On 03/01/2013 21:52, Igor Cicimov wrote: > On 04/01/2013 2:25 AM, "Arunkumar Janarthanan" <arunkumar.webad...@gmail.com> > wrote: >> >> Thanks Mark, I am working on parallely setting up another environment with >> Tomcat 6.x, however to clear an urgent audit I need to show the Apache >> connector uses secure protocol to exchange the data between Apache and >> tomcat. Both these servers are in DMZ and on different servers. >> >> Hello Chris, >> >> Thanks for your valuable advice, here is how my configuration looks like. >> >> *Apache conf:* >> >> ProxyPassMatch ^/(.*\.jsp|.*\.do)(;jsessionid=.*)?$ >> balancer://lb1/$1 >> >> *Balancer Conf:* >> >> <Proxy balancer://lb1> >> BalancerMember https://tomcat02.us.rdigest.com:8443 >> BalancerMember https://tomcat02.us.rdigest.com:8543 >> ProxySet stickysession=JSESSIONID >> ProxySet nofailover=Off >> </Proxy> >> > > Since you have sticky sessions dont you need to set up the jvmRoute in the > tomcat connectors?
The jvmRoute attribute is set on the Engine element, not the Connectors. p >> *Tomcat conf:* >> >> Tomcat1: >> >> <Connector port="8443" maxHttpHeaderSize="8192" >> maxThreads="150" minSpareThreads="25" maxSpareThreads="75" >> enableLookups="false" disableUploadTimeout="true" >> acceptCount="100" scheme="https" secure="true" >> clientAuth="false" sslProtocol="TLS" >> /> >> >> Tomcat2: >> >> <Connector port="8543" maxHttpHeaderSize="8192" >> maxThreads="150" minSpareThreads="25" maxSpareThreads="75" >> enableLookups="false" disableUploadTimeout="true" >> acceptCount="100" scheme="https" secure="true" >> clientAuth="false" sslProtocol="TLS" >> /> >> >> >> Thanks again for your assistance extended. >> >> Regards, >> Arun Janarthanan >> >> On Wed, Jan 2, 2013 at 10:38 PM, Christopher Schultz < >> ch...@christopherschultz.net> wrote: >> > Arun, > > On 1/2/13 4:45 PM, Arunkumar Janarthanan wrote: >>>>> I have Apache 2.2.22 and Tomcat 5.5 running on SSL 8443, I have >>>>> tried my balancer members to use HTTPS port > > So you are trying to use HTTPS over AJP? Did you mean APR? > > Please post your <Connectors> from server.xml and your relevant httpd > configuration (e.g. ProxyPass). It would also be helpful if you were > to describe any <transport-guarantee> that you may have in your web > application(s). > >>>>> and finds the JSP pages doing ok for some reason the struts / >>>>> action servlets would not accept secure protocol instead it >>>>> redirects infinitely with the Tomcat server hostname and non-ssl >>>>> port. > > Try a protocol trace using something like Mozilla Firefox's "web > console" or similar tools for other web browsers. This will show you > the request as sent by the browser and the response as seen by the > browser: it should show the pattern you describe above with more detail. > >>>>> Anybody had similar experience try configuring secure connectors on >>>>> such environment ? > > FWIW, I use stunnel to secure the back-channel between httpd and > Tomcat (using an AJP connector). While I haven't actually > performance-tested the two configurations against each other, my > rationale for this configuration was to reduce the number of SSL > handshakes that occur between httpd and Tomcat. Also, I've always used > AJP to tunneling AJP made more sense for us than switching-over to > HTTPS reverse-proxying. > > -chris >>> >>> --------------------------------------------------------------------- >>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >>> For additional commands, e-mail: users-h...@tomcat.apache.org >>> >>> > -- [key:62590808]
signature.asc
Description: OpenPGP digital signature
