Re: secure reverse proxy to my tomcat server HELP NEEDED

Mon, 03 Mar 2014 14:12:12 -0800 

Yes, for development httpd and tomcat are on the same physical machine. 
Eventually they will be on different machines.
But, even if I try
browser <--- HTTPS --> httpd <-- HTTP --> Tomcat
by just changing the ProxyPass and ProxyPassReverse directives to use the 
unencrypted URLs as follows

<VirtualHost *:443>
    SSLEngine on
    SSLProxyEngine on
    SSLCertificateFile /path/to/server.crt
    SSLCertificateKeyFile /path/to/server.key
    ServerName my.webserver.com
    ProxyPass / http://my.webserver.com:8080/
    ProxyPassReverse / http://my.webserver.com:8080/
</VirtualHost>

the reverse proxy still does not serve the tomcat pages as I would expect.


André Warnier wrote:
> Jeff Haferman wrote:
>> The subject says it, I need help getting a secure reverse proxy to my tomcat 
>> server working. 
>
> Maybe one question here would be : why ?
>
> browser <--- HTTPS --> httpd <-- HTTPS --> Tomcat
>
> The browser encrypts and sends to httpd.
> httpd decrypts.
> httpd then re-encrypts and sends to Tomcat.
> Tomcat decrypts.
>
> and vice-versa on the way back.  That is quite inefficient.
>
> And as your example configuration seems to show, httpd and Tomcat are running 
> inside the 
> same physical host, so the httpd <--> Tomcat information does not circulate 
> "outside" (of 
> the physical host).
> What is the point then of this double encryption/decryption ?
>
> It is more usual in such a configuration to "terminate HTTPS" at the httpd 
> level, like :
>
> browser <--- HTTPS --> httpd <-- HTTP --> Tomcat
> or
> browser <--- HTTPS --> httpd <-- AJP --> Tomcat
>
> and use non-encrypted data between httpd and Tomcat, saving yourself 2 
> encryption/decryption cycles for each request/response.
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Reply via email to