-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 André,
On 10/22/12 2:34 AM, André Warnier wrote: > vicky007aggar...@yahoo.co.in wrote: >> All/Andre, >> >> >> """You could probably do this using mod_proxy_http instead of >> mod_jk (and a HTTPS Connector in Tomcat). But you should then >> also accept the overhead.""" >> >> Queries : >> >> 1. Based on above comment does that mean i can use mod_proxy >> module in order to have ssl communication between apache & >> tomcat.??? >> > > I think so, but you'd have to check that with the Apache > documentation. Yes, you can: just use an https:// URL instead of http:// in your ProxyPass/ProxyPassReverse directives. >> 2. Load balancing wont work using mod _proxy , correct ?? > > Wrong. Look at the Apache documentation, mod_proxy_balancer +1 >> 3. What overhead you're talking in setting up in setting up >> mod_proxy for ssl communication between apache & tomcat > > Setting it up is not the overhead problem. The overhead is because > : > > browser <- HTTPS -> Apache <- HTTPS -> Tomcat. > > meaning : - the browser encrypts (you don't care) - Apache decrypts > (overhead, but unavoidable) - Apache encrypts (overhead, > avoidable) - Tomcat decrypts (overhead, avoidable) +1 But, if you need to have a secure channel between httpd and Tomcat, then the encryption overhead is *not* avoidable. By using stunnel or a VPN, you can avoid needless TCP setup/teardown and repeated key exchanges, but the encryption obviously always needs to take place (and takes time). - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Mozilla - http://www.enigmail.net/ iEYEARECAAYFAlCFr/wACgkQ9CaO5/Lv0PBOCACfY8fxwoAdlVjqEMuPRnHK2C9n pWkAoLf+8gL5xK0roxI0TPfl9NanhLAF =PA4C -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
