You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Przemyslaw Ceglowski <pr...@ceglowski.net> on 2007/07/18 11:37:26 UTC
problems with IP based virtual hosting with multiple SSL certificates and APR
Dear Users,
I have been fighting with it for good few weeks now and I cannot manage to
make it work myself so any help would be appreciated.
With the below setup, only www.domain1.com works fine by HTTPS. I can reach
the content of the others by HTTP but HTTPS is giving me 404 for all of
them.
There are no errors in Catalina.out.
Regards,
Przemek
# netstat -ntl
Tcp 0 0 192.168.86.104:443 0.0.0.0:* LISTEN
Tcp 0 0 192.168.86.103:443 0.0.0.0:* LISTEN
Tcp 0 0 192.168.86.74:443 0.0.0.0:* LISTEN
Tcp 0 0 192.168.86.73:443 0.0.0.0:* LISTEN
Tcp 0 0 192.168.86.72:443 0.0.0.0:* LISTEN
Tcp 0 0 192.168.86.71:443 0.0.0.0:* LISTEN
Tcp 0 0 ::ffff:127.0.0.1:8005 :::* LISTEN
Tcp 0 0 :::80 :::* LISTEN
OS: Fedora Core 6
Software versions:
Apache Tomcat Version 6.0.10
Java(TM) SE Runtime Environment (build 1.6.0-b105)
tomcat-native-1.1.8
apr-1.2.9
========================================================================
server.xml
========================================================================
<Server port="8005" shutdown="0fbb9aebcbfbef203eca71b6be367859">
<Listener className="org.apache.catalina.core.AprLifecycleListener"
SSLEngine="on" />
<Listener className="org.apache.catalina.core.JasperListener" />
<Listener className="org.apache.catalina.mbeans.ServerLifecycleListener" />
<Listener
className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" />
<GlobalNamingResources>
<Resource name="UserDatabase" auth="Container"
type="org.apache.catalina.UserDatabase"
description="User database that can be updated and saved"
factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
pathname="conf/tomcat-users.xml" />
</GlobalNamingResources>
<Service name="Catalina">
<Connector port="80" protocol="HTTP/1.1"
maxThreads="150"
connectionTimeout="20000"
redirectPort="443" />
<Connector debug="5" port="443" address="192.168.86.71" protocol="HTTP/1.1"
acceptCount="100" clientAuth="false" disableUploadTimeout="true"
enableLookups="false"
maxSpareThreads="75" maxThreads="150" minSpareThreads="25"
SSLEnabled="true" SSLProtocol="TLS" secure="true" scheme="https"
useIPVHosts="true"
SSLCertificateFile="${catalina.base}/ssl/www.domain1.com.crt"
SSLCertificateKeyFile="${catalina.base}/ssl/www.domain1.com.key"
/>
<Connector debug="5" port="443" address="192.168.86.72" protocol="HTTP/1.1"
acceptCount="100" clientAuth="false" disableUploadTimeout="true"
enableLookups="false"
maxSpareThreads="75" maxThreads="150" minSpareThreads="25"
SSLEnabled="true" SSLProtocol="TLS" secure="true" scheme="https"
useIPVHosts="true"
SSLCertificateFile="${catalina.base}/ssl/www.domain2.com.crt"
SSLCertificateKeyFile="${catalina.base}/ssl/www.domain2.com.key"
/>
<Connector debug="5" port="443" address="192.168.86.73" protocol="HTTP/1.1"
acceptCount="100" clientAuth="false" disableUploadTimeout="true"
enableLookups="false"
maxSpareThreads="75" maxThreads="150" minSpareThreads="25"
SSLEnabled="true" SSLProtocol="TLS" secure="true" scheme="https"
useIPVHosts="true"
SSLCertificateFile="${catalina.base}/ssl/www.domain3.com.crt"
SSLCertificateKeyFile="${catalina.base}/ssl/ www.domain3.com.key"
/>
<Connector debug="5" port="443" address="212.78.86.74" protocol="HTTP/1.1"
acceptCount="100" clientAuth="false" disableUploadTimeout="true"
enableLookups="false"
maxSpareThreads="75" maxThreads="150" minSpareThreads="25"
SSLEnabled="true" SSLProtocol="TLS" secure="true" scheme="https"
useIPVHosts="true"
SSLCertificateFile="${catalina.base}/ssl/www.domain4.com.crt"
