Re: ajp over ssl
Problem with IPSEC / ssh tunnels between two machines is that if someone compromises one machine, then you've made their life 500% easier getting to the next one. Good stuff to connect your home LAN to office LAN, but I wouldn't.. I had trouble with the same thing, and the easy solution I found was to ReverseProxy apache to Tomcat and in the proxy directive to simply say pass it on to https://, and configure Tomcat with it's keystore and hey presto. Deviation from connector scene I know, but it works perfectly. Pete. Michael Jürgens wrote: Ruth, Brice wrote: That's the best idea I can think of, too. With SSH tunnels using public key authentication, you can set it up so that the tunnel is setup from a system script, without user intervention. But what if the tunnel breaks? How can I determine that automaticly? regards, Michael David Smith wrote: I'm not sure this can be done. Admittedly I didn't look all that hard -- maybe someone who did development work on the connectors can anwer. I can suggest what I did which is setup a tunnel (SSH tunnel in my case) between the two machines. Then they (the servers) can talk all they want and it covers all services routed through the tunnel -- not just apache and tomcat. Ipsec would work just as well I suspect. Probably not what you wanted, but it's a suggestion still --David Michael Jürgens wrote: Ruth, Brice wrote: Michael Jürgens wrote: Oh sorry I was a little bit tired in the morning. I want to connect the Apache securesd over an unsecure medium (Internet) An my question ist how to connect AJP 1.3 over SSL (not ssh) with jk or jk2. regards, Michael Michael, I believe you'll want to configure your Apache VirtualHost to serve your SSL requests, then use the mod_jk (or jk2) module to communicate with Tomcat. Is there any reason that your web-application (on Tomcat) needs to be aware of the SSL security? You can find documentation on securing Apache via SSL on the main Apache site (httpd.apache.org). And communicating betw. Apache and Tomcat via JK has abundant documentation as well. Good luck! No I want to connect an apache webserver over internet to a tomcat server. So far I have no problem. My problem is, how to secure the connection between apache and tomcat. regards, Michael - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: ajp over ssl
some other approaches: - cryptcat http://farm9.org/Cryptcat/GetCryptcat.php - openvpn http://openvpn.sourceforge.net/ - tinc http://www.tinc-vpn.org/ - CIPE http://sites.inka.de/sites/bigred/devel/cipe.html -Original Message- From: Michael Jürgens [mailto:[EMAIL PROTECTED] Sent: Tuesday, August 03, 2004 8:29 AM To: Tomcat Users List Subject: ajp over ssl Hi, I want to connect an Apache Webserver over an unsecure channel to tomcat. What is the preferred method? AJP over a permanent ssh tunnel? I think an AJP connection over SSH would be better. but I don´t know how to do that. a IPSec Conection is not possible, because of some firewall problems. regards, Michael - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: ajp over ssl
Ralph Einfeldt wrote: some other approaches: - cryptcat http://farm9.org/Cryptcat/GetCryptcat.php - openvpn http://openvpn.sourceforge.net/ - tinc http://www.tinc-vpn.org/ - CIPE http://sites.inka.de/sites/bigred/devel/cipe.html What about stunnel? Forwarding an insecure port securely from one machine to another. http://www.stunnel.org/examples/generic_tunnel.html Not sure if it will get through the list, so I CC'ed the original poster. Antonio Fiol smime.p7s Description: S/MIME Cryptographic Signature
Re: ajp over ssl
That's the best idea I can think of, too. With SSH tunnels using public key authentication, you can set it up so that the tunnel is setup from a system script, without user intervention. David Smith wrote: I'm not sure this can be done. Admittedly I didn't look all that hard -- maybe someone who did development work on the connectors can anwer. I can suggest what I did which is setup a tunnel (SSH tunnel in my case) between the two machines. Then they (the servers) can talk all they want and it covers all services routed through the tunnel -- not just apache and tomcat. Ipsec would work just as well I suspect. Probably not what you wanted, but it's a suggestion still --David Michael Jürgens wrote: Ruth, Brice wrote: Michael Jürgens wrote: Oh sorry I was a little bit tired in the morning. I want to connect the Apache securesd over an unsecure medium (Internet) An my question ist how to connect AJP 1.3 over SSL (not ssh) with jk or jk2. regards, Michael Michael, I believe you'll want to configure your Apache VirtualHost to serve your SSL requests, then use the mod_jk (or jk2) module to communicate with Tomcat. Is there any reason that your web-application (on Tomcat) needs to be aware of the SSL security? You can find documentation on securing Apache via SSL on the main Apache site (httpd.apache.org). And communicating betw. Apache and Tomcat via JK has abundant documentation as well. Good luck! No I want to connect an apache webserver over internet to a tomcat server. So far I have no problem. My problem is, how to secure the connection between apache and tomcat. regards, Michael - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- Brice Ruth, Sr. IT Analyst Fiskars Brands Inc http://www.fiskarsbrands.com/ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: ajp over ssl
On 03 August 2004, Michael J?rgens said: No I want to connect an apache webserver over internet to a tomcat server. So far I have no problem. My problem is, how to secure the connection between apache and tomcat. One idea: you could use mod_proxy as the Apache/Tomcat connection rather than mod_jk, and then configure Tomcat to do SSL. Then Apache and Tomcat are just talking HTTP over SSL; a bit less efficient than mod_jk, perhaps, but probably easier to configure. No idea if mod_proxy can proxy HTTP connections to HTTPS; you might have to force clients to use HTTPS to make it happen. Just a wild idea. Greg - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: ajp over ssl
