You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Kris Reese <kr...@hotmail.com> on 2005/01/20 00:37:56 UTC
Tomcat 5 - Apache2 & SSL with mod_proxy
Apache 2.0.52
Tomcat 5.5
openSSL 9.7e
I've successfully been able to install all three components with the
following attributes:
I've successfully connected Tomcat to Apache via the mod_proxy module
instead of using the JK2 connector
I've also successfully integrated openSSL into apache, so that I can have a
secure connection via HTTPS.
So far, I'm only using the examples that shipped with Tomcat for testing
purposes (i.e. /jsp-examples).
My problem is when I try to access /jsp-examples via HTTPS. It always
redirects back to port 80, thus I lose my secure connection. I have a
feeling this is due to the "proxyPort="80" as defined in server.xml. If I
change proxyPort to 443, it appends :443 at the end of my URL instead of
using https. My ultimate goal is to have a webserver that only runs on port
443 which has a login.jsp page as the "index" page so people can login
securely.
I've read I need to use SSLProxyEngine and have attempted to implement. My
configuration is as follows:
httpd.conf (from none other than apache2)
-------------------------------------------------------
<VirtualHost 129.17.66.193:80>
ServerName www.mysite.com
DocumentRoot /usr/local/apache2/htdocs
SSLProxyEngine on
<IfModule mod_proxy.c>
ProxyRequests On
ProxyPass /jsp-examples http://129.17.66.193:8082/jsp-examples
ProxyPass /*.jsp http://129.17.66.193:8082
</IfModule>
</VirtualHost>
server.xml (from none other than Tomcat)
-------------------------------------------------------
<!-- non-SSL HTTP/1.1 Connector on port 8080 is commented out -->
<!-- SSL HTTP/1.1 Connector on port 8443 is commented out -->
<!-- Define an AJP 1.3 Connector on port 8009 -- NOTE I AM NOT USING
THIS -->
<Connector port="8009"
enableLookups="false" redirectPort="8443" protocol="AJP/1.3"
/>
<!-- Define a Proxied HTTP/1.1 Connector on port 8082 -->
<Connector port="8082"
maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
enableLookups="false" acceptCount="100"
connectionTimeout="20000"
proxyPort="80" disableUploadTimeout="true" />
ssl.conf (from apache2)
-------------------------------------------------------
...
<IfDefine SSL>
Listen 443
...
...
## SSL Virtual Host Context
<VirtualHost _default_:443>
<IfModule mod_proxy.c>
ProxyRequests Off
ProxyPass /jsp-examples http://localhost:8082/jsp-examples
ProxyPass /*.jsp http://localhost:8082
</IfModule>
# General setup for the virtual host
DocumentRoot "/usr/local/apache2/htdocs"
ServerName www.mysite.com:443
ServerAdmin root@mysite.com
ErrorLog /usr/local/apache2/logs/error_log
TransferLog /usr/local/apache2/logs/access_log
# SSL Engine Switch:
# Enable/Disable SSL for this virtual host.
SSLEngine on
SSLProxyEngine on
# Server Certificate:
SSLCertificateFile /usr/local/ssl/openssl/certs/my_cert.cert
# Server Private Key:
SSLCertificateKeyFile /usr/local/ssl/openssl/private/my_key.key
</VirtualHost>
</IfDefine>
------------------------------------------------------------------
With this configuration, If I attempt to lauch
https://myserver.com/jsp-examples, it redirects me to
http://myserver.com/jsp-examples and I lose my secure connection. Based on
my error_log file, I see that I need to enable SSLProxyEngine:
[Tue Jan 18 14:40:02 2005] [error] SSL Proxy requested for myserver.com:80
but not enabled [Hint: SSLProxyEngine]
[Tue Jan 18 14:40:02 2005] [error] proxy: failed to enable ssl support for
129.17.66.193:8082 (k001gxb-0010)
As you can see, I added this directive above in my config files, but it's
either in the wrong place or there's a missing piece.
