Secured connection between Apache Httpd and Tomcat over AJP protocol

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Secured connection between Apache Httpd and Tomcat over AJP protocol

Mohanavelu Subramanian
Hi All,

Good Morning.

I have Httpd process and Tomcat instances both running on 2 different machines. The communication between them happens through AJP protocol (mod_jk) which doesnt support encryption. But we are using some features of mod_jk like automatic passing of security information like SSL certificate to tomcat which inturn is accessed in our application, validated and verified.

Now, we have requirement to make the communication between them as Secured.
Since AJP doesnt support encryption, I came to know that we need to use SSH, IPSec. But I could not find any proper document to configure SSH or IPSec for AJP. Could please share if you any.

I have considered mod_proxy_http as well for supporting security which is easy to configure as well. But as I mentioned above we are already making use mod_jk features. Again it will require more efforts to migrate from mod_jk to mod_proxy_http.

Any other suggestions please.

Thanks in Advance.

Best Regards,
Mohan
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Secured connection between Apache Httpd and Tomcat over AJP protocol

Andy Wang-2


On 05/25/2016 09:16 AM, Mohanavelu Subramanian wrote:

> Hi All,
>
> Good Morning.
>
> I have Httpd process and Tomcat instances both running on 2 different
> machines. The communication between them happens through AJP protocol
> (mod_jk) which doesnt support encryption. But we are using some features
> of mod_jk like automatic passing of security information like SSL
> certificate to tomcat which inturn is accessed in our application,
> validated and verified.
>
> Now, we have requirement to make the communication between them as Secured.
> Since AJP doesnt support encryption, I came to know that we need to use
> SSH, IPSec. But I could not find any proper document to configure SSH or
> IPSec for AJP. Could please share if you any.
>
> I have considered mod_proxy_http as well for supporting security which
> is easy to configure as well. But as I mentioned above we are already
> making use mod_jk features. Again it will require more efforts to
> migrate from mod_jk to mod_proxy_http.
>
> Any other suggestions please.
>
> Thanks in Advance.

There is no tomcat specific documentation to configure ssh or ipsec.

IPSec is an infrastructure solution where you're basically creating a
secure vpn tunnel between two ip endpoints.  That seems massive overkill
to encrypt AJP.

For SSH, you're simply creating a tunnel via ssh between a local port
and a remote port.  There's nothing tomcat specific about it other than
knowing what ports to pick for each end of the tunnel.  See
http://www.revsys.com/writings/quicktips/ssh-tunnel.html
(or google ssh tunnel for your own examples).

Another common tool for this purpose is stunnel which is similar in
fashion to an ssh tunnel but a tool specificaly designed for creating
tunneling plaintext protocols in SSL.

Andy


---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Secured connection between Apache Httpd and Tomcat over AJP protocol

Christopher Schultz-2
In reply to this post by Mohanavelu Subramanian
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Mohanavelu,

On 5/25/16 10:16 AM, Mohanavelu Subramanian wrote:

> Hi All,
>
> Good Morning.
>
> I have Httpd process and Tomcat instances both running on 2
> different machines. The communication between them happens through
> AJP protocol (mod_jk) which doesnt support encryption. But we are
> using some features of mod_jk like automatic passing of security
> information like SSL certificate to tomcat which inturn is accessed
> in our application, validated and verified.
>
> Now, we have requirement to make the communication between them as
> Secured. Since AJP doesnt support encryption, I came to know that
> we need to use SSH, IPSec. But I could not find any proper document
> to configure SSH or IPSec for AJP. Could please share if you any.
>
> I have considered mod_proxy_http as well for supporting security
> which is easy to configure as well. But as I mentioned above we are
> already making use mod_jk features. Again it will require more
> efforts to migrate from mod_jk to mod_proxy_http.

https://wiki.apache.org/tomcat/AJP%20with%20stunnel

- -chris
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iEYEARECAAYFAldFywUACgkQ9CaO5/Lv0PD+HgCfRLwHwEDFFPXcWUhHNUQw/E6o
BH0An2M8pvWl/RNK+K3dNOJRQSDoTgtC
=INoF
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Secured connection between Apache Httpd and Tomcat over AJP protocol

Moblay_74
This post has NOT been accepted by the mailing list yet.
In reply to this post by Mohanavelu Subramanian
Pleased to know about this information on connection between apache and tomcat. I was in search of best vpn 2017 provider and got to know about few service providers which are providing fast speed and discounts on yearly plans. Looking forward to sign up with best one.
Loading...