Tomcat For SSL

[Scott Purcell <sp...@vertisinc.com>]

Hello,

I have a webapp that is running on Tomcat 5.5. I have always developed just using Tomcat. Now I want to take a site, and host it. The site will also run certificates for SSL. Should I wrap my site around Apache now. Meaning should I install apache and put tomcat inside? Or however this is done. Or can tomcat handle SSL certificates (from Verisign?) as it is. I hear of security issues, etc.

Any information would be appreciated.

Thanks,
Scott

---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org

Re: Tomcat For SSL

[Mark Thomas <ma...@apache.org>]

Scott Purcell wrote:
> Should I wrap my site around Apache now. Meaning should I install apache and put tomcat inside? 
There is no standard answer to this question. It depends what you are
trying to achieve. Apache adds both functionality and configuration
complexity. You have to weigh the costs of one against the benefits of
the other. If you don't know, stick with Tomcat standalone - you can
always change your mind later.

> Or can tomcat handle SSL certificates (from Verisign?) as it is.
Yes.

> I hear of security issues, etc.
Like what? It is difficult to answer your concerns when you are this vauge.


---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org

RE: Tomcat For SSL

[Steve Kirk <to...@web-startup.co.uk>]

Get ready for differing opinions on this, it's been asked loads of times
before, try searching the archives for more info.  My very quick summary
would be that you do not need apache httpd to do SSL, and it can be very
fast and stable without apache, as well as simpler to config if you don't
already know apache, but there are good reasons to introduce apache.

depending on the exact requirements of your site, there are some useful
feature benefits from using apache+tomcat, and when the site gets heavily
loaded, apache+tc performs better than tc alone, if you let apache handle
the static page requests.  A friend of mine advises me that he uses
apache+tc for these reasons: 

- server side includes which is easier for most people to use to do minor
dynamic content in otherwise static pages

- mod_rewrite can help with redirection between http <-> https if you have
pages that can only be accessed through one or other protocol

- can config reverse proxy content off another server

I do not run apache with my TC because I do not require any of these
features; however I am not against using it for the right app.

> -----Original Message-----
> From: Scott Purcell [mailto:spurcell@vertisinc.com] 
> Sent: Monday 23 May 2005 14:39
> To: tomcat-user@jakarta.apache.org
> Subject: Tomcat For SSL
> 
> 
> Hello,
> 
> I have a webapp that is running on Tomcat 5.5. I have always 
> developed just using Tomcat. Now I want to take a site, and 
> host it. The site will also run certificates for SSL. Should 
> I wrap my site around Apache now. Meaning should I install 
> apache and put tomcat inside? Or however this is done. Or can 
> tomcat handle SSL certificates (from Verisign?) as it is. I 
> hear of security issues, etc.
> 
> Any information would be appreciated.
> 
> Thanks,
> Scott
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
> 
> 



---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org