Re: [thredds] TDS and HTTPS

AJP protocol is configured ProxyPass using the mod_proxy_ajp
|ProxyPass /app ajp://backend.example.com:8009/app|

may be you mean using a directly the http protocol for proxying the backend
|ProxyPass /app http://backend.example.com:8080/app|

ajp, is more convenient because simplify the things and make transparent the proxying process to tomcat connector, i.e. the info about the SSL connection between the frontend and client.

Here there is some doc:
https://tomcat.apache.org/connectors-doc/common_howto/proxy.html

http protocol, can be also repleace ajp, but you need to make some "plumbing" with HTTP headers and tomcat connectors

Antonio

El 18/12/2015 a las 19:39, Guan Wang escribió:

Hi John,

Is AJP having any advantage particularly over ProxyPass?

Thanks,

Guan

*From:*thredds-bounces@xxxxxxxxxxxxxxxx [mailto:thredds-bounces@xxxxxxxxxxxxxxxx] *On Behalf Of *John Caron
*Sent:* Friday, December 18, 2015 12:56 PM
*To:* James Gallagher
*Cc:* THREDDS THREDDS
*Subject:* Re: [thredds] TDS and HTTPS

I agree, an Apache front end is a simple and standard thing to do.

AFAIU, the user still is using SSL encryption, its just that Apache is doing that instead of Tomcat. So it would be good for any of us to make some measurements comparing large binary data transfers.

On Fri, Dec 18, 2015 at 10:42 AM, James Gallagher <jgallagher@xxxxxxxxxxx <mailto:jgallagher@xxxxxxxxxxx>> wrote:

    On Dec 18, 2015, at 9:06 AM, Steve Ansari - NOAA Federal
    <steve.ansari@xxxxxxxx <mailto:steve.ansari@xxxxxxxx>> wrote:

    Sure - I'll follow up offline.

    Steve

    On Fri, Dec 18, 2015 at 11:04 AM, Roy Mendelssohn - NOAA Federal
    <roy.mendelssohn@xxxxxxxx <mailto:roy.mendelssohn@xxxxxxxx>> wrote:

    Hi Steve

    I was hoping that would work.  That any proxying, whether AJP or
    other, would be hidden.  I have had problems in the past getting
    AJP proxying to work, if I need to do that.  Can  you send me
    (offline) the part of you httpd.conf where you proxy over to
    tomcat using AJP?

We have had good success using Apache & AJP. Apache as a front end provides a number of options, particularly WRT authentication and this might provide for a compromise should HTTPS be too much of a bottle neck. I have not tested the impact of HTTPS compared to HTTP (it would be easy enough to do using simple file transfers).