I don't want port 80 open at all. I want everything to run through HTTPS.
Can you help me in getting the configuration so that all data transfered is
through HTTPS?
This is on an Enterprise SUN E450 server running Solaris Sparc 9 btw.
- - - - - - - - - - - - - - - - - - - - -
Thank you,
Kristian T Reese
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
Re: Tomcat 5 - Apache2 & SSL with mod_proxy
Posted by Robin Johnson <ro...@syndicom.com>.
I know this is a pretty old post, but I'll respond to it anyways so the
solution shows up in the archives:
All you have to do is set scheme="https" and proxyPort="443" and the
connector will properly redirect your connections using https.
HTH,
Robin
Kris Reese wrote:
> Apache 2.0.52
> Tomcat 5.5
> openSSL 9.7e
>
> I've successfully been able to install all three components with the
> following attributes:
> I've successfully connected Tomcat to Apache via the mod_proxy
> module instead of using the JK2 connector
> I've also successfully integrated openSSL into apache, so that I
> can have a secure connection via HTTPS.
>
> So far, I'm only using the examples that shipped with Tomcat for
> testing purposes (i.e. /jsp-examples).
>
> My problem is when I try to access /jsp-examples via HTTPS. It always
> redirects back to port 80, thus I lose my secure connection. I have a
> feeling this is due to the "proxyPort="80" as defined in server.xml.
> If I change proxyPort to 443, it appends :443 at the end of my URL
> instead of using https. My ultimate goal is to have a webserver that
> only runs on port 443 which has a login.jsp page as the "index" page
> so people can login securely.
>
> I've read I need to use SSLProxyEngine and have attempted to
> implement. My configuration is as follows:
>
> httpd.conf (from none other than apache2)
> -------------------------------------------------------
> <VirtualHost 129.17.66.193:80>
> ServerName www.mysite.com
> DocumentRoot /usr/local/apache2/htdocs
> SSLProxyEngine on
>
> <IfModule mod_proxy.c>
> ProxyRequests On
> ProxyPass /jsp-examples http://129.17.66.193:8082/jsp-examples
> ProxyPass /*.jsp http://129.17.66.193:8082
> </IfModule>
> </VirtualHost>
>
> server.xml (from none other than Tomcat)
> -------------------------------------------------------
> <!-- non-SSL HTTP/1.1 Connector on port 8080 is commented out -->
> <!-- SSL HTTP/1.1 Connector on port 8443 is commented out -->
>
> <!-- Define an AJP 1.3 Connector on port 8009 -- NOTE I AM NOT
> USING THIS -->
> <Connector port="8009"
> enableLookups="false" redirectPort="8443"
> protocol="AJP/1.3" />
>
> <!-- Define a Proxied HTTP/1.1 Connector on port 8082 -->
> <Connector port="8082"
> maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
> enableLookups="false" acceptCount="100"
> connectionTimeout="20000"
> proxyPort="80" disableUploadTimeout="true" />
>
.....
> With this configuration, If I attempt to lauch
> https://myserver.com/jsp-examples, it redirects me to
> http://myserver.com/jsp-examples and I lose my secure connection.
> Based on my error_log file, I see that I need to enable SSLProxyEngine:
> [Tue Jan 18 14:40:02 2005] [error] SSL Proxy requested for
> myserver.com:80 but not enabled [Hint: SSLProxyEngine]
> [Tue Jan 18 14:40:02 2005] [error] proxy: failed to enable ssl support
> for 129.17.66.193:8082 (k001gxb-0010)
>
> As you can see, I added this directive above in my config files, but
> it's either in the wrong place or there's a missing piece.
>
> I don't want port 80 open at all. I want everything to run through
> HTTPS. Can you help me in getting the configuration so that all data
> transfered is through HTTPS?
>
> This is on an Enterprise SUN E450 server running Solaris Sparc 9 btw.
>
> - - - - - - - - - - - - - - - - - - - - -
> Thank you,
>
> Kristian T Reese
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org