Hey
Yes if you want httpd to load balance https requests you do need it to
handle the https connection - and hence it needs the keys, certs etc
Sadly the ajp protocol is in fact insecure
if you have the httpd and tomcat on separate boxes you do have a
security issue
as the connection is transporting data in the clear.
I would imagine that with mod_proxy you could load balance https requests
so that the https request goes to httpd then its load balanced between
https requests to
multiple tomcats. What you'll loose over the ajp protocol i'm sure
someone will let us know
Hope this helps
D
On 25/11/09 09:18, jkv wrote:
Hello,
We are using Tomcat 6.0 and running HTTPS (enabled SSL). The number of
requests has grown up and we have decided to do go for clustering and
loadbalancing. We have decided to go for Apache and mod_proxy/mod_jk
loadbalacing. My certificate resides in Tomcat.
In order to loadbalance HTTPS request using Apache and mod_proxy/mod_jk,
should I configure Apache to handle HTTPS and tell it about my certificate
details?
While loadbalancing I understand that http/https request to Apache is
converted to ajp and tunneled to Tomcat, so is ajp protocol secure? should I
enable SSL in tomcat to handle this request?
Should I have two copies of my certificate files if Apache and Tomcat reside
on two different physical machines(Horizontal Clustering)?
I searched the forums and they are too advanced for my question. I am really
new to clustering and load balancing and any help is deeply appreciated.
Thanks in advance.
Regards
jkv
