________________________________
From: André Warnier <a...@ice-sa.com>
To: Tomcat Users List <users@tomcat.apache.org>
Sent: Friday, December 16, 2011 10:34:24 PM
Subject: Re: Change Default SSL port on Tomcat
Pid * wrote:
>> Thank you pid,
>>
>> I looked in Catalina.out and found out 443 port is already in use error
>> and I had listen 443 in apache, so removed it and now tomcat
>> comes up and all is good.
>>
>> I am not sure if it is better to serve ssl and https through Tomcat or Apache
>
> So your plan is to serve normal traffic via HTTPD, mod_jk but send the
> SSL traffic straight to Tomcat?
>
> That would be, erm, unusual.
>
Yes, there is something in that whole explanation which didn't sound quite
right.
To the Original Poster, if this wasn't clear yet :
The AJP protocol does not support SSL connections.
In other words, if your connection schema is :
browser <-(1)-> Apache + mod_jk <-(2)-> AJP Connector on port 8009 + Tomcat
(or mod_proxy_ajp)
then (2) cannot be a HTTPS connection.
The normal thing is to have (1) be a HTTPS connection, which ends at the Apache
level.
Then mod_jk (or mod_proxy_ajp) forwards the requests to Tomcat via (2), but
that is an AJP protocol connection, which is not encrypted.
It can forward the original SSL headers, so that Tomcat can have a look at
them, but that's it.
Most likely, when you are establishing an HTTPS connection between the browser
and Tomcat, it goes "around" Apache httpd, directly to Tomcat, like this :
browser <--(1)-------------------------> HTTPS Connector + Tomcat
Apache + mod_jk (totally unaware of what's going on now)
Maybe you are just unaware of this because both Apache httpd and Tomcat are
running on the same host, so have the same hostname and IP address, which just
the port being different.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
Thank you for the tip.
That's a good point.