How do ensure that Apache AJP to Tomcat connection is secure/encrypted? How do ensure that Apache AJP to Tomcat connection is secure/encrypted? apache apache

How do ensure that Apache AJP to Tomcat connection is secure/encrypted?


You are saying

Tomcat instance with an Apache instance (running on the same machine)

and later you are saying

We dont want passwords to be sniffable on the network between Apache and Tomcat

This just contradicts each other.

EDIT: AJP is not designed to be secure, if you need security, use mod_proxy_http and proxy over https, or create SSH tunnel. Needless to say, you will have to pay for this overhead.


When using AJP you cannot do anything to ensure it is secure. It isn't. There is no SSL version. You would have to use HTTPS. AJP is designed for the usual case where HTTPD and Tomcat are in the same private LAN and security isn't an issue.