On 25/11/2009 10:28, jkv wrote:
Thanks David,
I would imagine that with mod_proxy you could load balance https requests
so that the https request goes to httpd then its load balanced between
https requests to
multiple tomcats. What you'll loose over the ajp protocol i'm sure
someone will let us know
That sounds good but when https request hits Apache the certificate will be
issued by the server to the client, now when this is again sent as https
request to tomcat, which will again try issuing a certificate (I guess as
this is a protocol standard), I dont know whether will this affect the
client -> getting two certificates for a single https request??
Has any body done this before???
David Cassidy wrote:
Hey
Yes if you want httpd to load balance https requests you do need it to
handle the https connection - and hence it needs the keys, certs etc
Sadly the ajp protocol is in fact insecure
if you have the httpd and tomcat on separate boxes you do have a
security issue
as the connection is transporting data in the clear.
I would imagine that with mod_proxy you could load balance https requests
so that the https request goes to httpd then its load balanced between
https requests to
multiple tomcats. What you'll loose over the ajp protocol i'm sure
someone will let us know
Note: you'll probably need more cert licenses, if they're commercial
ones, if you're deploying the cert on multiple Tomcats rather than on
one HTTPD.
p
On 25/11/09 09:18, jkv wrote:
Hello,
We are using Tomcat 6.0 and running HTTPS (enabled SSL). The number of
requests has grown up and we have decided to do go for clustering and
loadbalancing. We have decided to go for Apache and mod_proxy/mod_jk
loadbalacing. My certificate resides in Tomcat.
In order to loadbalance HTTPS request using Apache and mod_proxy/mod_jk,
should I configure Apache to handle HTTPS and tell it about my
certificate
details?
While loadbalancing I understand that http/https request to Apache is
converted to ajp and tunneled to Tomcat, so is ajp protocol secure?
should I
enable SSL in tomcat to handle this request?
Should I have two copies of my certificate files if Apache and Tomcat
reside
on two different physical machines(Horizontal Clustering)?
I searched the forums and they are too advanced for my question. I am
really
new to clustering and load balancing and any help is deeply appreciated.
Thanks in advance.
Regards
jkv
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
