gpt4 book ai didi

Apache Web 服务器和 JBoss AJP 与 https 的连接

转载 作者:太空宇宙 更新时间:2023-11-03 12:59:53 24 4
gpt4 key购买 nike

我们正在托管在 JBoss 上运行的 Java EE 应用程序。出于安全原因,这个应该在 Internet 上可用的应用程序受到前端 Apache 服务器的保护。我们正在使用 AJP 来实现这一点。

当我们通过 http 访问应用程序时,这工作正常。当我们尝试使用 https 执行此操作时,它不起作用,我们在访问 Java EE 应用程序时收到 404 错误。我们已将 SSL 证书放在 Apache 服务器中。

最佳答案

引自 community.jboss.org

Encryption and SSL support

AJP protocol is not encrypted, so it should not be used with public network infrastructure. In case there is a need for securing the data transfer between web and application server because the transport media could be sniffed by outside world, then some sort of SSL tunnel must be used. The other option is to use the https protocol with mod_proxy. However using https protocol makes things a little bit more complex because one must assure to write the custom Filter in application server so that client certificates get passed transparently to the application server. AJP protocol on the other hand handles this automatically, but with the consequence of passing decrypted data between web and application server. In essence for SSL, the AJP protocol behaves like caching SSL accelerator. This offers much higher performance because data is only decrypted once. Securing the network between web and application server by using a different network card and set of firewalls and routers is the most secure solution. One other option is to put the web and application server on the same physical box in which case the in-memory communication will be used thus increasing the security of the entire system.

关于Apache Web 服务器和 JBoss AJP 与 https 的连接,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/1685563/

24 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com