Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]

Groups > comp.lang.java.programmer > #2650

SSL Frontend(F5) - Apache - AJP - Tomcat howto

From Michal Kleczek <kleku75@gmail.com>
Newsgroups alt.apache.configuration, comp.lang.java.programmer
Subject SSL Frontend(F5) - Apache - AJP - Tomcat howto
Date 2011-03-31 14:51 +0200
Organization http://onet.pl
Message-ID <in1tc7$ttt$1@news.onet.pl> (permalink)

Cross-posted to 2 groups.

Show all headers | View raw

Does anybody know how to configure Apache/Tomcat in such a configuration:

  Internet
     |
     |
SSL Frontend (BIG-IP)
     |
     |
     |
Apache (with mod_jk or mod_proxy_ajp)
     |
     |
 Tomcat (JBoss)

The requirements are that:
1. Redirects from Tomcat work (IOW Tomcat knows if it is http or https 
request and external hostname )
2. ServletRequest.isSecure() returns true if there was SSL connection from 
the Internet to SSL Frontend
3. ServletRequest.getRemoteAddr() returns an address of the client (a 
browser)

I've search through the web but the only info I could find was about either:
Apache + Tomcat
or
BIG-IP + Apache

Preferably the solution:
1) should be done by configuring Apache (of course SSL-Frontend as well) - 
not require any custom code (a Valve or a Filter) on Tomcat
2) should not require configuring multiple connectors in Tomcat (since AJP 
handles all this internally a single AJP connector should be enough)

We can assume information about remote IP and protocol is sent to Apache in 
request headers. Since AJP defines fields to pass this information to 
backend servlet container I would like mod_jk or mod_proxy_ajp to somehow 
pick it up from request headers received by httpd.
Would mod_rewrite setting apropriate environment variables in Apache be 
enough? (I could not test it yet since it requires setting up a test 
environment and it is going to take a while)

The above architecture is pretty fine for Weblogic (with a WL plugin to 
Apache instead of mod_jk/mod_proxy_ajp).
But JBoss support could not (so far) come up with anything not intrusive to 
the application (which I find weird since I thought this setup is a pretty 
standard one for larger sites).

Any ideas or links?

-- 
Michal

Back to comp.lang.java.programmer | Previous | Next | Find similar

Thread

SSL Frontend(F5) - Apache - AJP - Tomcat howto Michal Kleczek <kleku75@gmail.com> - 2011-03-31 14:51 +0200

csiph-web