Re: how to convert https to http by using mod_jk
chenk818 wrote: Hi Warnier: Thank you for your reply??I always thought there was AJPs,now I understood?? but there's another question: In configuration 7, if the backend tomcat provide both http and https,which protocal will be used?Is it determined by httpd's protocol? Take a look at the standard Tomcat server.xml configuration file. There are 3 Connector defined there (2 are commented-out). Each of these Connectors accepts connections (and requests) for one protocol. It is the client which chooses to which port (Connector) it connects. In a configuration like browser - HTTP - Apache httpd + mod_jk - AJP - Tomcat AJP Connector - Tomcat webapp the Tomcat client is Apache httpd + mod_jk. It is thus Apache httpd + mod_jk which chooses to which port of Tomcat it connects (by default, 8009), and which protocol it uses (in this case, always AJP). (Look at the settings for mod_jk, in Apache). In a configuration like browser - HTTP/HTTPS - Apache httpd + mod_proxy_ajp - AJP - Tomcat AJP Connector - Tomcat webapp the Tomcat client is Apache httpd + mod_proxy_ajp. It is thus Apache httpd + mod_proxy_ajp which chooses to which port of Tomcat it connects (by default, 8009), and which protocol it uses (in this case also, always AJP). (Look at the settings for mod_proxy_ajp, in Apache). Imagine this analogy : There is a company in Germany which makes motorbikes and sells them to clients in the whole world. The factory is in Germany, and there are the workers making the motorbikes. The workers speak only German. For international clients to call, there are 3 telephone numbers : - on telephone number 8080, there is a lady speaking English and German - on telephone number 8443, there is a lady speaking Chinese and German - on telephone number 8009, there is a lady speaking Italian and German Each of these ladies can take a call in the language that she knows, and translate the customer wishes to German, for the factory workers. If a Chinese client calls on number 8009, the lady there will not understand what he says, and he will get no motorbike. But if he calls the number 8443, the lady will understand him; she will relay his order properly to the factory, in German; and the client will get his motorbike. The factory is Tomcat; the factory workers are the webapps; the ladies are the Connector's; the Connector ladies translate the customer calls from their language (HTTP, HTTPS or AJP) into a HttpServletRequest that the webapps understand. The factory workers do not need to speak English (HTTP), Chinese (HTTPS) or Italian (AJP), because they always get the requests in German (HttpServletRequest), as translated by the appropriate Connector. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Re: how to convert https to http by using mod_jk
I got it,thank you very much。 chenk...@126.com ?From:?André WarnierDate:?2015-04-28?16:46To:?Tomcat Users ListSubject:?Re: how to convert https to http by using mod_jkchenk818 wrote: Hi Warnier: Thank you for your reply。I always thought there was AJPs,now I understood。 but there's another question: In configuration 7, if the backend tomcat provide both http and https,which protocal will be used?Is it determined by httpd's protocol? ? Take a look at the standard Tomcat server.xml configuration file. There are 3 Connector defined there (2 are commented-out).? Each of these Connectors accepts connections (and requests) for one protocol. It is the client which chooses to which port (Connector) it connects. ? In a configuration like ? browser - HTTP - Apache httpd + mod_jk - AJP - Tomcat AJP Connector - Tomcat webapp ? the Tomcat client is Apache httpd + mod_jk. It is thus Apache httpd + mod_jk which chooses to which port of Tomcat it connects (by default, 8009), and which protocol it uses (in this case, always AJP). (Look at the settings for mod_jk, in Apache). ? In a configuration like ? browser - HTTP/HTTPS - Apache httpd + mod_proxy_ajp - AJP - Tomcat AJP Connector - Tomcat webapp ? the Tomcat client is Apache httpd + mod_proxy_ajp. It is thus Apache httpd + mod_proxy_ajp which chooses to which port of Tomcat it connects (by default, 8009), and which protocol it uses (in this case also, always AJP). (Look at the settings for mod_proxy_ajp, in Apache). ? Imagine this analogy : ? There is a company in Germany which makes motorbikes and sells them to clients in the whole world.? The factory is in Germany, and there are the workers making the motorbikes. The workers speak only German. ? For international clients to call, there are 3 telephone numbers : - on telephone number 8080, there is a lady speaking English and German - on telephone number 8443, there is a lady speaking Chinese and German - on telephone number 8009, there is a lady speaking Italian and German ? Each of these ladies can take a call in the language that she knows, and translate the customer wishes to German, for the factory workers. ? If a Chinese client calls on number 8009, the lady there will not understand what he says, and he will get no motorbike.? But if he calls the number 8443, the lady will understand him; she will relay his order properly to the factory, in German; and the client will get his motorbike. ? The factory is Tomcat; the factory workers are the webapps; the ladies are the Connector's; the Connector ladies translate the customer calls from their language (HTTP, HTTPS or AJP) into a HttpServletRequest that the webapps understand. The factory workers do not need to speak English (HTTP), Chinese (HTTPS) or Italian (AJP), because they always get the requests in German (HttpServletRequest), as translated by the appropriate Connector. ? ? ? - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org ?
