chenk...@126.com wrote:
>
>
>
>
>
> hi:? ??? ? I'm using apache + tomcat to build my website。The tomcat ?provide
> http service and apache provide both http/https。I tried two method to
> implements:
> by mod_proxy:ProxyPass "/" "balancer://mycluster/" stickysession=JSESSIONID
> nofailover=On?
> ProxyPassReverse "/" "balancer://mycluster/"?
> ?
> BalancerMember http://127.0.0.1:8080 route=tomcat1?
> BalancerMember http://127.0.0.1:8081 route=tomcat2?
>
> by mod_jk:I didn't know how to convet https to http like mod_proxy
>
Hi.
Your email format is a bit bizarre. Try to set up your email program to send
emails to
the list as "plain text".
About your question, here are some semi-graphic explanations about how you can
connect
Apache httpd to Tomcat. There are many ways. <- xxx -> indicates the protocol
used.
configuration 1 : using mod_proxy_http and simple HTTP all the way :
browser <- HTTP -> Apache httpd + mod_proxy_http <- HTTP -> Tomcat HTTP
Connector <->
Tomcat webapp
configuration 2 : using mod_proxy_http and HTTPS from browser :
browser <- HTTPS -> Apache httpd + mod_proxy_http <- HTTP -> Tomcat HTTP
Connector <->
Tomcat webapp
configuration 3 : using mod_proxy_http and HTTPS all the way :
browser <- HTTPS -> Apache httpd + mod_proxy_http <- HTTPS -> Tomcat HTTPS
Connector <->
Tomcat webapp
(Note : this is quite inefficient if Apache httpd and Tomcat are on the same
host (or
connected via a secure link), because all data gets encrypted/decrypted
multiple times)
configuration 4 : using mod_proxy_ajp :
browser <- HTTP -> Apache httpd + mod_proxy_ajp <- AJP -> Tomcat AJP Connector
<-> Tomcat
webapp
configuration 5 : HTTPS variant of using mod_proxy_ajp :
browser <- HTTPS -> Apache httpd + mod_proxy_ajp <- AJP -> Tomcat AJP Connector
<-> Tomcat
webapp
configuration 6 : using mod_jk :
browser <- HTTP -> Apache httpd + mod_jk <- AJP -> Tomcat AJP Connector <->
Tomcat webapp
configuration 7 : HTTPS variant of using mod_jk :
browser <- HTTPS -> Apache httpd + mod_jk <- AJP -> Tomcat AJP Connector <->
Tomcat webapp
AJP is a protocol that is not the same as HTTP/HTTPS. But it transports the same
information as HTTP/HTTPS, and for the Tomcat webapp (and the browser) it is
the same.
The setups of mod_jk and mod_proxy_ajp are different, but they offer generally
comparable
options. Choosing one or the other is generally a question of personal
preference, or of
availability on any given OS platform.
There is no "secure variant" of the AJP protocol (iow there is no AJPS e.g.).
This does not really matter if the connection between Apache httpd and Tomcat
in inside
the same host, or (in many cases) if the connection between Apache httpd and
Tomcat
happens over your local LAN, and you are not concerned by "men-in-the-middle"
there.
In configurations 2, 5 and 7, only the part browser <--> Apache httpd is under
HTTPS.
That is generally called "terminating HTTPS at the Apache httpd level".
But in all cases, if Tomcat needs to know some details about the browser HTTPS
connection,
it can get them, because the connector modules can forward that information via
HTTP
headers (or AJP "attributes").
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org