. Can someone tell me which is the stable production ssl version of tomcat and apache? Is there a ssl version of mod_jk or mod_j2 connector? If no which connector should we use? Where can I get a built version of the webserver, app server and the connectors that work with each other for a windows 2000 environment. Thanks Ramanan - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Stable tomcat + apache + mod_j2 + ssl
Apache 2.0.47 Tomcat 4.1.24 There isn't an SSL version of either the mod_jk or jk2 connector. Since JK and JK2 don't ever communicate with a client, there's really no need. You might be able to setup a tunnel using stunnel or similar, but on Windows that will be problematic. Apache binary: http://httpd.apache.org/download.cgi Tomcat binary: http://jakarta.apache.org/site/binindex.cgi Connectors: http://jakarta.apache.org/builds/jakarta-tomcat-connectors/ Connector FAQ: http://jakarta.apache.org/tomcat/faq/connectors.html John Ramanan Ramadoss wrote: Dear friends, I am a newbie and have to set up a secure enviroment between tomcat and apache. Can someone tell me which is the stable production ssl version of tomcat and apache? Is there a ssl version of mod_jk or mod_j2 connector? If no which connector should we use? Where can I get a built version of the webserver, app server and the connectors that work with each other for a windows 2000 environment. Thanks Ramanan - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Stable tomcat + apache + mod_j2 + ssl
We have our webserver and app server on two separate physical machines but on the same LAN sub-net. But the information has to be in encrypted form so that the information is not in a readable form even to the system/network administrators who are maintaining the machines. -Original Message- From: Rick Roberts [mailto:[EMAIL PROTECTED] Sent: Tuesday, August 05, 2003 11:45 AM To: Tomcat Users List Subject: Re: Stable tomcat + apache + mod_j2 + ssl Are you sure that you need to encrypt traffic between Apache and Tomcat? That is an unusual requirement, because usually both tomcat and Apache are running on the same computer or at least running in the same LAN sub-net. Ramanan Ramadoss wrote: Thanks for your reply. We need to implement end to end encryption. I do not have an option with respect to the OS. I have Windows 2000 as our OS for both the webserver and app server. Due to end to end encryption, we have to secure the communication between the webserver and app server. I have heard about mod_ssl but have not used it. Would that be an option to secure the communication between apache and tomcat. Your opinion is highly appreciated. --Ramanan -Original Message- From: John Turner [mailto:[EMAIL PROTECTED] Sent: Tuesday, August 05, 2003 11:17 AM To: Tomcat Users List Subject: Re: Stable tomcat + apache + mod_j2 + ssl Apache 2.0.47 Tomcat 4.1.24 There isn't an SSL version of either the mod_jk or jk2 connector. Since JK and JK2 don't ever communicate with a client, there's really no need. You might be able to setup a tunnel using stunnel or similar, but on Windows that will be problematic. Apache binary: http://httpd.apache.org/download.cgi Tomcat binary: http://jakarta.apache.org/site/binindex.cgi Connectors: http://jakarta.apache.org/builds/jakarta-tomcat-connectors/ Connector FAQ: http://jakarta.apache.org/tomcat/faq/connectors.html John Ramanan Ramadoss wrote: Dear friends, I am a newbie and have to set up a secure enviroment between tomcat and apache. Can someone tell me which is the stable production ssl version of tomcat and apache? Is there a ssl version of mod_jk or mod_j2 connector? If no which connector should we use? Where can I get a built version of the webserver, app server and the connectors that work with each other for a windows 2000 environment. Thanks Ramanan - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- *** * Rick Roberts* * Advanced Information Technologies, Inc. * *** - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Stable tomcat + apache + mod_j2 + ssl
Thanks for your reply. We need to implement end to end encryption. I do not have an option with respect to the OS. I have Windows 2000 as our OS for both the webserver and app server. Due to end to end encryption, we have to secure the communication between the webserver and app server. I have heard about mod_ssl but have not used it. Would that be an option to secure the communication between apache and tomcat. Your opinion is highly appreciated. --Ramanan -Original Message- From: John Turner [mailto:[EMAIL PROTECTED] Sent: Tuesday, August 05, 2003 11:17 AM To: Tomcat Users List Subject: Re: Stable tomcat + apache + mod_j2 + ssl Apache 2.0.47 Tomcat 4.1.24 There isn't an SSL version of either the mod_jk or jk2 connector. Since JK and JK2 don't ever communicate with a client, there's really no need. You might be able to setup a tunnel using stunnel or similar, but on Windows that will be problematic. Apache binary: http://httpd.apache.org/download.cgi Tomcat binary: http://jakarta.apache.org/site/binindex.cgi Connectors: http://jakarta.apache.org/builds/jakarta-tomcat-connectors/ Connector FAQ: http://jakarta.apache.org/tomcat/faq/connectors.html John Ramanan Ramadoss wrote: Dear friends, I am a newbie and have to set up a secure enviroment between tomcat and apache. Can someone tell me which is the stable production ssl version of tomcat and apache? Is there a ssl version of mod_jk or mod_j2 connector? If no which connector should we use? Where can I get a built version of the webserver, app server and the connectors that work with each other for a windows 2000 environment. Thanks Ramanan - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Stable tomcat + apache + mod_j2 + ssl
