3 Replies Latest reply on Nov 25, 2015 9:29 AM by Kiran Pawar

    is it OK to implement TLS for ORDS on Tomcat?


      We are in the process of migrating from APEX listener to ORDS.


      The install guide for ORDS does not give too much information regarding SSL/TLS. It is obviously a task to be fulfilled by the components surrounding ORDS.


      We plan to deploy on Tomcat, and Tomcat has instructions about how to TLS-enable it.


      From an architecture point of view, is it OK to TLS for ORDS on Tomcat, or should we better front an Apache or NGINX?


      I would prefer to have Tomcat do it, to keeps things simple, but I got uncertain, as I read the following in the Tomcat SSL/TLS howto:


      "When running Tomcat primarily as a Servlet/JSP container behind another web server, such as Apache or Microsoft IIS, it is usually necessary to configure the primary web server to handle the SSL connections from users."


      Thanks for sharing your experience and / or opinion.