Keep Server Online
If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.
or
A donation makes a contribution towards the costs, the time and effort that's going in this site and building.
Thank You! Steffen
Your donations will help to keep this site alive and well, and continuing building binaries. Apache Lounge is not sponsored.
| |
|
 Topic: Question regrading SSL forwarding |
|
| Author |
|
hec.ccwork
Joined: 16 Dec 2019
Posts: 1
Location: San Diego, CA
|
 Posted: Mon 16 Dec '19 23:43 Post subject: Question regrading SSL forwarding |
 |
|
I am a DevOps brand new to Apache/Tomcat. I am taking on a task to refresh company's 15 year old website in a Docker setup. It is all fine until I get to the SSL part.
the setup:
--One Tomcat that host the front-end web application, it's all just web pages, sending request to back-end load-balancer, no SSL, no keystore loaded.
--One Apache Load-balancer handles request from front-end, pass through ajp to back-end workers. SSL cert and keys are loaded here. Logic is load-balancer will handles security check and simply pass the request onto workers, workers don't need to load SSL anymore.
--Four instance of workers actually takes request from load-balancer. no SSL, no keystore loaded.
My problem is, the old website wasn't setup correctly in terms of certificate (self-signed). We are trying to do it right (got godaddy cert) but I have no idea how it should be done. So I don't even know whether my current SSL setup is correct or not. Does front-end Tomcat needs to load a keystore file in Connector? Does each back-end workers need to load keystore file in Connector?
I am so new I am not even sure my questions make senses or not please be a little patient with me.
Thanks, please help. |
|
| Back to top |
|
James Blond
Moderator
Joined: 19 Jan 2006
Posts: 7371
Location: Germany, Next to Hamburg
|
| Posted: Tue 17 Dec '19 16:18 Post subject: |
|
|
Hi,
an example config
| Code: |
<VirtualHost *:443>
ServerName example.com
DocumentRoot "/web/htdocs"
<Directory "/web/htdocs">
Options Indexes FollowSymLinks
AllowOverride All
Require all granted
</Directory>
<Proxy "balancer://cluster">
BalancerMember "ajp://app1.example.com:8009" loadfactor=1
BalancerMember "ajp://app2.example.com:8009" loadfactor=2
ProxySet lbmethod=bytraffic
</Proxy>
ProxyPass "/app" "balancer://cluster/app"
SSLEngine on
SSLCertificateFile conf/certs/example.com/fullchain.pem
SSLCertificateKeyFile conf/certs/example.com/privkey.pem
<Files ~"\.(cgi|shtml|phtml|php|htm|html?)$>
SSLOptions +StdEnvVars
</Files>
</VirtualHost>
|
See also https://httpd.apache.org/docs/2.4/mod/mod_proxy_ajp.html
if you still have a question, please ask again. |
|
| Back to top |
|
|
|
|
|
|
