Yes, for development httpd and tomcat are on the same physical machine. Eventually they will be on different machines. But, even if I try browser <--- HTTPS --> httpd <-- HTTP --> Tomcat by just changing the ProxyPass and ProxyPassReverse directives to use the unencrypted URLs as follows
<VirtualHost *:443> SSLEngine on SSLProxyEngine on SSLCertificateFile /path/to/server.crt SSLCertificateKeyFile /path/to/server.key ServerName my.webserver.com ProxyPass / http://my.webserver.com:8080/ ProxyPassReverse / http://my.webserver.com:8080/ </VirtualHost> the reverse proxy still does not serve the tomcat pages as I would expect. André Warnier wrote: > Jeff Haferman wrote: >> The subject says it, I need help getting a secure reverse proxy to my tomcat >> server working. > > Maybe one question here would be : why ? > > browser <--- HTTPS --> httpd <-- HTTPS --> Tomcat > > The browser encrypts and sends to httpd. > httpd decrypts. > httpd then re-encrypts and sends to Tomcat. > Tomcat decrypts. > > and vice-versa on the way back. That is quite inefficient. > > And as your example configuration seems to show, httpd and Tomcat are running > inside the > same physical host, so the httpd <--> Tomcat information does not circulate > "outside" (of > the physical host). > What is the point then of this double encryption/decryption ? > > It is more usual in such a configuration to "terminate HTTPS" at the httpd > level, like : > > browser <--- HTTPS --> httpd <-- HTTP --> Tomcat > or > browser <--- HTTPS --> httpd <-- AJP --> Tomcat > > and use non-encrypted data between httpd and Tomcat, saving yourself 2 > encryption/decryption cycles for each request/response. > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org