Re: Secured connection between Apache Httpd and Tomcat over AJP protocol

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 





On 05/25/2016 09:16 AM, Mohanavelu Subramanian wrote:
Hi All,

Good Morning.

I have Httpd process and Tomcat instances both running on 2 different
machines. The communication between them happens through AJP protocol
(mod_jk) which doesnt support encryption. But we are using some features
of mod_jk like automatic passing of security information like SSL
certificate to tomcat which inturn is accessed in our application,
validated and verified.

Now, we have requirement to make the communication between them as Secured.
Since AJP doesnt support encryption, I came to know that we need to use
SSH, IPSec. But I could not find any proper document to configure SSH or
IPSec for AJP. Could please share if you any.

I have considered mod_proxy_http as well for supporting security which
is easy to configure as well. But as I mentioned above we are already
making use mod_jk features. Again it will require more efforts to
migrate from mod_jk to mod_proxy_http.

Any other suggestions please.

Thanks in Advance.

There is no tomcat specific documentation to configure ssh or ipsec.

IPSec is an infrastructure solution where you're basically creating a secure vpn tunnel between two ip endpoints. That seems massive overkill to encrypt AJP.

For SSH, you're simply creating a tunnel via ssh between a local port and a remote port. There's nothing tomcat specific about it other than knowing what ports to pick for each end of the tunnel. See
http://www.revsys.com/writings/quicktips/ssh-tunnel.html
(or google ssh tunnel for your own examples).

Another common tool for this purpose is stunnel which is similar in fashion to an ssh tunnel but a tool specificaly designed for creating tunneling plaintext protocols in SSL.

Andy


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx




[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux