-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Julio,
Julio César Chaves Fernández wrote: > I'm sorry but i read the previous question and now that i notice i > doesn't make any sense given that apache is connecting tomcat by AJP > connector ... the question would be if there is a way to redirect a > request over http for an application that has a confidential > transport guarantee defined in the application not through the port > defined in the AJP connector but by port 443? If you want all traffic to be handled by Apache httpd and mod_jk in this way: Client --- HTTP (80) ---> Apache httpd --- AJP (8100) ---> Tomcat Client --- HTTPS (443) ---> Apache httpd --- AJP (8100) ---> Tomcat Then you need only a single connector: <Connector port="8100" protocol="AJP/1.3" /> (Plus any other settings you want to add). Apache httpd will handle all of the HTTPS stuff for you. Remove all other connectors from Tomcat. If you want to be able to support alternate ports that go directly to Tomcat, like this: Client --- HTTP (80) ---> Tomcat Client --- HTTPS (443) ---> Tomcat Then you will need two connectors: <Connector port="80" /> <Connector port="443" scheme="https" sslProtocol="TLS"/> (Plus any other settings you want to add). If you want to support both configurations at the same time, you will need 3 connectors, but each with unique port numbers. Something like this: Client --- HTTP (80) ---> Apache httpd --- AJP (8100) ---> Tomcat Client --- HTTPS (443) ---> Apache httpd --- AJP (8100) ---> Tomcat Client --- HTTP (8080) ---> Tomcat Client --- HTTPS (8443) ---> Tomcat <Connector port="8100" protocol="AJP/1.3" /> <!-- for AJP --> <Connector port="8080" redirectPort="8443" /> <!-- for HTTP --> <Connector port="8443" scheme="https" sslProtocol="TLS"/> If you want to use port 443 as the redirect port for your 8080 connector, then go ahead and do it. However, to me it only makes sense to support /either/ direct-to-Tomcat /or/ via-Apache-httpd configurations. - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkiq/4sACgkQ9CaO5/Lv0PC7dwCgky/b57zH2RYKBc14jPo1mNXQ /g8AnAhjkevlaEyaoG0B7Pz3txgn8FFp =BhcA -----END PGP SIGNATURE----- --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