Re: how to convert https to http by using mod_jk
chenk...@126.com wrote: hi:? ??? ? I'm using apache + tomcat to build my website。The tomcat ?provide http service and apache provide both http/https。I tried two method to implements: by mod_proxy:ProxyPass / balancer://mycluster/ stickysession=JSESSIONID nofailover=On? ProxyPassReverse / balancer://mycluster/? Proxy balancer://mycluster? BalancerMember http://127.0.0.1:8080 route=tomcat1? BalancerMember http://127.0.0.1:8081 route=tomcat2? /Proxy by mod_jk:I didn't know how to convet https to http like mod_proxy Hi. Your email format is a bit bizarre. Try to set up your email program to send emails to the list as plain text. About your question, here are some semi-graphic explanations about how you can connect Apache httpd to Tomcat. There are many ways. - xxx - indicates the protocol used. configuration 1 : using mod_proxy_http and simple HTTP all the way : browser - HTTP - Apache httpd + mod_proxy_http - HTTP - Tomcat HTTP Connector - Tomcat webapp configuration 2 : using mod_proxy_http and HTTPS from browser : browser - HTTPS - Apache httpd + mod_proxy_http - HTTP - Tomcat HTTP Connector - Tomcat webapp configuration 3 : using mod_proxy_http and HTTPS all the way : browser - HTTPS - Apache httpd + mod_proxy_http - HTTPS - Tomcat HTTPS Connector - Tomcat webapp (Note : this is quite inefficient if Apache httpd and Tomcat are on the same host (or connected via a secure link), because all data gets encrypted/decrypted multiple times) configuration 4 : using mod_proxy_ajp : browser - HTTP - Apache httpd + mod_proxy_ajp - AJP - Tomcat AJP Connector - Tomcat webapp configuration 5 : HTTPS variant of using mod_proxy_ajp : browser - HTTPS - Apache httpd + mod_proxy_ajp - AJP - Tomcat AJP Connector - Tomcat webapp configuration 6 : using mod_jk : browser - HTTP - Apache httpd + mod_jk - AJP - Tomcat AJP Connector - Tomcat webapp configuration 7 : HTTPS variant of using mod_jk : browser - HTTPS - Apache httpd + mod_jk - AJP - Tomcat AJP Connector - Tomcat webapp AJP is a protocol that is not the same as HTTP/HTTPS. But it transports the same information as HTTP/HTTPS, and for the Tomcat webapp (and the browser) it is the same. The setups of mod_jk and mod_proxy_ajp are different, but they offer generally comparable options. Choosing one or the other is generally a question of personal preference, or of availability on any given OS platform. There is no secure variant of the AJP protocol (iow there is no AJPS e.g.). This does not really matter if the connection between Apache httpd and Tomcat in inside the same host, or (in many cases) if the connection between Apache httpd and Tomcat happens over your local LAN, and you are not concerned by men-in-the-middle there. In configurations 2, 5 and 7, only the part browser -- Apache httpd is under HTTPS. That is generally called terminating HTTPS at the Apache httpd level. But in all cases, if Tomcat needs to know some details about the browser HTTPS connection, it can get them, because the connector modules can forward that information via HTTP headers (or AJP attributes). - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: how to convert https to http by using mod_jk
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 chenk, On 4/27/15 5:52 AM, chenk...@126.com wrote: hi:? ??? ? I'm using apache + tomcat to build my website。The tomcat ?provide http service and apache provide both http/https。I tried two method to implements: by mod_proxy:ProxyPass / balancer://mycluster/ stickysession=JSESSIONID nofailover=On? ProxyPassReverse / balancer://mycluster/? Proxy balancer://mycluster? BalancerMember http://127.0.0.1:8080 route=tomcat1? BalancerMember http://127.0.0.1:8081 route=tomcat2? /Proxy by mod_jk:I didn't know how to convet https to http like mod_proxy mod_jk always uses AJP which is neither HTTP nor HTTPS. It is not encrypted unless you make special arrangements to tunnel it through an encrypted protocol. Note that you can use AJP without switching to mod_jk: ProxyPassReverse / balancer://mycluster/? Proxy balancer://mycluster? BalancerMember ajp://127.0.0.1:8080 route=tomcat1? BalancerMember ajp://127.0.0.1:8081 route=tomcat2? /Proxy - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v2 Comment: GPGTools - http://gpgtools.org iQIcBAEBCAAGBQJVPkd+AAoJEBzwKT+lPKRY+6gP/2GGkOh9CooxpvgpiUIm5LwU 2YbrMVmI3uwwy3MezFMODyVQ84LuX5HTvYwCJb43JSz1z434RVYWH6+kJqIWblih SR92eqmGluIWe3Ev9laRwwkvixFMcIl+hABBmPYr9iDEI45wLmAZequ2cO2+HWdQ PwcwVFBIZwaDZPrEJAE1w8zZaJgDVenz2NImNWpfVW3Sdayyb46BRS+X+PdIyfTF VkvR7v3bqb4BAMgWkPkyIZA1Ss07LmWBNDY+4+VTbpkXTJdvO1qM6NcWUI3DSvkr X6Ld91+LoKW5Da5e0Z6aypWKYbaXh7aMJd5eqA468Oi2r67e43qGq8WbzypF2Q+2 zacnJ/rbPQ6jawnC+6k2ccySAsvjgWjDHCIMNPkNQBbtZ86q4CtSQcrRocQlGSKf K13wr6D8kEzFjnmzMf9FtzQ9YruAfzilZ3cy4/k9E+70h46sSRNhjwZz83mzDuGs TyXaN1lVu+r76Ihb4AHh74Ir9XlLnv82CEMpQpmWz5abFurDIZZ3aXVqMLMIV03k yvxXjkTbv3hul/aA7c8IORlqC5tm7/Jzuv2O3PEEm3FS30LMEwuKINkkiPFQBn1u 6i1FGZhMhHmAUxaVfOKiQz2EMp2ctxTbg2B+ZoH46CXdsN0N3bvjs8hAJ5A4r3v5 jaR2J1HDS+Nou7edfpPu =xSHb -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
