I have apache 1.3+mod_ssl and mod_jk (ajp13) "fronting" a Tomcat 4.0.3 server
which has a servlet protected by:
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
I assume that for performance reasons that it would be best if I could run no
connectors other than the AJP13 one.
Ideally, calls to the above servlet as http should be redirected to the
equivalent https page. To that end, I have, in my server.xml:
<!-- Define an AJP 1.3 Connector on port 8009 -->
<Connector className="org.apache.ajp.tomcat4.Ajp13Connector"
port="8009" minProcessors="30" maxProcessors="150"
acceptCount="10" debug="0"
enableLookups="false" redirectPort="443"
secure="false" scheme="http"
address="127.0.0.1"
tomcatAuthentication="true"/>
however the redirect won't work (Status 500 error) unless I put in an HTTPS
connector as well in server.xml (note that it doesn't have to be accessible at
all, hence the 127.0.0.1 and port 8443 is blocked off so it doesn't seem to
play any part in the whole deal other than to signal to Tomcat that it can
handle redirects to SSL):
<!-- Define an SSL HTTP/1.1 Connector on port 8443 -->
<Connector className="org.apache.catalina.connector.http.HttpConnector"
address="127.0.0.1" port="8443" minProcessors="5" maxProcessors="75"
enableLookups="false"
acceptCount="10" debug="0" scheme="https" secure="true">
<Factory className="org.apache.catalina.net.SSLServerSocketFactory"
clientAuth="false" protocol="TLS"
keystorePass="foo"/>
</Connector>
(I tried putting in an additional ajp13 connector that mod_jk sent anything
that showed up as SSL to, but that didn't work).
Is this how it's supposed to work? If so, it should be documented somewhere...
Thanks,
Adi
--
To unsubscribe: <mailto:[EMAIL PROTECTED]>
For additional commands: <mailto:[EMAIL PROTECTED]>
Troubles with the list: <mailto:[EMAIL PROTECTED]>
