Author: markt
Date: Wed Dec 14 08:38:24 2016
New Revision: 1774131
URL: http://svn.apache.org/viewvc?rev=1774131&view=rev
Log:
Be explicit that clustering requires a secure network
Modified:
tomcat/trunk/webapps/docs/changelog.xml
tomcat/trunk/webapps/docs/cluster-howto.xml
tomcat/trunk/webapps/docs/config/cluster.xml
tomcat/trunk/webapps/docs/security-howto.xml
Modified: tomcat/trunk/webapps/docs/changelog.xml
URL:
http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/changelog.xml?rev=1774131&r1=1774130&r2=1774131&view=diff
==============================================================================
--- tomcat/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/trunk/webapps/docs/changelog.xml Wed Dec 14 08:38:24 2016
@@ -95,6 +95,11 @@
<bug>60467</bug>: remove problematic characters from XML documentation.
Based upon a patch by Michael Osipov. (schultz)
</fix>
+ <add>
+ In the documentation web application, be explicit that clustering
+ requires a secure network for all of the cluster network traffic.
+ (markt)
+ </add>
</changelog>
</subsection>
</section>
Modified: tomcat/trunk/webapps/docs/cluster-howto.xml
URL:
http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/cluster-howto.xml?rev=1774131&r1=1774130&r2=1774131&view=diff
==============================================================================
--- tomcat/trunk/webapps/docs/cluster-howto.xml (original)
+++ tomcat/trunk/webapps/docs/cluster-howto.xml Wed Dec 14 08:38:24 2016
@@ -111,6 +111,22 @@
<p>Will cover this section in more detail later in this document.</p>
</section>
+<section name="Security">
+
+<p>The cluster implementation is written on the basis that a secure, trusted
+network is used for all of the cluster related network traffic. It is not safe
+to run a cluster on a insecure, untrusted network.</p>
+
+<p>There are many options for providing a secure, trusted network for use by a
+Tomcat cluster. These include:</p>
+<ul>
+ <li>private LAN</li>
+ <li>a Virtual Private Network (VPN)</li>
+ <li>IPSEC</li>
+</ul>
+
+</section>
+
<section name="Cluster Basics">
<p>To run session replication in your Tomcat <version-major/> container, the
following steps
Modified: tomcat/trunk/webapps/docs/config/cluster.xml
URL:
http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/config/cluster.xml?rev=1774131&r1=1774130&r2=1774131&view=diff
==============================================================================
--- tomcat/trunk/webapps/docs/config/cluster.xml (original)
+++ tomcat/trunk/webapps/docs/config/cluster.xml Wed Dec 14 08:38:24 2016
@@ -43,6 +43,21 @@
making the configuration seem like a lot, but don't lose faith, instead you
have a tremendous control
over what is going on.</p>
</section>
+<section name="Security">
+
+<p>The cluster implementation is written on the basis that a secure, trusted
+network is used for all of the cluster related network traffic. It is not safe
+to run a cluster on a insecure, untrusted network.</p>
+
+<p>There are many options for providing a secure, trusted network for use by a
+Tomcat cluster. These include:</p>
+<ul>
+ <li>private LAN</li>
+ <li>a Virtual Private Network (VPN)</li>
+ <li>IPSEC</li>
+</ul>
+
+</section>
<section name="Engine vs Host placement">
<p>
You can place the <code><Cluster></code> element inside either the
<code><Engine></code>
Modified: tomcat/trunk/webapps/docs/security-howto.xml
URL:
http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/security-howto.xml?rev=1774131&r1=1774130&r2=1774131&view=diff
==============================================================================
--- tomcat/trunk/webapps/docs/security-howto.xml (original)
+++ tomcat/trunk/webapps/docs/security-howto.xml Wed Dec 14 08:38:24 2016
@@ -421,6 +421,12 @@
<p>The length of the session ID may be changed with the
<strong>sessionIdLength</strong> attribute.</p>
</subsection>
+
+ <subsection name="Cluster">
+ <p>The cluster implementation is written on the basis that a secure,
+ trusted network is used for all of the cluster related network traffic.
It
+ is not safe to run a cluster on a insecure, untrusted network.</p>
+ </subsection>
</section>
<section name="System Properties">
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
