You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by "Akoulov, Alexandre" <al...@citigroup.com> on 2006/02/13 05:01:01 UTC
Encrypting ajp13 traffic
Hi all,
I am wondering if there is a way encrypt the traffic between apache and tomcat when they talk to each other on ajp13.
All suggestions are welcome.
Kind regards,
Sasha.
-----Original Message-----
From: Ian Buzer [mailto:ian@buzer.co.uk]
Sent: Saturday, 11 February 2006 2:44 AM
To: 'Tomcat Users List'
Subject: RE: Tomcat - blank page problem
> Webpages seem to be loading then usually blank page
> comes(totaly blank no error messages) on high traffic.
I suspect this could either be your redirector cachesize is not large enough
(the number of threads that the redirector will accept from IIS) or tomcat
is not able to respond to all the threads that are being passed through to
it.
Both these will show up in the isapi redirector logs.
Cache size is set in /conf/workers.properties
Tomcat threads are set in /conf/server.xml (maxThreads etc. on the AJP
connector)
Ian
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Encrypting ajp13 traffic
Posted by Parsons Technical Services <pa...@earthlink.net>.
Sasha,
There are several ways to accomplish this, and I think it has been mentioned
on the list before but I don't remember a "best way" if it was decided there
is one.
Options include:
VPN
IPSec (part of VPN)
ssh
isolated lan segment (if feasible, IE your side of network)
There may already be something out there. If so, someone here will know.
Doug
----- Original Message -----
From: "Akoulov, Alexandre" <al...@citigroup.com>
To: "Tomcat Users List" <us...@tomcat.apache.org>
Sent: Sunday, February 12, 2006 11:01 PM
Subject: Encrypting ajp13 traffic
Hi all,
I am wondering if there is a way encrypt the traffic between apache and
tomcat when they talk to each other on ajp13.
All suggestions are welcome.
Kind regards,
Sasha.
-----Original Message-----
From: Ian Buzer [mailto:ian@buzer.co.uk]
Sent: Saturday, 11 February 2006 2:44 AM
To: 'Tomcat Users List'
Subject: RE: Tomcat - blank page problem
> Webpages seem to be loading then usually blank page
> comes(totaly blank no error messages) on high traffic.
I suspect this could either be your redirector cachesize is not large enough
(the number of threads that the redirector will accept from IIS) or tomcat
is not able to respond to all the threads that are being passed through to
it.
Both these will show up in the isapi redirector logs.
Cache size is set in /conf/workers.properties
Tomcat threads are set in /conf/server.xml (maxThreads etc. on the AJP
connector)
Ian
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Encrypting ajp13 traffic
Posted by David Smith <dn...@cornell.edu>.
While I can't speak for the O.P., I have had need for this myself once
upon a time.
Consider a setup where the content has to be secured via SSL and
communication to/from the tomcat is over untrusted infrastructure SSL
can't be proxied, so there is a need for the AJP/13 communication to be
encrypted. My solution at the time was to setup a SSH tunnel between
the two systems.
It would be nice to have some form of encryption optionally available.
Food for thought.
-- David
Mark Thomas wrote:
> Akoulov, Alexandre wrote:
>
>> I am wondering if there is a way encrypt the traffic between apache and tomcat when they talk to each other on ajp13.
>>
> Why do you want to do this? What requirement are you trying to meet /
> security threat are you trying to mitigate?
>
> Mark
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>
--
David Smith
Network Operations Supervisor
Department of Entomology
Cornell University
2132 Comstock Hall
Ithaca, NY 14853
Phone: (607) 255-9571
Fax: (607) 255-0940
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Encrypting ajp13 traffic
Posted by Mark Thomas <ma...@apache.org>.
Akoulov, Alexandre wrote:
> I am wondering if there is a way encrypt the traffic between apache and tomcat when they talk to each other on ajp13.
Why do you want to do this? What requirement are you trying to meet /
security threat are you trying to mitigate?
Mark
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org