[stunnel-users] stunnel and AJP

Richard.Hall Richard.Hall at ingenta.com
Wed Sep 13 17:39:51 CEST 2006


Scott,

On Wed, 6 Sep 2006, Jones Scott - sjones wrote:

> Any chance you could send me a sample configuration file?  :)

Sorry for the delay, this got buried and has only just resurfaced.

For a local Apache (ie local to the machine running JBoss), a
non-stunnel'd config has something like

  JkMount /folder/* workername

in httpd.conf, and

  worker.workername.type=ajp13
  worker.workername.port=7003
  worker.workername.host=localhost

in mod_jk.properties (the JkWorkersFile file)

For a remote Apache, you don't need to change mod_jk.properties. But
instead of having JBoss listening on port 7003, you have an stunnel
client, with a config something like

  client=yes
  [ajp13s]
  accept  = localhost:7003
  connect = jboss-server:17003

And then on your local server, i.e. the one running JBoss, you have an
stunnel server:-

  client=no
  [ajp13s]
  accept  = 17003
  connect = localhost:7003

(You might want to consider how best to stop the rest of the world
connecting to port 17003. I do it out at the firewall)

> Just got it install and going to start trying to get it setup.
>
> I am going to try to end the tunnel on a BigIP box.  So just set it up
> on the apache server and hope it can end on the BigIP box.

Don't know a thing about BigIP boxes! Good luck.

HTH,
 Richard




More information about the stunnel-users mailing list