The systems administrators will be the ones setting up stunnel and OpenSSL. Thus, they will have access to the configuration files, certificates, keys and other resources used by OpenSSL. Thus, they will most likely have the ability to decrypt whatever communications are sent over the network. Sooner or later, at some point, you have to trust somebody. Otherwise, it gets really lonely out there. John Ramanan Ramadoss wrote: We have our webserver and app server on two separate physical machines but on the same LAN sub-net. But the information has to be in encrypted form so that the information is not in a readable form even to the system/network administrators who are maintaining the machines. -Original Message- From: Rick Roberts [mailto:[EMAIL PROTECTED] Sent: Tuesday, August 05, 2003 11:45 AM To: Tomcat Users List Subject: Re: Stable tomcat + apache + mod_j2 + ssl Are you sure that you need to encrypt traffic between Apache and Tomcat? That is an unusual requirement, because usually both tomcat and Apache are running on the same computer or at least running in the same LAN sub-net. Ramanan Ramadoss wrote: Thanks for your reply. We need to implement end to end encryption. I do not have an option with respect to the OS. I have Windows 2000 as our OS for both the webserver and app server. Due to end to end encryption, we have to secure the communication between the webserver and app server. I have heard about mod_ssl but have not used it. Would that be an option to secure the communication between apache and tomcat. Your opinion is highly appreciated. --Ramanan - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Stable tomcat + apache + mod_j2 + ssl
Dear friends, I am a newbie and have to set up a secure enviroment between tomcat and apache. Can someone tell me which is the stable production ssl version of tomcat and apache? Is there a ssl version of mod_jk or mod_j2 connector? If no which connector should we use? Where can I get a built version of the webserver, app server and the connectors that work with each other for a windows 2000 environment. Thanks Ramanan - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat, Apache, and SSL
You should be taking a different approach. Using mod_jk will handle the secure problem better. However, I believe that 4.1.25 will work with your config. Eric Northam [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] What is the appropriate way to setup Apache to handle SSL and act as a proxy to Tomcat? The Apache - Tomcat connection does not have to be over SSL but I would like to use transport-guaranteeCONFIDENTIAL/transport-guarantee as a user data constraint in Tomcat so that certain requests are redirected to an SSL connection. I assumed that I could use two proxies in Apache going to different ports on Tomcat. I tried to set this up with the following two Coyote connectors: Connector className=org.apache.coyote.tomcat4.CoyoteConnector port=8081 redirectPort=8081 proxyName=myproxy.com proxyPort=80/ Connector className=org.apache.coyote.tomcat4.CoyoteConnector port=8082 scheme=https secure=true proxyName=myproxy.com proxyPort=8081/ Where apache is running on on myproxy.com with http on port 80 and https on port 8081. Even if I access myproxy.com:8081 and go to a secure page, Tomcat attempts to redirect. Is it possible to set up Tomcat and Apache to work in this manner or should I be taking a different approach? Eric DISCLAIMER: The information contained in this e-mail is, unless otherwise indicated, confidential and is intended solely for the use of the named addressee. Access, copying or re-use of the e-mail or any information contained therein by any other person is not authorized. If you are not the intended recipient please notify us immediately by returning the e-mail to the originator. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Tomcat, Apache, and SSL
What is the appropriate way to setup Apache to handle SSL and act as a proxy to Tomcat? The Apache - Tomcat connection does not have to be over SSL but I would like to use transport-guaranteeCONFIDENTIAL/transport-guarantee as a user data constraint in Tomcat so that certain requests are redirected to an SSL connection. I assumed that I could use two proxies in Apache going to different ports on Tomcat. I tried to set this up with the following two Coyote connectors: Connector className=org.apache.coyote.tomcat4.CoyoteConnector port=8081 redirectPort=8081 proxyName=myproxy.com proxyPort=80/ Connector className=org.apache.coyote.tomcat4.CoyoteConnector port=8082 scheme=https secure=true proxyName=myproxy.com proxyPort=8081/ Where apache is running on on myproxy.com with http on port 80 and https on port 8081. Even if I access myproxy.com:8081 and go to a secure page, Tomcat attempts to redirect. Is it possible to set up Tomcat and Apache to work in this manner or should I be taking a different approach? Eric DISCLAIMER: The information contained in this e-mail is, unless otherwise indicated, confidential and is intended solely for the use of the named addressee. Access, copying or re-use of the e-mail or any information contained therein by any other person is not authorized. If you are not the intended recipient please notify us immediately by returning the e-mail to the originator.
