regarding Configuring Apache Reverse Proxy Using the AJP Protocol I'm wondering that there is no hint that the AJP connector might need a
scheme="https"
nor
proxyName="my.host" proxyPort="443"
as like it is needed using mod_proxy to ensure correct URL handling:
Can someone point out, why this is the case/requirement for Apache mod_proxy but not for AJP?
When using mod_proxy the request looks to Confluence like a browser request. Therefore you have to tell Confluence (or to be more precisely Confluence' Tomcat server) that a proxy is used and the Scheme is https, so the server can build a valid link instead of redirecting to it's own address.
AJP is different. AJP is a binary protocol, which includes different states about the request but does look not like a http request to the server. The server is aware that this is a proxified request. Inside the AJP message everything is already prepared, in other words the server will know from where the request comes:
AJP13_FORWARD_REQUEST := prefix_code (byte) 0x02 = JK_AJP13_FORWARD_REQUEST method (byte) protocol (string) req_uri (string) remote_addr (string) remote_host (string) server_name (string) server_port (integer) is_ssl (boolean) num_headers (integer) request_headers *(req_header_name req_header_value) attributes *(attribut_name attribute_value) request_terminator (byte) OxFF
The long name is by the way Apache JServ Protocol.
because internal ajp connection is still unencrypted? while mod_proxy makes internal calls to an HTTPS server?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.