On 04/01/2013 2:25 AM, "Arunkumar Janarthanan" <arunkumar.webad...@gmail.com> wrote: > > Thanks Mark, I am working on parallely setting up another environment with > Tomcat 6.x, however to clear an urgent audit I need to show the Apache > connector uses secure protocol to exchange the data between Apache and > tomcat. Both these servers are in DMZ and on different servers. > > Hello Chris, > > Thanks for your valuable advice, here is how my configuration looks like. > > *Apache conf:* > > ProxyPassMatch ^/(.*\.jsp|.*\.do)(;jsessionid=.*)?$ > balancer://lb1/$1 > > *Balancer Conf:* > > <Proxy balancer://lb1> > BalancerMember https://tomcat02.us.rdigest.com:8443 > BalancerMember https://tomcat02.us.rdigest.com:8543 > ProxySet stickysession=JSESSIONID > ProxySet nofailover=Off > </Proxy> >
Since you have sticky sessions dont you need to set up the jvmRoute in the tomcat connectors? > *Tomcat conf:* > > Tomcat1: > > <Connector port="8443" maxHttpHeaderSize="8192" > maxThreads="150" minSpareThreads="25" maxSpareThreads="75" > enableLookups="false" disableUploadTimeout="true" > acceptCount="100" scheme="https" secure="true" > clientAuth="false" sslProtocol="TLS" > /> > > Tomcat2: > > <Connector port="8543" maxHttpHeaderSize="8192" > maxThreads="150" minSpareThreads="25" maxSpareThreads="75" > enableLookups="false" disableUploadTimeout="true" > acceptCount="100" scheme="https" secure="true" > clientAuth="false" sslProtocol="TLS" > /> > > > Thanks again for your assistance extended. > > Regards, > Arun Janarthanan > > On Wed, Jan 2, 2013 at 10:38 PM, Christopher Schultz < > ch...@christopherschultz.net> wrote: > > > -----BEGIN PGP SIGNED MESSAGE----- > > Hash: SHA256 > > > > Arun, > > > > On 1/2/13 4:45 PM, Arunkumar Janarthanan wrote: > > > I have Apache 2.2.22 and Tomcat 5.5 running on SSL 8443, I have > > > tried my balancer members to use HTTPS port > > > > So you are trying to use HTTPS over AJP? Did you mean APR? > > > > Please post your <Connectors> from server.xml and your relevant httpd > > configuration (e.g. ProxyPass). It would also be helpful if you were > > to describe any <transport-guarantee> that you may have in your web > > application(s). > > > > > and finds the JSP pages doing ok for some reason the struts / > > > action servlets would not accept secure protocol instead it > > > redirects infinitely with the Tomcat server hostname and non-ssl > > > port. > > > > Try a protocol trace using something like Mozilla Firefox's "web > > console" or similar tools for other web browsers. This will show you > > the request as sent by the browser and the response as seen by the > > browser: it should show the pattern you describe above with more detail. > > > > > Anybody had similar experience try configuring secure connectors on > > > such environment ? > > > > FWIW, I use stunnel to secure the back-channel between httpd and > > Tomcat (using an AJP connector). While I haven't actually > > performance-tested the two configurations against each other, my > > rationale for this configuration was to reduce the number of SSL > > handshakes that occur between httpd and Tomcat. Also, I've always used > > AJP to tunneling AJP made more sense for us than switching-over to > > HTTPS reverse-proxying. > > > > - -chris > > -----BEGIN PGP SIGNATURE----- > > Version: GnuPG/MacGPG2 v2.0.17 (Darwin) > > Comment: GPGTools - http://gpgtools.org > > Comment: Using GnuPG with undefined - http://www.enigmail.net/ > > > > iEYEAREIAAYFAlDk/TMACgkQ9CaO5/Lv0PAidwCgguSezH47shnxzVXOBF564rFm > > piIAnAy/8p0uTsF5Uxh2ViGVT7PFwgPY > > =sm58 > > -----END PGP SIGNATURE----- > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > > For additional commands, e-mail: users-h...@tomcat.apache.org > > > >