tomcat/apache manage ssl
Hello, With tomcat 4.0.6 My tomcat is connected with Apache and I would like to have a connection protected with tomcat, but not for all my webApp of tomcat. The Apache server does not have protected connection SSL, and i don't want than Apache manage them. 1. Is this possible to have Apache connected with tomcat but it is tomcat which manage the SSL? if ok, 1.1 can i have 2 virtual hosts in the same Engine of tomcat, one to have a protected connection SSL, the other a normal connection? 1.2 If not, must i have two different Service of tomcat? thank you for the councils - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Tomcat Apache and SSL
How can I tell Apache to tell Tomcat to use SSL. I know I can get Apache to take care of the SSL, but can I also do it this way. -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
RE: Tomcat Apache and SSL
If you're using a connector like mod_jk, communications between Apache and Tomcat are unencrypted. You can get tomcat to use SSL, but it's only useful if tomcat is in stand-alone mode, without apache. There's more on this topic in the archives, there was a thread on it last week. John Turner [EMAIL PROTECTED] -Original Message- From: Tyrone Buckle [mailto:[EMAIL PROTECTED]] Sent: Tuesday, August 27, 2002 1:51 PM To: [EMAIL PROTECTED] Subject: Tomcat Apache and SSL How can I tell Apache to tell Tomcat to use SSL. I know I can get Apache to take care of the SSL, but can I also do it this way. -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: Tomcat Apache and SSL
On Tue, 27 Aug 2002, Tyrone Buckle wrote: How can I tell Apache to tell Tomcat to use SSL. I know I can get Apache to take care of the SSL, but can I also do it this way. I'm not sure what you're asking, because your question, in a way, doesn't make sense. SSL is (typically) layered on top of HTTP to make HTTPS. So SSL is used on HTTP communication -- as done between a browser and a web server (both ways). The communication between Apache and Tomcat is not HTTP, so it doesn't make sense to talk about it using SSL. If Tomcat is running in standalone, it does make sense to talk about using SSL, because then it is doing the HTTP communication. But then it doesn't make sense to talk about Apache, becase it's no longer in the equation. I think you need to say more about what you are trying to do, and why, then people here can better give you suggestions. If you're talking about encrypting communication between Apache and Tomcat, that was discussed recently here (you should check the archives), and it didn't seem like there was a way to do that. Milt Epstein Research Programmer Systems and Technology Services (STS) Campus Information Technologies and Educational Services (CITES) University of Illinois at Urbana-Champaign (UIUC) [EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Tomcat/Apache with SSL
Hello all, Please let me know how to use SSL in Tomcat and Oracle 9iAS (if anybody are using) .What are the prerequisites for this and i am using WinNT box.I want to use the HTTPS protocol for some secured connections and i am not able to see anything related in apache or tomcat.please help THANX IN ADVANCE The greatest thing that you would ever learn is just to Love and to be Loved in return --Anonymous With best regards, M.S.Krishna (RBIN/DBA-JOT) Phone*: +91-80-508-1416 Fax : +91-80 571-1865 E-mail : [EMAIL PROTECTED] Robert Bosch India Limited, 123,Industrial Layout, Koramangala, Bangalore-95.
RE: Tomcat/Apache with SSL
Check out http://jakarta.apache.org/tomcat/tomcat-3.2-doc/tomcat-ssl-howto.html there are similar documents for tomcat 3.3, and tomcat 4.0 I think. -Original Message- From: Suresh Krishna M (RBIN/DBA-JOT) [mailto:[EMAIL PROTECTED]] Sent: 11 July 2001 16:02 To: [EMAIL PROTECTED] Subject: Tomcat/Apache with SSL Hello all, Please let me know how to use SSL in Tomcat and Oracle 9iAS (if anybody are using) .What are the prerequisites for this and i am using WinNT box.I want to use the HTTPS protocol for some secured connections and i am not able to see anything related in apache or tomcat.please help THANX IN ADVANCE The greatest thing that you would ever learn is just to Love and to be Loved in return --Anonymous With best regards, M.S.Krishna (RBIN/DBA-JOT) Phone*: +91-80-508-1416 Fax : +91-80 571-1865 E-mail : [EMAIL PROTECTED] Robert Bosch India Limited, 123,Industrial Layout, Koramangala, Bangalore-95.
Trouble configuring Tomcat/Apache for SSL
I'm using the OpenSA Apache on Windows NT (because I can't get the version of Apache+mod_ssl that I built to work.) I have the following entries in httpd.conf: DocumentRoot "C:/Apache/htdocs/pub" VirtualHost _default_:443 # General setup for the virtual hostDocumentRoot "C:/Apache/htdocs/secure"ServerName eurovanServerAdmin [EMAIL PROTECTED]ErrorLog logs/ssl/error.logTransferLog logs/ssl/access.log I put a dummy index.html into both of the above directories, and I can see the right ones on the corresponding port, so it looks like Apache is working properly. How, I also put a dummy jsp in both of the above directories, and the one in the pub directory shows up for http. However, for https, I'm not getting the one in secure, but instead I'm seeing the one in pub again. Here is my entry in server.xml: Context path="" docBase="c:/Apache/htdocs/pub" crossContext="false" debug="0" reloadable="true" /Context Host name="_default_:443" Context path="" docBase="c:/apache/htdocs/secure" / What am I doing wrong? Guy Rouillier 571-226-1229 [EMAIL PROTECTED] Domino Networks 2950 Gallows Road Falls Church, VA 22042