Ruth, Brice wrote: That's the best idea I can think of, too. With SSH tunnels using public key authentication, you can set it up so that the tunnel is setup from a system script, without user intervention. But what if the tunnel breaks? How can I determine that automaticly? regards, Michael David Smith wrote: I'm not sure this can be done. Admittedly I didn't look all that hard -- maybe someone who did development work on the connectors can anwer. I can suggest what I did which is setup a tunnel (SSH tunnel in my case) between the two machines. Then they (the servers) can talk all they want and it covers all services routed through the tunnel -- not just apache and tomcat. Ipsec would work just as well I suspect. Probably not what you wanted, but it's a suggestion still --David Michael Jürgens wrote: Ruth, Brice wrote: Michael Jürgens wrote: Oh sorry I was a little bit tired in the morning. I want to connect the Apache securesd over an unsecure medium (Internet) An my question ist how to connect AJP 1.3 over SSL (not ssh) with jk or jk2. regards, Michael Michael, I believe you'll want to configure your Apache VirtualHost to serve your SSL requests, then use the mod_jk (or jk2) module to communicate with Tomcat. Is there any reason that your web-application (on Tomcat) needs to be aware of the SSL security? You can find documentation on securing Apache via SSL on the main Apache site (httpd.apache.org). And communicating betw. Apache and Tomcat via JK has abundant documentation as well. Good luck! No I want to connect an apache webserver over internet to a tomcat server. So far I have no problem. My problem is, how to secure the connection between apache and tomcat. regards, Michael - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: ajp over ssl
On 8/4/2004 1:37 PM, Michael Jürgens wrote: Ruth, Brice wrote: That's the best idea I can think of, too. With SSH tunnels using public key authentication, you can set it up so that the tunnel is setup from a system script, without user intervention. But what if the tunnel breaks? How can I determine that automaticly? You can try out stunnel (http://www.stunnel.org/). It doesn't require an established connection like ssh tunnel does. -- Dennis Dai [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
ajp over ssl
Hi, I want to connect an Apache Webserver over an unsecure channel to tomcat. What is the preferred method? AJP over a permanent ssh tunnel? I think an AJP connection over SSH would be better. but I don´t know how to do that. a IPSec Conection is not possible, because of some firewall problems. regards, Michael - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: ajp over ssl
Oh sorry I was a little bit tired in the morning. I want to connect the Apache securesd over an unsecure medium (Internet) An my question ist how to connect AJP 1.3 over SSL (not ssh) with jk or jk2. regards, Michael Michael Jürgens wrote: Hi, I want to connect an Apache Webserver over an unsecure channel to tomcat. What is the preferred method? AJP over a permanent ssh tunnel? I think an AJP connection over SSH would be better. but I don´t know how to do that. a IPSec Conection is not possible, because of some firewall problems. regards, Michael - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: ajp over ssl
Michael Jürgens wrote: Oh sorry I was a little bit tired in the morning. I want to connect the Apache securesd over an unsecure medium (Internet) An my question ist how to connect AJP 1.3 over SSL (not ssh) with jk or jk2. regards, Michael Michael, I believe you'll want to configure your Apache VirtualHost to serve your SSL requests, then use the mod_jk (or jk2) module to communicate with Tomcat. Is there any reason that your web-application (on Tomcat) needs to be aware of the SSL security? You can find documentation on securing Apache via SSL on the main Apache site (httpd.apache.org). And communicating betw. Apache and Tomcat via JK has abundant documentation as well. Good luck! -- Brice Ruth, Sr. IT Analyst Fiskars Brands Inc http://www.fiskarsbrands.com/ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: ajp over ssl
Ruth, Brice wrote: Michael Jürgens wrote: Oh sorry I was a little bit tired in the morning. I want to connect the Apache securesd over an unsecure medium (Internet) An my question ist how to connect AJP 1.3 over SSL (not ssh) with jk or jk2. regards, Michael Michael, I believe you'll want to configure your Apache VirtualHost to serve your SSL requests, then use the mod_jk (or jk2) module to communicate with Tomcat. Is there any reason that your web-application (on Tomcat) needs to be aware of the SSL security? You can find documentation on securing Apache via SSL on the main Apache site (httpd.apache.org). And communicating betw. Apache and Tomcat via JK has abundant documentation as well. Good luck! No I want to connect an apache webserver over internet to a tomcat server. So far I have no problem. My problem is, how to secure the connection between apache and tomcat. regards, Michael - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: ajp over ssl
I'm not sure this can be done. Admittedly I didn't look all that hard -- maybe someone who did development work on the connectors can anwer. I can suggest what I did which is setup a tunnel (SSH tunnel in my case) between the two machines. Then they (the servers) can talk all they want and it covers all services routed through the tunnel -- not just apache and tomcat. Ipsec would work just as well I suspect. Probably not what you wanted, but it's a suggestion still --David Michael Jürgens wrote: Ruth, Brice wrote: Michael Jürgens wrote: Oh sorry I was a little bit tired in the morning. I want to connect the Apache securesd over an unsecure medium (Internet) An my question ist how to connect AJP 1.3 over SSL (not ssh) with jk or jk2. regards, Michael Michael, I believe you'll want to configure your Apache VirtualHost to serve your SSL requests, then use the mod_jk (or jk2) module to communicate with Tomcat. Is there any reason that your web-application (on Tomcat) needs to be aware of the SSL security? You can find documentation on securing Apache via SSL on the main Apache site (httpd.apache.org). And communicating betw. Apache and Tomcat via JK has abundant documentation as well. Good luck! No I want to connect an apache webserver over internet to a tomcat server. So far I have no problem. My problem is, how to secure the connection between apache and tomcat. regards, Michael - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]