AngeloChen wrote:
Hi,
I set up a virtual host for ssl in apache,
We will assume that you know what you are doing, but just as a reminder : HTTPS and
VirtualHosts are not really compatible. You can make it work, but only with one name-based
VirtualHost. If you are not sure or do not understand this, read the relevant Apache
documentation carefully.
www.sample.com, it uses mod_proxy
to redirect to a tomcat server:
ProxyPass / https://localhost:8443/
ProxyPassReverse / https://localhost:8443/
ProxyPreserveHost on
SSLEngine on
SSLProxyEngine on
SSLCertificateFile /etc/httpd/sample.crt
SSLCertificateKeyFile /etc/httpd/sample.key
do I need a jks in the tomcat side? Thanks,
The usual way to do this, is to "terminate HTTPS" at the Apache level, and proxy to Tomcat
over normal HTTP, particularly if Tomcat is on the same host.
The reason is that HTTPS has a cost : every packet going to Tomcat has to be encrypted,
and decrypted at the Tomcat side; and every packet sent by Tomcat to Apache, similarly.
If the browsers use HTTPS to communicate with Apache, then that part of the link is
secure, and that is usually what you want.
If the link between Apache and Tomcat is "private" (and if it is on the same host, you can
probably consider it so), there is no real need to encrypt the traffic between them, and
have all the complication of SSL there again.
Now also : considering your Proxy directives above, it looks like you are proxying
*everything* to Tomcat, and that Apache does nothing except forwarding requests/responses
back and forth.
So the question is : do you really need Apache httpd for any reason ?
Tomcat alone can act as a webserver, HTTP or HTTPS. You could set up Tomcat to respond to
port 80 (and 443) directly, and save yourself the complication and overhead of Apache httpd.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
