[stunnel-users] stunnel and AJP
Richard.Hall
Richard.Hall at ingenta.com
Wed Sep 13 17:39:51 CEST 2006
Scott,
On Wed, 6 Sep 2006, Jones Scott - sjones wrote:
> Any chance you could send me a sample configuration file? :)
Sorry for the delay, this got buried and has only just resurfaced.
For a local Apache (ie local to the machine running JBoss), a
non-stunnel'd config has something like
JkMount /folder/* workername
in httpd.conf, and
worker.workername.type=ajp13
worker.workername.port=7003
worker.workername.host=localhost
in mod_jk.properties (the JkWorkersFile file)
For a remote Apache, you don't need to change mod_jk.properties. But
instead of having JBoss listening on port 7003, you have an stunnel
client, with a config something like
client=yes
[ajp13s]
accept = localhost:7003
connect = jboss-server:17003
And then on your local server, i.e. the one running JBoss, you have an
stunnel server:-
client=no
[ajp13s]
accept = 17003
connect = localhost:7003
(You might want to consider how best to stop the rest of the world
connecting to port 17003. I do it out at the firewall)
> Just got it install and going to start trying to get it setup.
>
> I am going to try to end the tunnel on a BigIP box. So just set it up
> on the apache server and hope it can end on the BigIP box.
Don't know a thing about BigIP boxes! Good luck.
HTH,
Richard
More information about the stunnel-users
mailing list