-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 André,
On 9/30/13 9:40 AM, André Warnier wrote: >> On Mon, Sep 30, 2013 at 10:11 AM, André Warnier <a...@ice-sa.com> >> wrote: >> >>> Daniel Mikusa wrote: >>> >>>> On Sep 30, 2013, at 8:20 AM, Leonardo Torres >>>> <leonardotorr...@gmail.com> wrote: >>>> >>>> Hi guys, >>>>> I have the following structure : >>>>> >>>>> Apache HTTP (Proxy) --> Tomcat . >>>>> >>>>> So, I have configured SSL on Apache HTTP, how do I >>>>> configure SSL in my application in Tomcat? >>>>> >>>> Need some more info here... >>>> >>>> 1.) What version of HTTPD & Tomcat are you using? > >> Tomcat version is 7.0.42 > >>>> 2.) Do you need SSL between HTTPD & Tomcat? or do you just >>>> want Tomcat to know that SSL has been terminated by HTTPD? >>>> 3.) How is HTTPD communicating with Tomcat? via AJP or >>>> HTTP? > >> Currently, the communication between httpd and tomcat is via >> HTTP. > > Ok, but you have not answered the question entirely yet. What is > the Apache httpd "proxy module" that is used to communicate between > Apache httpd and Tomcat ? Can you copy here the Apache httpd > configuration lines that have "proxy" in them ? > >>>> >>>> Dan >>>> >>>> and the reasons for the above judicious questions are : >>> browser <-- SSL --> httpd + mod_proxy_http <-- SSL or not --> >>> Tomcat HTTP/HTTPS Connector or httpd + mod_proxy_AJP <-- not >>> SSL --> Tomcat AJP Connector or httpd + mod_jk <-- >>> not SSL --> Tomcat AJP Connector >>> >>> 2) SSL is "expensive". Apache has to decrypt the browser >>> communication anyway. The if you use SSL between Apache and >>> Tomcat, Apache has to re-encrypt the data, and Tomcat to >>> re-decrypt it. That takes resources, so if you don't need it, >>> don't do it. Even if you use HTTP/AJP, httpd can pass on to >>> Tomcat the received SSL headers, so Tomcat can inspect them. 3) >>> AJP does not support SSL >>> >>> > >> >> >> I have a resource within the tomcat that needs to be accessed via >> SSL, > but >> the SSL is configured on HTTPD. How can I configure that ? >> >> Excuse me, but I'm newbie in server configuration. >> > > Understood, and that is not a sin. > > The question is now : why does that application require HTTPS ? An > application usually doesn't care how it is accessed, except if > some configuration of the application requires it to get some > information from the SSL protocol (like a user certificate or so). > What does this application need ? +1 If you just need encryption, that can be done in one of several ways. If you need access to the client's SSL certificate, then that requires some finer configuration (in some cases). - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJSSYWyAAoJEBzwKT+lPKRYQ+4P/j1baz2LAeNGNszncbotdyS9 pcuiHUBQqobxsE7H9/jLof4NLUD/4gBs+LScIFl331/XoEBKDf9/nR19siaD8U3M vZ2xmkJhXydKl8GiYu9nBHNchYj5+PwkApHsInDyjgiXof1BqgJXjAgPcJtY+F94 v4/CjCg5Eo/pmCwUH1bBlFaKWzBpZlBDa5D/tdpwDrZRZtyYUYbB/zF257y1cs/K JKNgcDeBZKVsdHhXHK/1ZZIofUng+A7XPiVeeNrsR72ftHdMCDubhuQAQtwPsKK0 sKDI2fSu5Ych6P+yxdV6DFuW20XzWA4W3Sh+Z6DRnOrU8eDG1vX7IbsbYpy1YVd1 BpIRcSRK4nmQsp+DtoJvJhLWfwPRy83Ty9iAVvLqKB21aDOUUvYrynV/0IihNXPY dX0T9ujXkRsKa2a+eQDYRBxFyG5+j5vk5GAZuLaJ91j0p/kzOszLPieLkFoU5QGR RKB7hFVvHzgYQ82w42tqiD3nXEoC10slCRuNMxFvZPKWdG49wLIPI+P7Z/sAjeMM Lzbpi+FmkHT0up5TejspfI5/Rro4heILIMOzWszHR3PcMhImsPYnubwhX9NaFrVb B7jd9S2Z6eRDEM1L8o5cIBhOJJ+6g7Jj/tgjTlSX16ntvEknXJnVwQAaqFJ3nhy6 ORJem3DIFI9dnL1ptfXY =twkm -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
