Pid * wrote:
Thank you pid,
I looked in Catalina.out and found out 443 port is already in use error
and I had listen 443 in apache, so removed it and now tomcat
comes up and all is good.
I am not sure if it is better to serve ssl and https through Tomcat or Apache
So your plan is to serve normal traffic via HTTPD, mod_jk but send the
SSL traffic straight to Tomcat?
That would be, erm, unusual.
Yes, there is something in that whole explanation which didn't sound quite
right.
To the Original Poster, if this wasn't clear yet :
The AJP protocol does not support SSL connections.
In other words, if your connection schema is :
browser <-(1)-> Apache + mod_jk <-(2)-> AJP Connector on port 8009 + Tomcat
(or mod_proxy_ajp)
then (2) cannot be a HTTPS connection.
The normal thing is to have (1) be a HTTPS connection, which ends at the Apache
level.
Then mod_jk (or mod_proxy_ajp) forwards the requests to Tomcat via (2), but that is an AJP
protocol connection, which is not encrypted.
It can forward the original SSL headers, so that Tomcat can have a look at them, but
that's it.
Most likely, when you are establishing an HTTPS connection between the browser and Tomcat,
it goes "around" Apache httpd, directly to Tomcat, like this :
browser <--(1)-------------------------> HTTPS Connector + Tomcat
Apache + mod_jk (totally unaware of what's going on now)
Maybe you are just unaware of this because both Apache httpd and Tomcat are running on the
same host, so have the same hostname and IP address, which just the port being different.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
