Aggarwal, Ajay wrote:
Thanks to all who have given different suggestions.
Binding HTTP (port 80) to 127.0.0.1 and HTTPS (port 443) to external/public IP will not work for me. My situation is slightly more complicated.
Now why did I guess that already ?
Probably the experience of customer-written specifications.
:-)
For external clients, I want to enforce SSL only on part of my application (certain URLs)
not all.
I will look into URL Rewrite as suggested by Nicholas.
And when you really take into account all aspects of the requirements (authentication for
the externals ?), you may still want to have a second look at the 2 <Host> possibilities.
Mixing SSL and non-SSL parts within the same application is - in my humble view - a recipe
for a lot of complications and user inconvenience.
(Such as : some browsers will pop up a message to the user, when switching from HTTP to
HTTPS and vice-versa)
Q: if a part of it, for some category of users, has to go through HTTPS, then what stops
you from making it all HTTPS for everyone, internal and external ?
Q: what about a simple front-end proxy, which would take care of the HTTPS part for the
externals, and connect internally to Tomcat over standard HTTP ?
The internals can go around the proxy and access the application directly via
HTTP.
A minimal Apache httpd, running on the same box, would do that easily.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
