On 22.07.2010 19:31, Brett Delle Grazie wrote:
Hi,I'm using RHEL5.5 (Up-to-date) Apache httpd-2.2.3 (from RHEL) with mod_proxy/mod_proxy_ajp Tomcat 6.0.28 (binary distribution from apache). Tomcat native libs (1.1.20, compiled) I have a question regarding AJP connectors and SSL Our application is being SSL offloaded at the HTTPD server end so communication with Tomcat doesn't need to be encrypted. I have two virtual hosts configured in Apache HTTPD (one for :80, one for :443) with the application being proxied in both virtual hosts. My question is, in the Tomcat server.xml, do I require _two_ AJP connectors as follows: (executor omitted for simplicity) <!-- AJP connector pair (HTTP and fake HTTPS), proxied --> <Connector executor="tomcatThreadPool" enableLookups="false" port="8009" protocol="org.apache.coyote.ajp.AjpAprProtocol" redirectPort="8010" proxyPort="80" /> <Connector executor="tomcatThreadPool" enableLookups="false" port="8010" protocol="org.apache.coyote.ajp.AjpAprProtocol" scheme="https" secure="true" proxyPort="443" /> Or can I proxy both HTTP and HTTPS requests to the same AJP connector and have Tomcat correctly recognise when its SSL and return the correct port to the application so URLs are constructed properly? If I do this, are there any special configuration needed in the SSL vhost?
It will work with well-behaved apps without special configuration. That's one strength of the AJP protocol.
See http://tomcat.apache.org/connectors-doc/generic_howto/proxy.html for more details. Regards, Rainer --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
