Since we are amidst evaluating JBoss in comparison to our WebSphere architecture and we thought in terms of infrastructure design about an redirect from DMZ-httpd to JBoss-AppServ via AJP1.3, some questions emerged:
1. Is the communication via AJP still SSL-crypted, i.e. is AJP running above or beneath the SSL-protocol-layer?
If yes, does it mean that there are two points of SSL-negotiation (browser<->httpd<->tomcat)?
Is there any special configuration to be made for assuring SSL over AJP?
2. How valuable are the alternatives (WARP, reverse proxy)?
3. Is there any deployment-strategy for seamless operation when using multiple workers and two logical JBoss-servers with shared configuration?
Thanks in advance for your precious help!
I use from now on the combination of mod_rewrite & mod_proxy as proposed by Pier Fumagalli in order to assure SSL encrypted communication between the reverse proxy and the application server, as well as failover and loadbalancing aspects.