SSLCertificateKeyFile="${catalina.base}/ssl/www.domain4.com.key"
/>
<Connector debug="5" port="443" address="192.168.86.103" protocol="HTTP/1.1"
acceptCount="100" clientAuth="false" disableUploadTimeout="true"
enableLookups="false"
maxSpareThreads="75" maxThreads="150" minSpareThreads="25"
SSLEnabled="true" SSLProtocol="TLS" secure="true" scheme="https"
useIPVHosts="true"
SSLCertificateFile="${catalina.base}/ssl/www.domain5.com.crt"
SSLCertificateKeyFile="${catalina.base}/ssl/www.domain5.com.key"
/>
<Connector debug="5" port="443" address="192.168.86.104" protocol="HTTP/1.1"
acceptCount="100" clientAuth="false" disableUploadTimeout="true"
enableLookups="false"
maxSpareThreads="75" maxThreads="150" minSpareThreads="25"
SSLEnabled="true" SSLProtocol="TLS" secure="true" scheme="https"
useIPVHosts="true"
SSLCertificateFile="${catalina.base}/ssl/www.domain6.com.crt"
SSLCertificateKeyFile="${catalina.base}/ssl/www.domain6.com.key"
/>
<Engine name="Catalina" defaultHost="localhost">
<Realm className="org.apache.catalina.realm.UserDatabaseRealm"
resourceName="UserDatabase"/>
<Host name="localhost" appBase="webapps"
unpackWARs="true" autoDeploy="true"
xmlValidation="false" xmlNamespaceAware="false">
<Valve className="org.apache.catalina.valves.AccessLogValve"
directory="logs"
prefix="localhost_access_log." suffix=".txt" pattern="common"
resolveHosts="false"/>
</Host>
<Host name="www.domain1.com" debug="5"
appBase="/usr/local/tomcat/webapps/www.domain1.com/"
unpackWARs="true" autoDeploy="true">
<Context path="" docBase="" debug="1"/>
<Valve className="org.apache.catalina.valves.AccessLogValve"
directory="logs" prefix="www.domain1.com_access."
suffix=".log" pattern="common" resolveHosts="false"/>
</Host>
<Host name="www.domain2.com" debug="5"
appBase="/usr/local/tomcat/webapps/www.domain2.com/"
unpackWARs="true" autoDeploy="true">
<Context path="" docBase="" debug="1"/>
<Valve className="org.apache.catalina.valves.AccessLogValve"
directory="logs" prefix="www.domain2.com_access."
suffix=".log" pattern="common" resolveHosts="false"/>
</Host>
<Host name="www.domain3.com" debug="5"
appBase="/usr/local/tomcat/webapps/www.domain3.com/"
unpackWARs="true" autoDeploy="true">
<Context path="" docBase="" debug="1"/>
<Valve className="org.apache.catalina.valves.AccessLogValve"
directory="logs" prefix="www.domain3.com_access."
suffix=".log" pattern="common" resolveHosts="false"/>
</Host>
<Host name="www.domain4.com" debug="5"
appBase="/usr/local/tomcat/webapps/www.domain4.com/"
unpackWARs="true" autoDeploy="true">
<Context path="" docBase="" debug="1"/>
<Valve className="org.apache.catalina.valves.AccessLogValve"
directory="logs" prefix="www.domain4.com_access."
suffix=".log" pattern="common" resolveHosts="false"/>
</Host>
<Host name="www.domain5.com" debug="5"
appBase="/usr/local/tomcat/webapps/www.domain5.com/"
unpackWARs="true" autoDeploy="true">
<Context path="" docBase="" debug="1"/>
<Valve className="org.apache.catalina.valves.AccessLogValve"
directory="logs" prefix="www.domain5.com_access."
suffix=".log" pattern="common" resolveHosts="false"/>
</Host>
<Host name="www.domain6.com" debug="5"
appBase="/usr/local/tomcat/webapps/www.domain6.com/"
unpackWARs="true" autoDeploy="true">
<Context path="" docBase="" debug="1"/>
<Valve className="org.apache.catalina.valves.AccessLogValve"
directory="logs" prefix="www.domain6.com_access."
suffix=".log" pattern="common" resolveHosts="false"/>
</Host>
</Engine>
</Service>
</Server>
===================================================================
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: problems with IP based virtual hosting with multiple SSL certificates
and APR
Posted by Mark Thomas <ma...@apache.org>.
