apache-mod_ssl -> mod_jk -> tomcat
1 posts in topic
Flat View  Flat View

Posted By:   Anonymous
Posted On:   Tuesday, June 18, 2002 03:33 PM

I have apache-mod_ssl answering for secure https.

Then mod_jk passes the request to tomcat-4 through ajp13.

Is that connection between the apache server and tomcat server insecure? I do have them behind a firewall but is that local network traffic insecure?

If so can ajp13 talk with ssl?

Should I use mod_webapp instead?

thanks... john

Re: apache-mod_ssl -> mod_jk -> tomcat

Posted By:   baris_aksu  
Posted On:   Friday, June 21, 2002 07:39 AM

Hi john,

Here is an excerpt from the Tomcat documentation:

It is important to note that configuring Tomcat to take
advantage of secure sockets is usually only necessary when
running it as a stand-alone web server. When running
Tomcat primarily as a Servlet/JSP container behind
another web server, such as Apache or Microsoft IIS, it
is usually necessary to configure the primary web
server to handle the SSL connections from users.
Typically, this server will negotiate all SSL-related
functionality, then pass on any requests destined for
the Tomcat container only after decrypting those
requests. Likewise, Tomcat will return cleartext
responses, that will be encrypted before being returned
to the user's browser. In this environment, Tomcat
knows that communications between the primary web
server and the client are taking place over a secure
connection (because your application needs to be able
to ask about this), but it does not participate in the
encryption or decryption itself.

Although communication between Apache and Tomcat is not
encrypted, since they are normally behind a firewall,
that shouldn't create a problem...



About | Sitemap | Contact