Sorry, I have not had the chance to document it yet. If there is enough interest, I will do it though.
The general idea though is that Apache serves as a reverse proxy in front of the Funambol server. They both run on the same host and we restrict access to the Funambol server's port 8080 using a local firewall. Then using mod_proxy and mod_proxy_ajp, we use Apache to maintain a continuous connection to Funambol's AJP port 8009. An Apache config like the following will do the rest. # Enabling Funambol server use with SSL. Instead of starting up SSL # on Funambol's Tomcat server, we use Apache to proxy the TLS connection. # Note that the Funambol HTTP server is on port 8080, but the AJP server # is on port 8009 <Location /funambol> Order allow,deny Allow from all ProxyPass ajp://127.0.0.1:8009/funambol </Location> Point your Funambol client to https://hostname/funambol/ds and everything should work as usual. You could achieve the above also by activating Funambol's TLS server directly. But I did not want to open another port 8443 on my host either or have clients connect directly to the Funambol java DS server. Also it is a little more complicated, since you need to add your CA certs to the Tomcat SSL Java keystore. Finally, to make sure that you can actually connect via TLS with your Funambol client, you actually do need to make sure that your SSL CA is a valid one on your Android device. Since I use self-signed certs, I actually had to root my phone ( a relatively trivial process) and add my CA to the Android cert store. Hope this helps. If you need any more details, feel free to ping me. --Firedup -- [email protected] https://inverse.ca/sogo/lists