Przemyslaw Ceglowski wrote:
> Dear Users,
>
> I have been fighting with it for good few weeks now and I cannot manage to
> make it work myself so any help would be appreciated.
Short version:
- remove all the context elements
- create a folder named ROOT inside every appBase
- move the current contents of each appBase to the new ROOT folder
> <Host name="www.domain3.com" debug="5"
> appBase="/usr/local/tomcat/webapps/www.domain3.com/"
> unpackWARs="true" autoDeploy="true">
> <Context path="" docBase="" debug="1"/>
> <Valve className="org.apache.catalina.valves.AccessLogValve"
> directory="logs" prefix="www.domain3.com_access."
> suffix=".log" pattern="common" resolveHosts="false"/>
> </Host>
Long version:
docBase can be absolute or relative so with a value of "" it is
assumed to be relative ends up being the same as appBase.
A docBase should never be the same as an appBase. Older Tomcat
versions allowed this as an unfortunate side effect a bug that has
since been fixed.
Further, to align with later versions of the servlet spec, any folder
in an appBase is assumed to be a context regardless of whether it
contains a WEB-INF directory or not.
HTH,
Mark
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
RE: problems with IP based virtual hosting with multiple SSL certificates and APR
Posted by Przemyslaw Ceglowski <pr...@ceglowski.net>.
Thanks for the tip, I will fix that, although I do not think that is the
cause of my problem as accessing each of the webapps by http redirects me
correctly.
Under each of the appBase I have index.html that redirects to the subfolder
of the application:
[root@server1 www.domain1.com]# cat index.html
<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<title>Apache Tomcat</title>
<meta http-equiv="refresh" content="0;
url=http://www.domain1.com/ExpenSysWT" />
</head>
<body>
</body>
</html>
[root@server1 www.domain1.com]# pwd
/usr/local/tomcat/webapps/www.expensys-ged.com
[root@server1 www.domain1.com]# ll
total 10688
drwxr-xr-x 5 root root 4096 Jul 17 10:59 ExpenSysWT
-rw-r--r-- 1 root root 10907980 Jul 17 10:59 ExpenSysWT.war
-rw-r--r-- 1 root content 411 Jul 16 22:49 index.html
drwxr-xr-- 5 root content 4096 Jun 18 23:07 manager
Przem
-----Original Message-----
From: Caldarale, Charles R [mailto:Chuck.Caldarale@unisys.com]
Sent: Thursday, July 19, 2007 2:08 PM
To: Tomcat Users List
Subject: RE: problems with IP based virtual hosting with multiple SSL
certificates and APR
> From: Przemyslaw Ceglowski [mailto:przemek@ceglowski.net]
> Subject: RE: problems with IP based virtual hosting with
> multiple SSL certificates and APR
>
> Although I do not think I have something wrong in it
For one thing, placing <Context> elements in server.xml is strongly
discouraged these days. These are supposed to go in either
META-INF/context.xml of each webapp or
conf/Catalina/[host]/[appname].xml.
> <Context path="" docBase="" debug="1"/>
I have no idea what a docBase attribute of an empty string is supposed
to do.
What actually exists under each of your appBase directories?
- Chuck
THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY
MATERIAL and is thus for use only by the intended recipient. If you
received this in error, please contact the sender and delete the e-mail
and its attachments from all computers.
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
RE: problems with IP based virtual hosting with multiple SSL certificates and APR
Posted by "Caldarale, Charles R" <Ch...@unisys.com>.
> From: Przemyslaw Ceglowski [mailto:przemek@ceglowski.net]
> Subject: RE: problems with IP based virtual hosting with
> multiple SSL certificates and APR
>
> Although I do not think I have something wrong in it
For one thing, placing <Context> elements in server.xml is strongly
discouraged these days. These are supposed to go in either
META-INF/context.xml of each webapp or
conf/Catalina/[host]/[appname].xml.
> <Context path="" docBase="" debug="1"/>
I have no idea what a docBase attribute of an empty string is supposed
to do.
What actually exists under each of your appBase directories?
- Chuck
THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY
MATERIAL and is thus for use only by the intended recipient. If you
received this in error, please contact the sender and delete the e-mail
and its attachments from all computers.
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
RE: problems with IP based virtual hosting with multiple SSL certificates and APR
Posted by Przemyslaw Ceglowski <pr...@ceglowski.net>.
Any ideas guys?
Although I do not think I have something wrong in it but maybe someone could
give me an example of working server.xml file in the same configuration?
