James,
It's a pretty straight forward setup. This sight has pretty good instructions on setting this up. The instructions are older, but it applies to newer versions as well. https://ashrafhossain.wordpress.com/2010/09/20/how-to-configure-iis-7-and-tomcat-redirection-on-windows-server-2008-64-bit/ How to Configure IIS 7 and Tomcat Redirection on Windows ...<https://ashrafhossain.wordpress.com/2010/09/20/how-to-configure-iis-7-and-tomcat-redirection-on-windows-server-2008-64-bit/> ashrafhossain.wordpress.com Link Tomcat 6.0.18 with IIS 7.5, How to Configure IIS 7 and Tomcat Redirection on Windows Server 2008 x64 I always use IIS and Tomcat. It gives some flexibility and usually the learning curve is easier then going the apache route. You can also easily setup IIS to force SSL. Certs are easy to apply in IIS. I'm not sure if the load balancers and IIS need the certs or if you can just load them on the load balancer side. I would think IIS would still need to the certs loaded. Good Luck, Brian ________________________________ From: Action Request System discussion list(ARSList) <arslist@ARSLIST.ORG> on behalf of Jason Miller <jason.mil...@gmail.com> Sent: Wednesday, April 12, 2017 6:08 PM To: arslist@ARSLIST.ORG Subject: Re: SSL on Mid Tier with Load Balancer ** How LJ described is how I have done it in the past. The AJP connector is really an ISAPI filter in IIS. The last time I setup IIS to front Tomcat/MT was for the WWRUG Remedy server a few years ago. The process is a little foggy but it was easier than I remembered. AJP uses port 8009 by default but it can be any available port as long as your IIS and TC config match. Make sure AJP is not commented out in server.xml by default. For installations where I want to ensure people are not connecting to TC directly I disable the default http port (8080 or 80 depending on your config) and only leave the AJP port open so they have to use the web server front end (Apache httpd in our case). Setting up SSL is pretty easy in IIS and there are a number of web pages that document the process. From what I can remember you can't encrypt AJP (without some kind of external tunnel) but I have never worried about it since my front end web server and servlet container are always on the same server. Well, I guess there is one exception that I have used in the past. When bringing up a new MT server I will sometimes proxy the front end web server to the new Tomcat server (over AJP) to put some load on the new server. In this case the traffic is using AJP from one server to another. Jason On Wed, Apr 12, 2017 at 2:41 PM, LJ LongWing <lj.longw...@gmail.com<mailto:lj.longw...@gmail.com>> wrote: ** James, If you are front ending Tomcat with IIS, the typical setup for that is the jakarta plugin. By default, this uses the AJP connection, not one of the standard 8080 or 8443....so, unless you want to be able to access Tomcat independent of IIS, you don't even need to define them... Beyond that I'm not sure there is much else you need to do, but I'm not a SSL/IIS/Tomcat expert... On Wed, Apr 12, 2017 at 3:02 PM, jham36 <jha...@gmail.com<mailto:jha...@gmail.com>> wrote: ** We are setting up a new 9.1 mid tier server running on windows server 2012. We will use IIS with tomcat and our load balancer will hold the ssl cert. We contacted support to get all of our ducks in a row before diving in. You all know how that went. Just looking for advice on iis and tomcat configuration and port settings to support this setup. Anything special we need to do? I assume we will have to have iis listening on port 443. Should tomcat be listening on 8443? Thanks, James _ARSlist: "Where the Answers Are" and have been for 20 years_ _ARSlist: "Where the Answers Are" and have been for 20 years_ _ARSlist: "Where the Answers Are" and have been for 20 years_ DISCLAIMER: The information contained in this e-mail and its attachments contain confidential information belonging to the sender, which is legally privileged. The information is intended only for the use of the recipient(s) named above. If you are not the intended recipient, you are notified that any disclosure, copying, distribution or action in reliance upon the contents of the information transmitted is strictly prohibited. If you have received this information in error, please delete it immediately. _______________________________________________________________________________ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org "Where the Answers Are, and have been for 20 years"
