Jeff Haferman wrote:
The subject says it, I need help getting a secure reverse proxy to my tomcat server working.
Maybe one question here would be : why ?
browser <--- HTTPS --> httpd <-- HTTPS --> Tomcat
The browser encrypts and sends to httpd.
httpd decrypts.
httpd then re-encrypts and sends to Tomcat.
Tomcat decrypts.
and vice-versa on the way back. That is quite inefficient.
And as your example configuration seems to show, httpd and Tomcat are running inside the
same physical host, so the httpd <--> Tomcat information does not circulate "outside" (of
the physical host).
What is the point then of this double encryption/decryption ?
It is more usual in such a configuration to "terminate HTTPS" at the httpd
level, like :
browser <--- HTTPS --> httpd <-- HTTP --> Tomcat
or
browser <--- HTTPS --> httpd <-- AJP --> Tomcat
and use non-encrypted data between httpd and Tomcat, saving yourself 2
encryption/decryption cycles for each request/response.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
