I am configuring load balancing using httpd which will connect to jboss using AJP (mod_jk connector).
My Jboss is running using SSL and httpd is not with SSL.
How can I establish communication from http httpd to https jboss?
Any help appreciated.
I have enable https in httpd so that it can route to the https of jboss properly. And it has started working as expected.
Instead of using mod_jk, have you considered using mod_cluster? It fits well with JBoss and serves sticky session and session replication as well.
Related
I am currently using Mod_jk to have a connectivity between Apache and Tomcat through non-secure AJP protocol. Is there any way I can implement secure connection? Can I achieve this using mod_proxy_http and proxy over https? As far as I know using mod_proxy_http is also not a secure one.
Can anyone Guide me here? I am using Tomcat 9 and Apache 2.4 versions.
Thanks,
Anshu
You can configure a secure connection between Apache and tomcat using Mod_proxy. Refer link1 and link2 for more information.
Im trying to enable HTTPS on more than one port in JBoss Fuse 6.3
How can i achieve this.
I have follow the below tutorial to enable HTTPS on 8443.
https://fusemiddleware.wordpress.com/2015/04/12/generate-self-signed-certificate-using-java-keytool/
Need to enable the HTTPS on 8443 and 9192 port on JBoss Fuse 6.3
Is there any other way to achieve this. I need to enable https on 8443 and also on 9192 port.
Im using Apache Camel, Apache CXF and JBoss Fuse 6.3
I would say that's not possible to use OSGi managed(OSGi http service) ssl port, only one(by default 8443) is possible here. However if it's CXF endpoint you can use httpj:engine-factory[1] to configure an embedded jetty server with any SSL port you wanna use, though this is not recommended way in OSGi container, in OSGi you should always use OSGi http service IMO.
[1]http://cxf.apache.org/docs/jetty-configuration.html
I have server setup like Apache2 + mod_jk + two instances of Tomcat (7.0.33). Now I am using atmosphere with tomcat. Atmosphere with long-polling is working just fine. But now I want to use web sockets as transport protocol in atmosphere. But it seems Apache is unable to forward request to Tomcat and it gives me error
Can't establish a connection to the server at ws://localhost/Myapp/update/?X-Atmosphere-tracking-id=0&X-Atmosphere-Framework=1.1&X-Atmosphere-Transport=websocket&X-Cache-Date=0&Content-Type=application/json.
Since Apache 2.4.6, Apache httpd forwards/proxies websockets
Mod_Jk implies in the translation of the request from the HTTP into AJP/13 protocol which implies that the web server should have some ability to handle/process the request.
You may be better served by using mod_proxy instead to establish the apache-tomcat communication.
Apache doesn't support WebSocket, so you need to use Ningx or HAProxy.
I think you can do it using a module called mod_proxy_wstunnel
https://httpd.apache.org/docs/2.4/mod/mod_proxy_wstunnel.html
I don't think this existed when the question was originally asked. In version 2.4.5 Apache added support for this mod.
We want to front-end our Tomcat instance with an Apache instance (running on the same machine) that will be serving everything on HTTPS and connect Apache to Tomcat using AJP. When using AJP, do we need to do anything to make sure that the connection between Apache and Tomcat is secure? (We dont want passwords to be sniffable on the network between Apache and Tomcat). The O/S is Red Hat Enterprise Linux 6.3
You are saying
Tomcat instance with an Apache instance (running on the same machine)
and later you are saying
We dont want passwords to be sniffable on the network between Apache and Tomcat
This just contradicts each other.
EDIT: AJP is not designed to be secure, if you need security, use mod_proxy_http and proxy over https, or create SSH tunnel. Needless to say, you will have to pay for this overhead.
When using AJP you cannot do anything to ensure it is secure. It isn't. There is no SSL version. You would have to use HTTPS. AJP is designed for the usual case where HTTPD and Tomcat are in the same private LAN and security isn't an issue.
I have my Apache http server running on localhost:80 and restlet server on localhost:8182, but I want to configure above combination just like Apache http server and Apache tomcat servlet container can be configured with mod_jk library.
Is it possible?
Do I have to modify code of mod_jk for this purpose.
Please advice!!!
Thanks in advance!!
Ashish
There are two options:
Setting your Restlet server connector with Protocol.AJP (for use with mod_jk or mod_proxy_ajp), which works with the Jetty connector.
Using mod_proxy as a reverse proxy to your Restlet connector (with Protocol.HTTP).
Unable to do this as of now, Using Apache Tomcat only as servlet container.