You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by pascal <p2...@gmail.com> on 2015/05/04 16:56:51 UTC
Re: Does the securePort for Cluster/Channel/Receiver work yet?
Hi List
This was all done with tomcat-7.0.27 (sorry for being behind)
>
I just tried with 8.0.21 with the same result.
I would even appreciate a "don't bother trying" response from someone with
better insight into the code.
I'm also not complaining about a missing feature, the only bug may be in
the documentation :-)
Cheers Pascal
Re: Does the securePort for Cluster/Channel/Receiver work yet?
Posted by pascal <p2...@gmail.com>.
Hi Chris
2015-05-04 22:13 GMT+02:00 Christopher Schultz <chris@christopherschultz.net
>:
> Pascal,
>
> On 5/4/15 10:56 AM, pascal wrote:
> > This was all done with tomcat-7.0.27 (sorry for being behind)
> >>
> >
> > I just tried with 8.0.21 with the same result. I would even
> > appreciate a "don't bother trying" response from someone with
> > better insight into the code. I'm also not complaining about a
> > missing feature, the only bug may be in the documentation :-)
>
> If possible, please repeat your tests with 7.0.latest. Tons of fixes
> have been made to the clustering components within Tomcat.
>
Just tried with 7.0.61 with the same result.
I expect to have a tomcat listening on the port I specify with securePort=
as described here
https://tomcat.apache.org/tomcat-7.0-doc/config/cluster-receiver.html#Common_Attributes
I added this sole option to my working server.xml, restart tomcat and check
with netstat
Would you agree that I at least try it the right way?
That being said, I don't believe there are any supported options for
> secure communications for clustering.
>
Usually there are more SSL related settings like "use key x", "trust CA
y", etc.
So probably this is really not implemented.
If you are using static membership, you could use stunnel or OpenVPN
> or something similar to encrypt your traffic. I'm not sure if OpenVPN
> can tunnel multicast,
Yes, that was my plan B as well. I'd say static membership and stunnel
or OpenVPN and multicast should work.
Cheers Pascal
Re: Does the securePort for Cluster/Channel/Receiver work yet?
Posted by Christopher Schultz <ch...@christopherschultz.net>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Pascal,
On 5/4/15 10:56 AM, pascal wrote:
> This was all done with tomcat-7.0.27 (sorry for being behind)
>>
>
> I just tried with 8.0.21 with the same result. I would even
> appreciate a "don't bother trying" response from someone with
> better insight into the code. I'm also not complaining about a
> missing feature, the only bug may be in the documentation :-)
If possible, please repeat your tests with 7.0.latest. Tons of fixes
have been made to the clustering components within Tomcat.
That being said, I don't believe there are any supported options for
secure communications for clustering.
If you are using static membership, you could use stunnel or OpenVPN
or something similar to encrypt your traffic. I'm not sure if OpenVPN
can tunnel multicast, but if you have a network interface (and
therefore IP address) that is exclusively for accessing OpenVPN, then
you should be able to encrypt the traffic regardless of the type (TCP,
UDP, ICMP, unicast, multicast, etc.).
(I could be wrong about everything, here. I've never set up clustering
with Tomcat and am by no means an expert.)
Thanks,
- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
Comment: GPGTools - http://gpgtools.org
iQIcBAEBCAAGBQJVR9LcAAoJEBzwKT+lPKRY61QP/2DaZA3lEUaSWtJV69q4T+mC
tt0fO7UYUpNL5yJDugJGQ9hq7d+a/v5xsrc1A0zOtKrF9oalE/5vtjKbIGp/1hdg
Q0PVqvWOBLlQKJ2G0iXxoLYVm5MhIMdxl2/CmXEfNz5sGph4UQFFmNlGRX41dzEE
rPJpMuJi+ehCExbBu/huLk8EtAbBqz2FFzvmLnukCx6WmBEw+Fnw7oXP9ngcgS1M
8nScWrn1IawbtHE2FLU+2KzPoSaZW1rrOQTJ5oY9tgc0hEDxM69+qvVuIVRvXrU2
gLA2R8DMa40tJi4ue9RlChNj+7J8lxw+LfC488DM6AUqrGy0TbhWz6tOv/9rqUNB
qnrCoxLmoZfdDxZ18FIoRllBrgbARzqN6gmzkZ74+VkXr/7jWMjkgs0R7rAeFCY3
f/zAPkWZSDmD6hJpYSgncv3qF09O//XSNZKu5EW/6pPjeQ86SZLMjpz4A1cqoG/h
nz/Iziv3y87qRAWz84vncJErRs/mk2LyLZCsbuoRkH4EJFUtvDqa4XKnp2cJuDpB
xyqwMNj3lKb814566B8At9usijlWBZrk1KhQkOKSLjq98kF1E0Ff3o9wXAO9no9v
yYt20R3pzUdHIFsgrom0ROXJ1S36bv/Fdxpkg5LsEyYz+Ev98yWunRZQMRvlzDXi
b89xEZpJyGnFcg2C8XEf
=Ezsh
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org