Re: apache pass ssl+http to tomcat

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 5/1/07, Mike Grandmaison <java97301@xxxxxxxxx> wrote:


 Unfortunately I can't do a port forward at the os level.  My
environment is on a shared server.  Many domains are setup on the
machine - all of course for port 80/443.  At the os level can I determine
that the request was for a certain domain and forward to a different
port based on that domain?


No you can't.

I think the way the hosting company has it

setup is that multiple domains are mapping to one ip - though it might be a slightly different setup.  The requests
then all go to the one box where apache is sitting in front and using connectors to direct the requests to the particular instance of tomcat ( in the case of the ssl request
it is decrypting the request and directing them).


Indeed. The reqeusts are decrspted. They _need_ to be decrypted,
otherwise there is no way to know what host they need to be handled
by.



 My issue is that in Tomcat I want to have any http request
redirected to https.  mod_proxy creates an infinite loop in this
situation since apache turns the https into http and tomcat thinks it
needs to redirect.  mod_jk handles this properly and is able to pass
extra heuristics to tomcat but for some reason creates a massive
performance problem.  Rather than figure out why mod_jk is creating
this performance problem I was hoping there was someway just to have
apache send the ssl on....  seems like I am stuck either switching to a
dedicated machine and removing apache from the equation or figureing
out the problem with mod_jk.


If you really want to forward the SSL stream unmodified to a tomcat
host you will indeed need at least a dedicated IP, and a port forward.

But why do you want tomcat to handle SSL? I usually try to avoid
having to configure SSL in backend servers, as apache handles SSL just
fine.

Krist


--
krist.vanbesien@xxxxxxxxx
Bremgarten b. Bern, Switzerland
--
A: It reverses the normal flow of conversation.
Q: What's wrong with top-posting?
A: Top-posting.
Q: What's the biggest scourge on plain text email discussions?

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
  "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux