Re: the best method to secure Apache/tomcat communication
I will propose this solution to the person in charge of servers security management. But, I don't really think so that it will be accepted. thanks. Filip Hanik - Dev Lists wrote: take a look at autoSSH http://www.harding.motd.ca/autossh/ Filip Christopher Schultz wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Lmk, lmk wrote: I have a question concerning the use of Apache server in front of tomcat, at the present time, we use tomcat 4, AJP, apache 2.2 and mod_jk to manage load balancing. it work roughly fine; but new security rules require [encrypting] the traffic between 2 web servers. we cant use solution like IPSEC or VPN tunnel. so, i think to replace mod_jk with mod_proxy ,but, how to replace mod_jk load balancer? What about using an ssh tunnel? The only problem with that is you will need to monitor the ssh connection for disconnects and reconnect if necessary. Are all your servers in the same data center? Often, server farms will have a primary network interface used for communicating with the Internet, and then a secondary network interface to a private network that includes nothing but your own servers. Often, you can use a faster network than is available to the outside (perhaps gigabit ethernet if the rest of the center runs on 100baseT, or even better if your data center will provide it). Then, your servers can communicate on their own private network. As long as you trust that network, you can avoid encryption and enjoy better performance. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFFpPYU9CaO5/Lv0PARAuHTAKCOG98BuTnZNm8EUaxrX9lme51yowCfSxrj I7If0C50/V2oGz93LL79fa8= =gLAI -END PGP SIGNATURE- - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- View this message in context: http://www.nabble.com/the-best-method-to-secure-Apache-tomcat-communication-tf2951906.html#a8273905 Sent from the Tomcat - User mailing list archive at Nabble.com. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
the best method to secure Apache/tomcat communication
Hello, I have a question concerning the use of Apache server in front of tomcat, at the present time, we use tomcat 4, AJP, apache 2.2 and mod_jk to manage load balancing. it work roughly fine; but new security rules require crypting the trafic between 2 web servers. we cant use solution like IPSEC or VPN tunnel. so, i think to replace mod_jk with mod_proxy ,but, how to replace mod_jk load balancer? best regards! -- View this message in context: http://www.nabble.com/the-best-method-to-secure-Apache-tomcat-communication-tf2951906.html#a8255815 Sent from the Tomcat - User mailing list archive at Nabble.com. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: the best method to secure Apache/tomcat communication
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Lmk, lmk wrote: I have a question concerning the use of Apache server in front of tomcat, at the present time, we use tomcat 4, AJP, apache 2.2 and mod_jk to manage load balancing. it work roughly fine; but new security rules require [encrypting] the traffic between 2 web servers. we cant use solution like IPSEC or VPN tunnel. so, i think to replace mod_jk with mod_proxy ,but, how to replace mod_jk load balancer? What about using an ssh tunnel? The only problem with that is you will need to monitor the ssh connection for disconnects and reconnect if necessary. Are all your servers in the same data center? Often, server farms will have a primary network interface used for communicating with the Internet, and then a secondary network interface to a private network that includes nothing but your own servers. Often, you can use a faster network than is available to the outside (perhaps gigabit ethernet if the rest of the center runs on 100baseT, or even better if your data center will provide it). Then, your servers can communicate on their own private network. As long as you trust that network, you can avoid encryption and enjoy better performance. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFFpPYU9CaO5/Lv0PARAuHTAKCOG98BuTnZNm8EUaxrX9lme51yowCfSxrj I7If0C50/V2oGz93LL79fa8= =gLAI -END PGP SIGNATURE- - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: the best method to secure Apache/tomcat communication
take a look at autoSSH http://www.harding.motd.ca/autossh/ Filip Christopher Schultz wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Lmk, lmk wrote: I have a question concerning the use of Apache server in front of tomcat, at the present time, we use tomcat 4, AJP, apache 2.2 and mod_jk to manage load balancing. it work roughly fine; but new security rules require [encrypting] the traffic between 2 web servers. we cant use solution like IPSEC or VPN tunnel. so, i think to replace mod_jk with mod_proxy ,but, how to replace mod_jk load balancer? What about using an ssh tunnel? The only problem with that is you will need to monitor the ssh connection for disconnects and reconnect if necessary. Are all your servers in the same data center? Often, server farms will have a primary network interface used for communicating with the Internet, and then a secondary network interface to a private network that includes nothing but your own servers. Often, you can use a faster network than is available to the outside (perhaps gigabit ethernet if the rest of the center runs on 100baseT, or even better if your data center will provide it). Then, your servers can communicate on their own private network. As long as you trust that network, you can avoid encryption and enjoy better performance. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFFpPYU9CaO5/Lv0PARAuHTAKCOG98BuTnZNm8EUaxrX9lme51yowCfSxrj I7If0C50/V2oGz93LL79fa8= =gLAI -END PGP SIGNATURE- - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]