Do I need to configure separate connectors for the isapi_redirect.dll to = work properly? I realize that this discussion is about apache, and not = iis, but I've had no ability to connect to = https://<SAMPLE-DOMAIN>.com:8443/examples, and I can't understand why.
Patrick -----Original Message----- From: Julio César Chaves Fernández [mailto:[EMAIL PROTECTED] Sent: Wednesday, August 20, 2008 12:33 AM To: Tomcat Users List Subject: RE: https & j_security_check now really Solved :P Hi, Yes, it worked with only that connector ... the requests that came from http over apache and went to the AJP connector were redirected by te port defined as redirectPort in the connector...so changing this to 443 as in the second scheme you propose did the job...thanks for helping and again my apologies for all the trouble or headaches caused ;). Julio César > Date: Tue, 19 Aug 2008 13:14:51 -0400> From: [EMAIL PROTECTED]> To: > users@tomcat.apache.org> Subject: Re: https & j_security_check apparently > Solved :P> > -----BEGIN PGP SIGNED MESSAGE-----> Hash: SHA1> > Julio,> > > Julio César Chaves Fernández wrote:> > I'm sorry but i read the previous > question and now that i notice i> > doesn't make any sense given that apache > is connecting tomcat by AJP> > connector ... the question would be if there > is a way to redirect a> > request over http for an application that has a > confidential> > transport guarantee defined in the application not through > the port> > defined in the AJP connector but by port 443?> > If you want all > traffic to be handled by Apache httpd and mod_jk in this> way:> > Client --- > HTTP (80) ---> Apache httpd --- AJP (8100) ---> Tomcat> Client --- HTTPS > (443) ---> Apache httpd --- AJP (8100) ---> Tomcat> > Then you need only a > single connector:> > <Connector port="8100" protocol="AJP/1.3" />> > (Plus > any other settings you want to add).> > Apache httpd will handle all of the > HTTPS stuff for you. Remove all> other connectors from Tomcat.> > If you want > to be able to support alternate ports that go directly to> Tomcat, like > this:> > Client --- HTTP (80) ---> Tomcat> Client --- HTTPS (443) ---> > Tomcat> > Then you will need two connectors:> > <Connector port="80" />> > <Connector port="443" scheme="https" sslProtocol="TLS"/>> > (Plus any other > settings you want to add).> > If you want to support both configurations at > the same time, you will> need 3 connectors, but each with unique port > numbers. Something like this:> > Client --- HTTP (80) ---> Apache httpd --- > AJP (8100) ---> Tomcat> Client --- HTTPS (443) ---> Apache httpd --- AJP > (8100) ---> Tomcat> Client --- HTTP (8080) ---> Tomcat> Client --- HTTPS > (8443) ---> Tomcat> > <Connector port="8100" protocol="AJP/1.3" /> <!-- for > AJP -->> <Connector port="8080" redirectPort="8443" /> <!-- for HTTP -->> > <Connector port="8443" scheme="https" sslProtocol="TLS"/>> > If you want to > use port 443 as the redirect port for your 8080> connector, then go ahead and > do it. However, to me it only makes sense> to support /either/ > direct-to-Tomcat /or/ via-Apache-httpd configurations.> > - -chris> > > -----BEGIN PGP SIGNATURE-----> Version: GnuPG v1.4.9 (MingW32)> Comment: > Using GnuPG with Mozilla - http://enigmail.mozdev.org> > > iEYEARECAAYFAkiq/4sACgkQ9CaO5/Lv0PC7dwCgky/b57zH2RYKBc14jPo1mNXQ> > /g8AnAhjkevlaEyaoG0B7Pz3txgn8FFp> =BhcA> -----END PGP SIGNATURE-----> > > ---------------------------------------------------------------------> To > start a new topic, e-mail: users@tomcat.apache.org> To unsubscribe, e-mail: > [EMAIL PROTECTED]> For additional commands, e-mail: [EMAIL PROTECTED]> _________________________________________________________________ Connect to the next generation of MSN Messenger http://imagine-msn.com/messenger/launch80/default.aspx?locale=en-us&source=wlmailtagline --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
