Mon, 27 Jan 2003 19:08:38 -0800
After a blinding tour through the documentation, I've set up and
configured Apache+mod_ssl as a reverse (server-side) proxy. In other
words, it is functioning as shown below:
Client ------------> Apache -----------> WebLogic
Thus a request sent to https://reverse.ssl.proxy/yahoo/ can be
redirected to http://www.yahoo.com/ with the appropriate entry in
httpd.conf to map the given URL to the real server as is done with an
alias configuration directive. This setup also has the benefit of
mapping, for example, https://reverse.ssl.proxy/yahoo/foo/bar/ to
http://www.yahoo.com/foo/bar as one would like.
I haven't had the chance to test this out with a JMS client, or the web
services we'll be deploying, but will surely follow this post up with
more info when I have it. Has anyone had the joy of using Apache in this
manner before? Anything I should be aware of? Am I mad to attempt this?
Should I just stone myself now and get it over with?
Thank you for your continued support,
Elias Sinderson wrote:
> Good day,
> Or perhaps 'Frustrating day' would be more accurate?
> Given that:
> (1) Our app server (WebLogic) will not be certified for use with JDK
> 1.4 until the next release (hopefully available sometime early this
> summer if we're lucky?).
> (2) Our application requires JDK 1.4 functionality (preferences
> package, regular expressions, XML parsing, etc.) on both the client
> AND server side.
> (3) SSL handshake fails if either the client or server (or both) are
> using JDK 1.4 due to the changes between Java 1.1 and 1.2 related to
> the pluggable security model.
> (4) The app server can run under JDK 1.4 with no apparent negative
> consequences other than (3).
> What options are available to provide SSL for client connections? As
> far as I can tell, using a SSL proxy (either in software or hardware)
> may be the only alternative. If anyone has an alternate solution, or
> can share their knowledge gained from similar experience, I would like
> to hear from you. Further, if anyone is aware of other 'gotchas' that
> will come up due to our running WL 7.x with JDK 1.4, please share your
> experiences. And even further, can anyone recommend a SSL proxy that
> they'll swear by? This isn't rocket science, but the consequences of a
> wrong decision could be disasterous...
> How I do love Mondays,