Regards,
Przem
-----Original Message-----
From: Przemyslaw Ceglowski [mailto:przemek@ceglowski.net]
Sent: Wednesday, July 18, 2007 10:37 AM
To: users@tomcat.apache.org
Subject: problems with IP based virtual hosting with multiple SSL
certificates and APR
Dear Users,
I have been fighting with it for good few weeks now and I cannot manage to
make it work myself so any help would be appreciated.
With the below setup, only www.domain1.com works fine by HTTPS. I can reach
the content of the others by HTTP but HTTPS is giving me 404 for all of
them.
There are no errors in Catalina.out.
Regards,
Przemek
# netstat -ntl
Tcp 0 0 192.168.86.104:443 0.0.0.0:* LISTEN
Tcp 0 0 192.168.86.103:443 0.0.0.0:* LISTEN
Tcp 0 0 192.168.86.74:443 0.0.0.0:* LISTEN
Tcp 0 0 192.168.86.73:443 0.0.0.0:* LISTEN
Tcp 0 0 192.168.86.72:443 0.0.0.0:* LISTEN
Tcp 0 0 192.168.86.71:443 0.0.0.0:* LISTEN
Tcp 0 0 ::ffff:127.0.0.1:8005 :::* LISTEN
Tcp 0 0 :::80 :::* LISTEN
OS: Fedora Core 6
Software versions:
Apache Tomcat Version 6.0.10
Java(TM) SE Runtime Environment (build 1.6.0-b105)
tomcat-native-1.1.8
apr-1.2.9
========================================================================
server.xml
========================================================================
<Server port="8005" shutdown="0fbb9aebcbfbef203eca71b6be367859">
<Listener className="org.apache.catalina.core.AprLifecycleListener"
SSLEngine="on" />
<Listener className="org.apache.catalina.core.JasperListener" />
<Listener className="org.apache.catalina.mbeans.ServerLifecycleListener" />
<Listener
className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" />
<GlobalNamingResources>
<Resource name="UserDatabase" auth="Container"
type="org.apache.catalina.UserDatabase"
description="User database that can be updated and saved"
factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
pathname="conf/tomcat-users.xml" />
</GlobalNamingResources>
<Service name="Catalina">
<Connector port="80" protocol="HTTP/1.1"
maxThreads="150"
connectionTimeout="20000"
redirectPort="443" />
<Connector debug="5" port="443" address="192.168.86.71" protocol="HTTP/1.1"
acceptCount="100" clientAuth="false" disableUploadTimeout="true"
enableLookups="false"
maxSpareThreads="75" maxThreads="150" minSpareThreads="25"
SSLEnabled="true" SSLProtocol="TLS" secure="true" scheme="https"
useIPVHosts="true"
SSLCertificateFile="${catalina.base}/ssl/www.domain1.com.crt"
SSLCertificateKeyFile="${catalina.base}/ssl/www.domain1.com.key"
/>
<Connector debug="5" port="443" address="192.168.86.72" protocol="HTTP/1.1"
acceptCount="100" clientAuth="false" disableUploadTimeout="true"
enableLookups="false"
maxSpareThreads="75" maxThreads="150" minSpareThreads="25"
SSLEnabled="true" SSLProtocol="TLS" secure="true" scheme="https"
useIPVHosts="true"
SSLCertificateFile="${catalina.base}/ssl/www.domain2.com.crt"
SSLCertificateKeyFile="${catalina.base}/ssl/www.domain2.com.key"
/>
<Connector debug="5" port="443" address="192.168.86.73" protocol="HTTP/1.1"
acceptCount="100" clientAuth="false" disableUploadTimeout="true"
enableLookups="false"
maxSpareThreads="75" maxThreads="150" minSpareThreads="25"
SSLEnabled="true" SSLProtocol="TLS" secure="true" scheme="https"
useIPVHosts="true"
SSLCertificateFile="${catalina.base}/ssl/www.domain3.com.crt"
SSLCertificateKeyFile="${catalina.base}/ssl/ www.domain3.com.key"
/>
<Connector debug="5" port="443" address="212.78.86.74" protocol="HTTP/1.1"
acceptCount="100" clientAuth="false" disableUploadTimeout="true"
enableLookups="false"
maxSpareThreads="75" maxThreads="150" minSpareThreads="25"
SSLEnabled="true" SSLProtocol="TLS" secure="true" scheme="https"
useIPVHosts="true"
