On 25.06.2009 14:06, Vinicius Carvalho wrote: > Thanks Rainer, I've already set up clusters using apache + mod_jk > (mod_proxy) with and without ssl. The problem now is just the Alteon > LB, which is not my area, so I was looking for some advices on setting > up with a layer 7 swtich.
Did you actually look at the documentation pages I pointed you to? Those are not only about mod_jk, but also about faking https etc. Regards, Rainer > On Thu, Jun 25, 2009 at 8:19 AM, Rainer Jung<rainer.j...@kippdata.de> wrote: >> Hi, >> >> On 25.06.2009 02:36, Vinicius Carvalho wrote: >>> Hello there! We are adding a new server to our park, and now we are >>> going to use LB for both machines. We are using an Alteon 180e layer 7 >>> switch to perform LB. So far everything was fine. But we decided to >>> let the router do all the SSL part this way we would have something >>> like this: >>> >>> >>> [internet] --SSL:443---> [router] ---http:80---> [tomcat] >>> >>> The first problem we faced was within some applications that were >>> using the <transport-guarantee>confidential </transport-guarantee> >>> directive, and so tomcat was redirecting them to the 8443 connector >>> which was disabled. >>> >>> We removed this directive, and configure a rule on the router that >>> would accomplish the same thing, whenever an user tried to access a >>> page using http it would be redirected to https. Now we are facing a >>> problem with the redirect of some struts apps. Instead of redirecting >>> to the https they redirect to the http (I can understand why, since >>> the app is really being accessed by http port not https), I know this >>> might be a struts/app design problem. >>> >>> I just would like to hear from you guys, if we are moving toward the >>> right way by leaving all the SSL part on the router. I could not find >>> one single doc about layer 7 LBs and tomcat around the web. Does any >>> one have a good tutorial/starting point? >>> >>> Best Regards >> you might find some information on >> >> http://tomcat.apache.org/connectors-doc/generic_howto/proxy.html >> >> Although most of it is with respect to connecting Apache and Tomcat via >> the AJP protocol, the page also contains some info about seetings >> available for connectors in server.xml which fake some communication >> info, like host name, protocol etc. >> >> Those (short) details are at >> >> http://tomcat.apache.org/connectors-doc/generic_howto/proxy.html#Tomcat%20AJP%20Connector%20Settings >> >> More info about the connector settings is available at >> >> http://tomcat.apache.org/tomcat-6.0-doc/config/http.html >> >> Regards, >> >> Rainer --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
