user1563721 user1563721 - 1 month ago 8
Apache Configuration Question

AJP and SSL communication to application server

I have a client which access server through HTTPS. The server is a Java based web application running in WildFly application server.

Now I need to put a apache proxy between client and server and I need to set AJP (usually port 8009) to my application server or servers.

I assumed that if there is HTTPS then I wouldn't see clear text packet data through AJP. But I see everything when capturing data on server's AJP 8009 port.

How can AJP decapsulate SSL communication and see inside?

Answer

The AJP protocol does not wrap HTTP or HTTPS. Apache is where HTTPS ends, and from Apache to Tomcat the data is sent over the AJP protocol.

Comments