-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Matt,
On 1/22/2010 9:25 AM, Matt Turner wrote: > In my case sometimes I do need to pass through the SSL to Tomcat, as > I'm running CAS which requires geniune SSL requests. mod_jk ought to be able to forward all SSL information to Tomcat. Specifically, what does CAS require? > (I do also have some SSL requests that tomcat doesn't need to see - > which I will send via 8009 as has been suggested). > > The SSL pass-through requirement explains why I was attempting to > pass through to :8443 directly - but it sounds like that's the wrong > approach. Unless something specific is actually not working, you ought to be able to use a vanilla AJP connection for both secure and non-secure HTTP (even via the same worker/<Connector>). > Should I just use something like.. > > ProxyPass /cas https://10.13.0.218:8443/cas ? Now, you're switching from mod_jk to mod_proxy_http(s). Can CAS really not function properly with an AJP connection? If you proxy HTTPS you are likely to get in all kinds of trouble because the client is no longer your user... it's your web server. And the server is no longer the web server... it's Tomcat. - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAktaAjEACgkQ9CaO5/Lv0PAV6ACfYlbK3Kws26nq7xPYICSlucmC JqMAoLyACwFx0JxEBozCMWt81KvGmq+B =Br3o -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