James




    Thanks,

    -Roy


    > On Dec 18, 2015, at 7:59 AM, Steve Ansari - NOAA Federal
    <steve.ansari@xxxxxxxx <mailto:steve.ansari@xxxxxxxx>> wrote:
    >
    > Hey Roy,
    >
    > We are using Apache to handle all the HTTPS stuff.  Apache then
    forwards requests to Tomcat and TDS using AJP.
    > https://tomcat.apache.org/tomcat-7.0-doc/config/ajp.html
    >
    > Our TDS:
    > https://www.ncdc.noaa.gov/thredds/catalog.html
    >
    >
    > Steve
    >
    >
    > On Fri, Dec 18, 2015 at 10:29 AM, Roy Mendelssohn - NOAA Federal
    <roy.mendelssohn@xxxxxxxx <mailto:roy.mendelssohn@xxxxxxxx>> wrote:
    > Hi All:
    >
    > As I hope you know, the Federal government is required to
    migrate to https for all services in the next1.5 years.  My
    question is can the TDS work with https? If so, can you point me
    to any documents or what changes, if any, need to be made to use
    https. If not, are there plans to incorporate this ability into TDS?
    >
    > Thanks,
    >
    > -Roy
    >
    >
    >
    > **********************
    > "The contents of this message do not reflect any position of the
    U.S. Government or NOAA."
    > **********************
    > Roy Mendelssohn
    > Supervisory Operations Research Analyst
    > NOAA/NMFS
    > Environmental Research Division
    > Southwest Fisheries Science Center
    > ***Note new address and phone***
    > 110 Shaffer Road
    > Santa Cruz, CA 95060
    > Phone: (831)-420-3666 <tel:%28831%29-420-3666>
    > Fax: (831) 420-3980 <tel:%28831%29%20420-3980>
    > e-mail: Roy.Mendelssohn@xxxxxxxx
    <mailto:Roy.Mendelssohn@xxxxxxxx> www: http://www.pfeg.noaa.gov/
    >
    > "Old age and treachery will overcome youth and skill."
    > "From those who have been given much, much will be expected"
    > "the arc of the moral universe is long, but it bends toward
    justice" -MLK Jr.
    >
    > _______________________________________________
    > thredds mailing list
    > thredds@xxxxxxxxxxxxxxxx <mailto:thredds@xxxxxxxxxxxxxxxx>
    > For list information or to unsubscribe,  visit:
    http://www.unidata.ucar.edu/mailing_lists/
    >
    >
    >
    > --
    > Steve Ansari
    > Physical Scientist
    > NOAA National Centers for Environmental Information (NCEI)
    > (828) 271-4611 <tel:%28828%29%20271-4611>
    >
    > The newly formed NCEI merges the National Oceanographic Data
    Center (NODC), the National Climatic Data Center (NCDC), and the
    National Geophysical Data Center (NGDC).

    **********************
    "The contents of this message do not reflect any position of the
    U.S. Government or NOAA."
    **********************
    Roy Mendelssohn
    Supervisory Operations Research Analyst
    NOAA/NMFS
    Environmental Research Division
    Southwest Fisheries Science Center
    ***Note new address and phone***
    110 Shaffer Road
    Santa Cruz, CA 95060
    Phone: (831)-420-3666 <tel:%28831%29-420-3666>
    Fax: (831) 420-3980 <tel:%28831%29%20420-3980>
    e-mail: Roy.Mendelssohn@xxxxxxxx <mailto:Roy.Mendelssohn@xxxxxxxx>
    www: http://www.pfeg.noaa.gov/

    "Old age and treachery will overcome youth and skill."
    "From those who have been given much, much will be expected"
    "the arc of the moral universe is long, but it bends toward
    justice" -MLK Jr.



--

/Steve Ansari/

/Physical Scientist/

/NOAA National Centers for Environmental Information (NCEI)/

/(828) 271-4611 <tel:%28828%29%20271-4611>/

/The newly formed NCEI merges the National Oceanographic Data Center (NODC), the National Climatic Data Center (NCDC), and the National Geophysical Data Center (NGDC)./

_______________________________________________
thredds mailing list
thredds@xxxxxxxxxxxxxxxx <mailto:thredds@xxxxxxxxxxxxxxxx>
For list information or to unsubscribe, visit: http://www.unidata.ucar.edu/mailing_lists/

--

James Gallagher
jgallagher@xxxxxxxxxxx <mailto:jgallagher@xxxxxxxxxxx>


_______________________________________________
thredds mailing list
thredds@xxxxxxxxxxxxxxxx <mailto:thredds@xxxxxxxxxxxxxxxx>
For list information or to unsubscribe, visit: http://www.unidata.ucar.edu/mailing_lists/



_______________________________________________
thredds mailing list
thredds@xxxxxxxxxxxxxxxx
For list information or to unsubscribe,  visit: 
http://www.unidata.ucar.edu/mailing_lists/

  • 2015 messages navigation, sorted by:
    1. Thread
    2. Subject
    3. Author
    4. Date
    5. ↑ Table Of Contents
  • Search the thredds archives: