Thanks everyone for your feedback. I am the one who unknowingly opened this can of worms. :)
It seems like there is a bit of momentum for altering the documentation, so I thought I would offer something that incorporated some of these suggestions. I left out the part about "why" one would use a reverse proxy. Maybe it should be referenced here, but that is seems like something a higher level topic that might be more appropriate somewhere else. (If it doesn't fit anywhere else either, I can add it back.) --- The AJP Connector element represents a Connector component that communicates with a HTTP server via the AJP protocol. This is an unencrypted protocol and is therefore recommended for use on a protected network or encrypted by some other means, like SSH tunneling. The most common configuration for this is when an HTTP server acts as a reverse proxy in front of one or more Tomcat servers. Besides being a more efficient protocol that HTTP, there are several configuration options in this connector designed to allow Tomcat to operate as it would if it were not running behind a reverse proxy. --- Mark Claassen Senior Software Engineer Donnell Systems, Inc. 130 South Main Street Leighton Plaza Suite 375 South Bend, INĀ 46601 E-mail: mailto:mclaas...@ocie.net Voice: (574)232-3784 Fax: (574)232-4014 Disclaimer: The opinions provided herein do not necessarily state or reflect those of Donnell Systems, Inc.(DSI). DSI makes no warranty for and assumes no legal liability or responsibility for the posting. -----Original Message----- From: Terence M. Bandoian [mailto:tere...@tmbsw.com] Sent: Thursday, March 1, 2018 8:34 AM To: Tomcat Users List <users@tomcat.apache.org> Subject: Re: Security of AJP On 2/28/2018 10:16 AM, Mark H. Wood wrote: > On Wed, Feb 28, 2018 at 09:25:53AM -0500, Christopher Schultz wrote: >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA256 >> >> Chris, >> >> On 2/28/18 8:40 AM, Cheltenham, Chris wrote: >>> Since AJP is not really needed by Tomcat; If I comment out the AJP >>> startup line in server.xml will that affect anything. >>> >>> I still don't even understand what its for. I have read the apache >>> docs but it doesn't mean anything to me.. Apache's description >>> doesn't tell me anything. >>> >>> >>> The AJP Connector element represents a Connector component that >>> communicates with a web connector via the AJP protocol. This is used >>> for cases where you wish to invisibly integrate Tomcat into an >>> existing (or new) Apache installation, and you want Apache to handle >>> the static content contained in the web application, and/or utilize >>> Apache's SSL processing. >>> >>> That is mumbo jumbo. >> Is it? > Well, it could be improved. For example, by using the > widely-understood word "proxy" somewhere, or defining "web connector". > Also by recalling that "Apache" is a huge array of various projects > (including Tomcat!), while "Apache HTTP Server" refers to a specific > web server daemon that can front-end Tomcat. One could even link > "Apache HTTP Server" to 'http://httpd.apache.org/'. > +1. Maybe "...communicates with an HTTP server via..." in the first sentence? Also, the second sentence could be greatly simplified. -Terence Bandoian --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
