On 05/25/2016 09:16 AM, Mohanavelu Subramanian wrote:
Hi All, Good Morning. I have Httpd process and Tomcat instances both running on 2 different machines. The communication between them happens through AJP protocol (mod_jk) which doesnt support encryption. But we are using some features of mod_jk like automatic passing of security information like SSL certificate to tomcat which inturn is accessed in our application, validated and verified. Now, we have requirement to make the communication between them as Secured. Since AJP doesnt support encryption, I came to know that we need to use SSH, IPSec. But I could not find any proper document to configure SSH or IPSec for AJP. Could please share if you any. I have considered mod_proxy_http as well for supporting security which is easy to configure as well. But as I mentioned above we are already making use mod_jk features. Again it will require more efforts to migrate from mod_jk to mod_proxy_http. Any other suggestions please. Thanks in Advance.
There is no tomcat specific documentation to configure ssh or ipsec.IPSec is an infrastructure solution where you're basically creating a secure vpn tunnel between two ip endpoints. That seems massive overkill to encrypt AJP.
For SSH, you're simply creating a tunnel via ssh between a local port and a remote port. There's nothing tomcat specific about it other than knowing what ports to pick for each end of the tunnel. See
http://www.revsys.com/writings/quicktips/ssh-tunnel.html (or google ssh tunnel for your own examples).Another common tool for this purpose is stunnel which is similar in fashion to an ssh tunnel but a tool specificaly designed for creating tunneling plaintext protocols in SSL.
Andy --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx