-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Michael,

On 5/5/16 3:28 PM, Michael Fox wrote:
> Please confirm that to configure the passthrough with an external 
> HTTPS and an internal HTTP, I would set Apache to listen to SSL on 
> port 8443 and Tomcat on port 8080, with a line inside the Virtual 
> Host directive of
> 
> ProxyPass /myapp http://DNS_hostname:8080/myapp ProxyPassReverse
> /myapp http://DNS_hostname:8080/myapp

If DNS_hostname is the hostname of your Tomcat server, then yes, this
is correct. If the web server and Tomcat are on the same host, then
you can use "localhost" which should speed things up.

I'm guessing that the powers-that-be are using the web server
elsewhere, so they'll have to use the IP address (or hostname) of
wherever Tomcat is running in the URLs above.

Note that there is no requirement to use port 8080 -- you can use
anything you'd like -- but 8080 is somewhat traditional and also
happens to be the default configuration shipped with Tomcat.

> In the Tomcat server.xml file, inside the Host directive, I will 
> place <Valve className="org.apache.catalina.valves.RemoteIpValve"
> />

Good.

> In the file /etc/httpd/conf/workers.properties,
> worker.worker1.host should be set to DNS_hostname and
> worker.worker1.port is set to 8080.

Nope. You don't need a workers.properties file at all. That's for us
you want to use mod_jk and the AJP13 protocol as a proxying protocol.
Since you are using HTTP, you don't need any of that stuff.

(At worst, it will be confusing, since Tomcat will be listening on
:8080 for HTTP connections, not AJP13 connections.)

> With this setup, the URL for accessing the Tomcat application via
> the Apache server would be https://DNS_hostname/myapp

If Tomcat is on DNS_hostname, then this is probably wrong. If
DNS_hostname points to the host where the reverse-proxy (web server)
is, then you are correct.

Here's the ASCII-art picture:

Client --- HTTPS:443 ---> web server --- HTTP:8080 --> Tomcat

If you wanted to use AJP13 with mod_jk (or mod_proxy_ajp), it would
look like this:

Client --- HTTPS:443 ---> web server --- AJP13:8009 --> Tomcat

(8009 is the default port setting for AJP13 in a Tomcat configuration.)

- From the client perspective, the URL should be
https://publichostname/myapp. From the web server's perspective, the
URL should be http://tomcat.internal.hostname:8080/myapp

Hope that helps,
- -chris
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iEYEARECAAYFAlcrsg8ACgkQ9CaO5/Lv0PBXzQCfaL/Dy/GqKA/7t0WSex8ZzPb8
iaAAn2TwoF3N89NHiEQEimZ+VjDA4Y4+
=DMoV
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Reply via email to