Hello CBy, My preference to handle SSL at the Apache Httpd level is to insert a header "x-forwarded-proto=http|https" in Apache with mod_header, to transmit the request in clear http to tomcat and then to intercept this "x-forwarded-proto" header in Tomcat with the RemoteIpValve. This valve will be integrated in Tomcat's distribution in version 6.0.21 and is currently available on a Google Code Project (1).
Another solution is to introduce a second HTTP connector in Tomcat with the attributes secure=true and scheme=https. Even if this connector uses HTTP instead of HTTPS, the connector attributes will set request.isSecure() to true and request.getScheme() to https. I have written a very detailed document "Tomcat, SSL, secure communications and X-Forwarded-Proto" (2) that explains solutions to handle HTTPS at the Tomcat, Apache Httpd and Load Balancer layers. The document is written in french but the google translation is quite good (3). Hope this helps, Cyrille -- Cyrille Le Clerc clecl...@xebia.fr http://blog.xebia.fr (1) http://code.google.com/p/xebia-france/wiki/RemoteIpValve (2) http://blog.xebia.fr/2009/11/13/tomcat-ssl-communications-securisees-et-x-forwarded-proto/ (3) http://translate.google.com/translate?js=y&prev=_t&hl=en&ie=UTF-8&u=http%3A%2F%2Fblog.xebia.fr%2F2009%2F11%2F13%2Ftomcat-ssl-communications-securisees-et-x-forwarded-proto%2F&sl=fr&tl=en On Wed, Nov 25, 2009 at 9:43 AM, CBy <tom...@byrman.demon.nl> wrote: > Hi, > > In my current working environment, Tomcat 6.0.18 is behind Apache. I don't > know why they chose this setup, because Apache only acts as a proxy, it > doesn't host anything. I do have experience in setting up SSL for > stand-alone Tomcat, but have no experience with Apache whatsoever. Since I > do have administrative rights for Tomcat, but not for Apache, I was thinking > of letting Tomcat handle SSL. Is that sensible or is it better to configure > this with Apache in this case? > > CBy > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > > --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
