What is the typical setup in the enterprise apps? Do they just SSL terminate at the reverse proxy OR do they setup SSL at both apache and tomcat? In the former case, obviously the link is insecure between apache and tomcat.
seeking pretty basic clarification.. On Mon, May 28, 2012 at 12:30 AM, Aristedes Maniatis <amania...@apache.org>wrote: > What problem are you trying to solve by doing this? It seems to serve > little purpose. Decrypt the traffic from the browser using Apache httpd, > then re-encrypt the data and pass it onto tomcat. Why? I am sure it will > work fine, but your performance will depend on the traffic you have. No one > can answer that question for you. > > Ari > > > > On 28/05/12 3:35pm, al so wrote: > >> It would be nice if I can hear from someone who has done such familiar >> setup. Have you seen any performance issues in setting up SSL both at >> Tomcat and Apache? Do you use same keys/certs at both Tomcat and Apache? >> >> On Sun, May 27, 2012 at 11:43 AM, al so <volks...@gmail.com> wrote: >> >> I've used standalone Tomcat to serve as web server+SSL+web container in >>> the past. >>> >>> Now, I am trying to front Tomcat with apache reverse proxy+SSL. >>> 1. Is it not redundant to configure the SSL in the Tomcat as well when >>> the >>> fronting reverse proxy is already configured to handle SSL. >>> I see lot of posts on the internet which configure SSL at both Tomcat >>> and Reverse proxy. Am I missing something? >>> >>> >>> >>> >>
