We are hosting a Java EE Application running on JBoss. For security reasons this application that should be available on the internet is protected with a front-end Apache server. We are using AJP to enable this.
This works fine when we access the application through http. When we try to do this with https, it doesn't work, 开发者_开发百科we get a 404 error when we access the Java EE application. We have placed the SSL certificates in the Apache server.
Quote from community.jboss.org
Encryption and SSL support
AJP protocol is not encrypted, so it should not be used with public network infrastructure. In case there is a need for securing the data transfer between web and application server because the transport media could be sniffed by outside world, then some sort of SSL tunnel must be used. The other option is to use the https protocol with mod_proxy. However using https protocol makes things a little bit more complex because one must assure to write the custom Filter in application server so that client certificates get passed transparently to the application server. AJP protocol on the other hand handles this automatically, but with the consequence of passing decrypted data between web and application server. In essence for SSL, the AJP protocol behaves like caching SSL accelerator. This offers much higher performance because data is only decrypted once. Securing the network between web and application server by using a different network card and set of firewalls and routers is the most secure solution. One other option is to put the web and application server on the same physical box in which case the in-memory communication will be used thus increasing the security of the entire system.
SSL on apache is usally enabled using a separate virtual host (vhost). Have you enabled and configurered mod_jk
(mod_proxy_ajp/mod_cluster
) for that vhost?
精彩评论