How to access a web service behind a NAT?

Question

We have a product we are deploying to some small businesses. It is basically a RESTful API over SSL using Tomcat. This is installed on the server in the small business and i

Answer 1

Set up an Apache in front of your Tomcat. This Apache should be visible from the internet, where the Tomcat should not.

Configure Apache to forward all traffic to the Tomcat. This can easily be accomplished using mod_proxy (check out the ProxyPass and ProxyPassReverse directives).

Have your SSL certificate located in the Apache, so that all clients can talk HTTPS with the Apache server, which in turn talks plain HTTP with Tomcat.

No tunneling or other nastyness + you will be surprised how easy it is to configure Apache to do this.