Hello, We tried to detail precisely on a blog post named "Tomcat, SSL, communications sécurisées et X-Forwarded-Proto" (1) different solutions to handle SSL with Tomcat including decrypting https on the Apache layer. It is written in french but there are many schemas and it is google translate friendly.
My preferred solution is to use the RemoteIpValve in Tomcat in addition with the X-Forwarded-For http header set in Apache httpd. Another solution is to create two connectors in Tomcat, a non secured one and a secured one. Please note that RemoteIpValve has been introduced in version 6.0.24 of Tomcat and is available for previous versions in a separate jar (2). Hope this helps, Cyrille -- Cyrille Le Clerc clecl...@xebia.fr (1) http://blog.xebia.fr/2009/11/13/tomcat-ssl-communications-securisees-et-x-forwarded-proto/ (2) http://code.google.com/p/xebia-france/wiki/RemoteIpValve On Thu, Feb 25, 2010 at 4:56 PM, sikorsky <rsm...@sikorsky.com> wrote: > > I'm new to Apache 2.2 and TomCat 6.0. I thought I could use SSL on my Apache > web server and not need to have SSL on my TomCat applications. Especially > since they are both on the same server. I installed an Entrust Cert on my > Apache webserver and it works fine with https. When I redirect to the > TomCat servlet I get a 404. If I switch to http everything works fine. > Shouldn't I be able to use https/443on my web server and http/8080 on the > app server without issue? How? > -- > View this message in context: > http://old.nabble.com/Apache-2.2-and-TomCat-6.0-using-SSL-tp27714427p27714427.html > Sent from the Tomcat - User mailing list archive at Nabble.com. > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
