On Thu, 7 Nov 2002, Richard Johnstone wrote: > After reading the installing SSL doc for tomcat it says you don't > need it on Tomcat, just have it on apache and you are ok. I have an > apache SSL port (443) and this is working ok. I have my tomcat > application on 8080, also works ok. What I don't understand is the > link between these 2. Do I have to set the apache SSL port to be > 8080? If so, will it not ignore the tomcat conf and use the apche > stuff instead (as it seemed to when I tried it)
You need to understand the difference between running Tomcat standalone and integrated with a web server (such as Apache). In the former case, Tomcat standalone, Tomcat handles everything, including fielding the request and returning the response (including any SSL processing -- e.g. decryption or encryption -- if enabled). 8080 is the default port for Tomcat standalone, but without SSL. Tomcat standalone can do SSL, you just need to enable it in server.xml (you may have to install some additional libraries). The default port for that is 8443. Tomcat standalone is totally independent from any other web server. In the latter case, Tomcat integrated with a web server, the web server handles fielding the request and returning the response, but inbetween it passes the request to Tomcat for processing. This is done via a connector such as JK or JK2. You can enable/disable these connectors in server.xml. If you do it this way, you set up SSL on the web server only, not on Tomcat -- the internal communication between the web server and Tomcat is not encrypted. So you have to decide how you want things set up. If you don't want Tomcat standalone, disable the relevant connector(s) in server.xml. Then you need to set up one of the web server connectors; this is done partly in server.xml, but you also need to get the appropriate connector module binary and configure that for your web server. If you do want Tomcat standalone, but with SSL, enable the relevant connector in server.xml. (Also, would that be SSL only, or both non-SSL and SSL.) Milt Epstein Research Programmer Integration and Software Engineering (ISE) Campus Information Technologies and Educational Services (CITES) University of Illinois at Urbana-Champaign (UIUC) [EMAIL PROTECTED] -- To unsubscribe, e-mail: <mailto:tomcat-user-unsubscribe@;jakarta.apache.org> For additional commands, e-mail: <mailto:tomcat-user-help@;jakarta.apache.org>
