-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Brett,
On 7/22/2010 1:31 PM, Brett Delle Grazie wrote: > Tomcat 6.0.28 (binary distribution from apache). > > My question is, in the Tomcat server.xml, do I require _two_ AJP > connectors as follows: > > (executor omitted for simplicity) > > <!-- AJP connector pair (HTTP and fake HTTPS), proxied --> > <Connector executor="tomcatThreadPool" > enableLookups="false" > port="8009" protocol="org.apache.coyote.ajp.AjpAprProtocol" > redirectPort="8010" > proxyPort="80" /> > > <Connector executor="tomcatThreadPool" > enableLookups="false" > port="8010" protocol="org.apache.coyote.ajp.AjpAprProtocol" > scheme="https" secure="true" > proxyPort="443" /> In addition to Rainer's notes, I have a couple of comments: It's not necessary to specify protocol="org.apache.coyote.ajp.AjpAprProtocol" in the <Connector>. If libapr isn't available, you'll be left with no working connectors. If, instead, you simply have protocol="AJP/1.3", your <Connector> can fall-back to the BIO (i.e. blocking pure-Java connector). Your redirectPort should point to the port that is visible to the outside world, not to the port that is being used for Tomcat. Probably, your redirectPort should be set to "443" so that requests will be redirected (remember, via the user agent) and hit your Apache httpd instance out in front of Tomcat. If you specify "8010", and that port is blocked to the outside world, you'll find that your users will receive a "cannot contact server" message. if port 8010 is /not/ blocked, they'll get a weird SSL error saying that the server isn't speaking HTTPS.... because it's speaking AJP! Hope that helps, - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkxIuZcACgkQ9CaO5/Lv0PBAfwCfQN9zGWDLjE8flIPh3xpmUoWx MrUAn1Epj1dKmzh0/SAD2KI+C44i2bvX =xF9L -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org