SSL Frontend(F5) - Apache - AJP - Tomcat howto


M

Michal Kleczek

Does anybody know how to configure Apache/Tomcat in such a configuration:

Internet
|
|
SSL Frontend (BIG-IP)
|
|
|
Apache (with mod_jk or mod_proxy_ajp)
|
|
Tomcat (JBoss)

The requirements are that:
1. Redirects from Tomcat work (IOW Tomcat knows if it is http or https
request and external hostname )
2. ServletRequest.isSecure() returns true if there was SSL connection from
the Internet to SSL Frontend
3. ServletRequest.getRemoteAddr() returns an address of the client (a
browser)

I've search through the web but the only info I could find was about either:
Apache + Tomcat
or
BIG-IP + Apache

Preferably the solution:
1) should be done by configuring Apache (of course SSL-Frontend as well) -
not require any custom code (a Valve or a Filter) on Tomcat
2) should not require configuring multiple connectors in Tomcat (since AJP
handles all this internally a single AJP connector should be enough)

We can assume information about remote IP and protocol is sent to Apache in
request headers. Since AJP defines fields to pass this information to
backend servlet container I would like mod_jk or mod_proxy_ajp to somehow
pick it up from request headers received by httpd.
Would mod_rewrite setting apropriate environment variables in Apache be
enough? (I could not test it yet since it requires setting up a test
environment and it is going to take a while)

The above architecture is pretty fine for Weblogic (with a WL plugin to
Apache instead of mod_jk/mod_proxy_ajp).
But JBoss support could not (so far) come up with anything not intrusive to
the application (which I find weird since I thought this setup is a pretty
standard one for larger sites).

Any ideas or links?
 
Ad

Advertisements


Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top