stackoom
  简体   繁体   中英

Is it save to use a Tomcat Server behind a reverse proxy without SSL

 原文  2023-01-03 16:15:13       apache/ ssl/ tomcat

Question

I have a webapp running on http://my-domain:8080/myapp without ssl. The webapp is public so everyone can access this site. I want to use SSL.

Of course I can configure tomcat to use a ssl certificate. Since this seems to be a mess with auto-renewal and restart the server, I searched for a different idea.

I would like to use my already existing Apache and configure a reverse proxy to redirect all request from http://myapp.my-domain:80/ to http://myapp.my-domain:443/ and from this to tomcat http://localhost:8080/myapp . Then I configure tomcat to only accept connections on localhost.

Is this a save way to do this?

1 answers

solution1
 0  2023-01-11 14:49:18

The setup you described is exactly what we have been running for 15+ years now without problems. So, my answer to your question is 'Yes'. That said, I'm not a IT security expert. My opinion is solely based on the experience from our setup.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question php behind nodejs proxy server without ssl JIRA Server with SSL Behind Apache Reverse Proxy Not Working How to get the clients host name behind apache2 reverse proxy and tomcat server? Tomcat 8 invalidates sessions behind apache server + SSL BIRT behind a proxy on a Tomcat Server: Sessoin expired Tomcat App Reverse Proxy with Apache http server Tomcat ignores X-Forwarded-Proto behind an Apache reverse proxy Spring pageContext.request.contextPath with Tomcat behind Apache as reverse proxy Web application behind reverse proxy - how do I handle SSL? Tomcat6 behind Apache2.2 proxy with SSL
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM