-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 David,
On 4/10/20 11:45, David Cleary wrote: > Some of our customers are currently using the AJP connector. Given > the vulnerability and breaking change to address it, now may be a > good time to prompt them look at alternatives. One requirement is > HTTPS support. What are the alternatives when hosting Tomcat > behind Apache httpd, nginx, or IIS? I do remember a presentation I > thought was pretty good at Apachecon in Miami on connectors a few > years ago. Has there been anything new that has come out since > then? Are there any recommendations on what is best to replace > AJP13? For Tomcat, the only proxy protocols currently supported are HTTP(S), h2 and AJP. So if you want to leave AJP (and I'd recommend that you start packing your bags, now), your only choices are HTTP(S) and h2 (which, for all intents and purposes are the same). The HTTP(S) connectors in Tomcat are every bit as reliable as the AJP connectors and, IMO, a better choice all-around for proxying these days. mod_proxy and mod_proxy_http could still use a couple of enhancements to make them as good as mod_jk is IMHO, but more users means more pressure to get those features. - -chris -----BEGIN PGP SIGNATURE----- Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/ iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAl6QqOIACgkQHPApP6U8 pFgA+w//e3LmN9/0sZjPyNKTYWAPNo1uON2kJR3IG19LzQoNbFUfKOIZ+Z71o4ZF mBB0/juHQuubQ0GMQQQ0LR325Daha3mV9Tzy1CUvQMs2b+CRvJP3eVXDDaStrZXW KnZOTFI6piutTQQCgchVhQ9Ct0/bouVrPFuuq0+b78KB/Iw6UBu/v+e26H2Nnv32 v8pjq/02o6+mEU6rpZYABltRgxK6HMMZSmQKdP0E0O8KEexvE+smhMZTJmTXWS/9 9Foby0X3WhRbVkQkngYpBk08RgD+X+8P9LnEzbWXCcUnvMn+fbhMzCZSy2x3R/33 ra+BG4iIbMHbmrkejXIEqoIqdupqlbIIVpeeUXaiEWSWhDzKI1jocI2xmCdfa/vU fwPBVLyMpCZWG2R36ZndcD2bVOhKjzDjYrFwlaGKmxwDu9DPDk8Lp0D3+7gm/raa wDIWXcgkO5qsRYh41stdPHY34fNNLmYwdTHr8pfS+DWhMtkm2n8iGwnQNHieL7vi ZLJ4FVfNQGD61wULbxU95IIdbJQGwaNt/C2b+6Xbqiug57D4WnjkiUC/q5+tr2jo x8OG8g6uwMDLzgeFPkbPjZDo++NHKqWyyHy7qYnX8hCSSQIInQPxNnW6ioQaq2k+ v+6DaIvVP4oc6oDjR1243vQ9DNKSosn2ZPLw+WSwrjBXll2QROM= =eChE -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org