James Ellis schrieb:
I know that mod_jk is the battle tested connector between Apache and
Tomcat, but as I understand it the SSL connection generally
terminates at the Apache web server and the traffic between Apache
and Tomcat (to the AJP connector) is unencrypted. Two questions:
1) Does mod_proxy_ajp provide for any encryption between the web
server and the app server (Tomcat) that mod_jk does not?
No, the AJP13 protocol does not support encryption. Both connectors use
the same protocol. If you need to use encrypted traffic with AJP13, you
could tunnel through an encrypted channel.
> 2) If the
answer to number 1 above is "NO". Is it possible to keep the server
certificates on the app servers and so that the connection from the
client to the app server is encrypted all the way through? In this
case the apache web server would simply function as a load
balancer/failover solution.
Again no. We are talking about a reverse proxy situation and as far as I
know, you can't reverse proxy https without having an ssl endpoint on
the apache httpd.
For a normal (forward) proxy, httpd supports connect, but I don't know
how well this works in the real world.
You could also ask on the httpd users list, maybe they know better.
Thanks, Jim
Regards,
Rainer
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
