httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Krist van Besien" <krist.vanbes...@gmail.com>
Subject Re: [users@httpd] apache pass ssl+http to tomcat
Date Tue, 01 May 2007 12:30:46 GMT
On 5/1/07, Mike Grandmaison <java97301@yahoo.com> wrote:

>  Unfortunately I can't do a port forward at the os level.  My
> environment is on a shared server.  Many domains are setup on the
> machine - all of course for port 80/443.  At the os level can I determine
> that the request was for a certain domain and forward to a different
> port based on that domain?

No you can't.

 I think the way the hosting company has it
> setup is that multiple domains are mapping to one ip - though it might be a slightly
different setup.  The requests
> then all go to the one box where apache is sitting in front and using connectors to direct
the requests to the particular instance of tomcat ( in the case of the ssl request
> it is decrypting the request and directing them).

Indeed. The reqeusts are decrspted. They _need_ to be decrypted,
otherwise there is no way to know what host they need to be handled
by.


>  My issue is that in Tomcat I want to have any http request
> redirected to https.  mod_proxy creates an infinite loop in this
> situation since apache turns the https into http and tomcat thinks it
> needs to redirect.  mod_jk handles this properly and is able to pass
> extra heuristics to tomcat but for some reason creates a massive
> performance problem.  Rather than figure out why mod_jk is creating
> this performance problem I was hoping there was someway just to have
> apache send the ssl on....  seems like I am stuck either switching to a
> dedicated machine and removing apache from the equation or figureing
> out the problem with mod_jk.

If you really want to forward the SSL stream unmodified to a tomcat
host you will indeed need at least a dedicated IP, and a port forward.

But why do you want tomcat to handle SSL? I usually try to avoid
having to configure SSL in backend servers, as apache handles SSL just
fine.

Krist


-- 
krist.vanbesien@gmail.com
Bremgarten b. Bern, Switzerland
--
A: It reverses the normal flow of conversation.
Q: What's wrong with top-posting?
A: Top-posting.
Q: What's the biggest scourge on plain text email discussions?

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message