You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@tomcat.apache.org by Ralf Schneider <ra...@tapfere-schneiderleins.de> on 2004/02/02 12:41:42 UTC

HTTPS with Apache 2.0.48 and Tomcat 5.0.16

Hi,

I try to set an Apache 2.0.48 with a connection to Tomcat 5.0.16 via mod_jk2 
2.0.2. The static pages should be accessed via normal HTTP whereas the 
dynamic pages of my webapp should only be accessible via HTTPS for security.

I installed a certificate in /usr/local/apache2/conf/ssl.cert and set up a 
virtual host for the SSL pages in ssl.conf:

<VirtualHost _default_:443>
DocumentRoot "/usr/local/tomcat/webapps/demo_02"
ServerName www.development.home:443
ServerAdmin ralf@tapfere-schneiderleins.de
ErrorLog /usr/local/apache2/logs/error_log
TransferLog /usr/local/apache2/logs/access_log

Alias /demo_02 "/usr/local/tomcat/webapps/demo_02"

<Location "/demo_02/WEB-INF/*">
    AllowOverride None
    deny from all
</Location>

<Location "/demo_02/META-INF/*">
    AllowOverride None
    deny from all
</Location>

JKMount /demo_02/*.do ajp13
JKMount /demo_02/*.jsp ajp13
JKMount /demo_02 ajp13
JKMount /demo_02/* ajp13

SSLEngine on
SSLCipherSuite 
ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateFile /usr/local/apache2/conf/ssl.crt/server.crt
SSLCertificateKeyFile /usr/local/apache2/conf/ssl.key/server.key

<Files ~ "\.(cgi|shtml|phtml|php3?)$">
    SSLOptions +StdEnvVars
</Files>
<Directory "/usr/local/apache2/cgi-bin">
    SSLOptions +StdEnvVars
</Directory>

SetEnvIf User-Agent ".*MSIE.*" \
         nokeepalive ssl-unclean-shutdown \
         downgrade-1.0 force-response-1.0

CustomLog /usr/local/apache2/logs/ssl_request_log \
          "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"

</VirtualHost>

When I call the webapp over http://localhost/demo_02 everything works fine. 
The request to my webapp is forwarded to Tomcat. But when I switch to https I 
get "Connection refused" from the browser. I do not see anything in any log 
file.

Did I miss a configuration step? Or did I misconfigure something?

Ralf.


---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org