"QM" <qm300@(protected)
news:20031231002551.GC16844@(protected)...
> : Here's the scenario. Apache server sits outside our firewall/LAN. It
needs to take secure requests from users, forward them onto Tomcat (Which
sits behind the firewall) via the JK connector. Is there some configuration
option in Tomcat and/or the workers2.properties config file that will handle
this? Most of the documentation I've read seems to describe setups where
Apache is not calling a remote Tomcat server. Only other option would be to
use kernel encryption at the OS level. Thanks in advance.
>
> This depends on your goal: do you want to
>
> 1/ make sure the traffic between the webserver / tomcat is encrypted to
>   discourage snooping
>
Some people have reported success using ssh-tunnelling. Never tried it
myself (since I can be reasonably confident that any men-in-the-middle of
the Apache-Tomcat connection are supposed to be there :). There is nothing
(currently) in mod_jk(2) to send the socket traffic encrypted.

> 2/ let Tomcat see some of the SSL-related req info to satisfy security
>   constraints in web.xml, e.g. the one to require SSL comms (I forget
>   the tag name at the moment)
>
> For #1, I'm not much help.
>
> For #2, this doc:
>
> http://jakarta.apache.org/tomcat/tomcat-4.1-doc/jk2/jk/workershowto.html
>
> may help. If you scroll to the "Ajp13 Worker properties" header,
> mentions that this protocol passes the info to Tomcat.
>
> -QM
>
> --
>
> software -- http://www.brandxdev.net (C++ / Java / SSL)
> tech news -- http://www.RoarNetworX.com




---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@(protected)
For additional commands, e-mail: tomcat-user-help@(protected)