SSLCertificateFile="${catalina.base}/ssl/www.domain4.com.crt"
SSLCertificateKeyFile="${catalina.base}/ssl/www.domain4.com.key"
/>
<Connector debug="5" port="443" address="192.168.86.103" protocol="HTTP/1.1"
acceptCount="100" clientAuth="false" disableUploadTimeout="true"
enableLookups="false"
maxSpareThreads="75" maxThreads="150" minSpareThreads="25"
SSLEnabled="true" SSLProtocol="TLS" secure="true" scheme="https"
useIPVHosts="true"
SSLCertificateFile="${catalina.base}/ssl/www.domain5.com.crt"
SSLCertificateKeyFile="${catalina.base}/ssl/www.domain5.com.key"
/>
<Connector debug="5" port="443" address="192.168.86.104" protocol="HTTP/1.1"
acceptCount="100" clientAuth="false" disableUploadTimeout="true"
enableLookups="false"
maxSpareThreads="75" maxThreads="150" minSpareThreads="25"
SSLEnabled="true" SSLProtocol="TLS" secure="true" scheme="https"
useIPVHosts="true"
SSLCertificateFile="${catalina.base}/ssl/www.domain6.com.crt"
SSLCertificateKeyFile="${catalina.base}/ssl/www.domain6.com.key"
/>
<Engine name="Catalina" defaultHost="localhost">
<Realm className="org.apache.catalina.realm.UserDatabaseRealm"
resourceName="UserDatabase"/>
<Host name="localhost" appBase="webapps"
unpackWARs="true" autoDeploy="true"
xmlValidation="false" xmlNamespaceAware="false">
<Valve className="org.apache.catalina.valves.AccessLogValve"
directory="logs"
prefix="localhost_access_log." suffix=".txt" pattern="common"
resolveHosts="false"/>
</Host>
<Host name="www.domain1.com" debug="5"
appBase="/usr/local/tomcat/webapps/www.domain1.com/"
unpackWARs="true" autoDeploy="true">
<Context path="" docBase="" debug="1"/>
<Valve className="org.apache.catalina.valves.AccessLogValve"
directory="logs" prefix="www.domain1.com_access."
suffix=".log" pattern="common" resolveHosts="false"/>
</Host>
<Host name="www.domain2.com" debug="5"
appBase="/usr/local/tomcat/webapps/www.domain2.com/"
unpackWARs="true" autoDeploy="true">
<Context path="" docBase="" debug="1"/>
<Valve className="org.apache.catalina.valves.AccessLogValve"
directory="logs" prefix="www.domain2.com_access."
suffix=".log" pattern="common" resolveHosts="false"/>
</Host>
<Host name="www.domain3.com" debug="5"
appBase="/usr/local/tomcat/webapps/www.domain3.com/"
unpackWARs="true" autoDeploy="true">
<Context path="" docBase="" debug="1"/>
<Valve className="org.apache.catalina.valves.AccessLogValve"
directory="logs" prefix="www.domain3.com_access."
suffix=".log" pattern="common" resolveHosts="false"/>
</Host>
<Host name="www.domain4.com" debug="5"
appBase="/usr/local/tomcat/webapps/www.domain4.com/"
unpackWARs="true" autoDeploy="true">
<Context path="" docBase="" debug="1"/>
<Valve className="org.apache.catalina.valves.AccessLogValve"
directory="logs" prefix="www.domain4.com_access."
suffix=".log" pattern="common" resolveHosts="false"/>
</Host>
<Host name="www.domain5.com" debug="5"
appBase="/usr/local/tomcat/webapps/www.domain5.com/"
unpackWARs="true" autoDeploy="true">
<Context path="" docBase="" debug="1"/>
<Valve className="org.apache.catalina.valves.AccessLogValve"
directory="logs" prefix="www.domain5.com_access."
suffix=".log" pattern="common" resolveHosts="false"/>
</Host>
<Host name="www.domain6.com" debug="5"
appBase="/usr/local/tomcat/webapps/www.domain6.com/"
unpackWARs="true" autoDeploy="true">
<Context path="" docBase="" debug="1"/>
<Valve className="org.apache.catalina.valves.AccessLogValve"
directory="logs" prefix="www.domain6.com_access."
suffix=".log" pattern="common" resolveHosts="false"/>
</Host>
</Engine>
</Service>
</Server>
===================================================================
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org