Yes, for development httpd and tomcat are on the same physical machine.
Eventually they will be on different machines.
But, even if I try
browser <--- HTTPS --> httpd <-- HTTP --> Tomcat
by just changing the ProxyPass and ProxyPassReverse directives to use the
unencrypted URLs as follows
<VirtualHost *:443>
SSLEngine on
SSLProxyEngine on
SSLCertificateFile /path/to/server.crt
SSLCertificateKeyFile /path/to/server.key
ServerName my.webserver.com
ProxyPass / http://my.webserver.com:8080/
ProxyPassReverse / http://my.webserver.com:8080/
</VirtualHost>
the reverse proxy still does not serve the tomcat pages as I would expect.
André Warnier wrote:
> Jeff Haferman wrote:
>> The subject says it, I need help getting a secure reverse proxy to my tomcat
>> server working.
>
> Maybe one question here would be : why ?
>
> browser <--- HTTPS --> httpd <-- HTTPS --> Tomcat
>
> The browser encrypts and sends to httpd.
> httpd decrypts.
> httpd then re-encrypts and sends to Tomcat.
> Tomcat decrypts.
>
> and vice-versa on the way back. That is quite inefficient.
>
> And as your example configuration seems to show, httpd and Tomcat are running
> inside the
> same physical host, so the httpd <--> Tomcat information does not circulate
> "outside" (of
> the physical host).
> What is the point then of this double encryption/decryption ?
>
> It is more usual in such a configuration to "terminate HTTPS" at the httpd
> level, like :
>
> browser <--- HTTPS --> httpd <-- HTTP --> Tomcat
> or
> browser <--- HTTPS --> httpd <-- AJP --> Tomcat
>
> and use non-encrypted data between httpd and Tomcat, saving yourself 2
> encryption/decryption cycles for each request/response.
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [email protected]
> For additional commands, e-mail: [email protected]
>
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
