How LJ described is how I have done it in the past. The AJP connector is really an ISAPI filter in IIS. The last time I setup IIS to front Tomcat/MT was for the WWRUG Remedy server a few years ago. The process is a little foggy but it was easier than I remembered.
AJP uses port 8009 by default but it can be any available port as long as your IIS and TC config match. Make sure AJP is not commented out in server.xml by default. For installations where I want to ensure people are not connecting to TC directly I disable the default http port (8080 or 80 depending on your config) and only leave the AJP port open so they have to use the web server front end (Apache httpd in our case). Setting up SSL is pretty easy in IIS and there are a number of web pages that document the process. From what I can remember you can't encrypt AJP (without some kind of external tunnel) but I have never worried about it since my front end web server and servlet container are always on the same server. Well, I guess there is one exception that I have used in the past. When bringing up a new MT server I will sometimes proxy the front end web server to the new Tomcat server (over AJP) to put some load on the new server. In this case the traffic is using AJP from one server to another. Jason On Wed, Apr 12, 2017 at 2:41 PM, LJ LongWing <lj.longw...@gmail.com> wrote: > ** > James, > If you are front ending Tomcat with IIS, the typical setup for that is the > jakarta plugin. By default, this uses the AJP connection, not one of the > standard 8080 or 8443....so, unless you want to be able to access Tomcat > independent of IIS, you don't even need to define them... > > Beyond that I'm not sure there is much else you need to do, but I'm not a > SSL/IIS/Tomcat expert... > > On Wed, Apr 12, 2017 at 3:02 PM, jham36 <jha...@gmail.com> wrote: > >> ** >> We are setting up a new 9.1 mid tier server running on windows server >> 2012. We will use IIS with tomcat and our load balancer will hold the ssl >> cert. >> We contacted support to get all of our ducks in a row before diving in. >> You all know how that went. >> Just looking for advice on iis and tomcat configuration and port settings >> to support this setup. >> Anything special we need to do? I assume we will have to have iis >> listening on port 443. Should tomcat be listening on 8443? >> >> Thanks, >> James >> _ARSlist: "Where the Answers Are" and have been for 20 years_ > > > _ARSlist: "Where the Answers Are" and have been for 20 years_ > _______________________________________________________________________________ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org "Where the Answers Are, and have been for 20 years"
