You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Bill Bailey <Bi...@northlandchurch.net> on 2007/02/05 15:53:27 UTC
AJP Connector - Problems Proxying HTTPS Connections
Hi,
I am trying to run Tomcat 5.5.20 behind Win32 Apache HTTPD 2.2.4 with
SSL (downloaded from apachelounge.com) using the AJP connector.
I have a virtual host configured on both Tomcat and Apache HTTPD.
Everything works fine if I configure my Apache HTTPD virtual host to run
unsecured on port 80, but if I set it up to run secured on port 443, it
appears that when it forwards an https request to Tomcat, Tomcat is
redirecting Apache to http://www.resourcepoint.org
<http://www.resourcepoint.org/> . If I also have the port 80 virtual
host configured in Apache HTTPD, it simply resubmits the http request to
Tomcat which happily processes it (but obviously this is not what was
wanted since I am now running unsecured). If the Apache HTTPD port 80
virtual host hasn't been configured, Apache can't find a suitable
virtual host and tries to serve up the document from htdocs and, of
course, fails.
I can see in Apache HTTPD log files where it is successfully getting the
https request and I can see a connection accepted on port 8009 in the
tomcat log files (followed by a line containing Location =
http://www.resourcepoint.org/index.jsp). Finally, in the case where the
Apache HTTPD port 80 virtual host is not configured I can see entries in
the Apache HTTPD error file where it says the file could not be found in
htdocs (because that isn't where it is).
My question is:
Why doesn't Tomcat process this https request? Why is it redirecting
Apache to an http URL? Am I missing some configuration parameter that
I'm unaware of?
I have included fragments of both my Apache and Tomcat configuration
files below.
Thanks in advance for any assistance you can provide.
Bill Bailey
Senior Developer / DBA
Northland, A Church Distributed
Apache Virtual Host Configuration Fragment
NameVirtualHost xxx.xx.xx.x:443
<VirtualHost xxx.xx.xx.x:443>
# General setup for the virtual host
ServerName www.resourcepoint.org:443
DocumentRoot E:\Apache2\vhosts\resourcepoint
ServerAlias www.resourcepoint.org:443
ErrorLog logs/resourcepoint-ssl-error_log
CustomLog logs/resourcepoint-ssl-access_log common
<Directory "E:/Apache2/vhosts/resourcepoint">
... directory stuff in here ...
</Directory>
<Location / >
ProxyPass ajp://127.0.0.1:8009/
ProxyPassReverse ajp://127.0.0.1:8009/
</Location>
... SSL stuff here ...
</VirtualHost>
Tomcat Virtual Host Configuration Fragment
<Service name="Catalina">
<!-- Define a non-SSL HTTP/1.1 Connector on port 8080 -->
<Connector port="8888"
address="127.0.0.1"
maxHttpHeaderSize="8192"
maxThreads="150"
minSpareThreads="25"
maxSpareThreads="75"
enableLookups="false"
redirectPort="8443"
acceptCount="100"
connectionTimeout="20000"
disableUploadTimeout="true" />
<!-- Define an AJP 1.3 Connector on port 8009 -->
<Connector port="8009"
address="127.0.0.1"
enableLookups="false"
protocol="AJP/1.3"
secure="true"
scheme="https"
proxyName="www.resourcepoint.org"
proxyPort="443" />
<!-- Define the top level container in our container hierarchy -->
<Engine name="Catalina" defaultHost="www.resourcepoint.org">
<Realm className="org.apache.catalina.realm.UserDatabaseRealm"
resourceName="UserDatabase" />
<Host name="localhost" appBase="webapps" />
<Host name="www.resourcepoint.org"
appBase="E:\webapps\resourcepoint"
unpackWARs="true"
autoDeploy="true"
xmlValidation="false"
xmlNamespaceAware="false">
<Context path="" docBase="ROOT" debug="1"/>
<Logger className="org.apache.catalina.logger.FileLogger"/>
</Host>
</Engine>
</Service>
Re: AJP Connector - Problems Proxying HTTPS Connections
Posted by Hassan Schroeder <ha...@gmail.com>.
On 2/5/07, Bill Bailey <Bi...@northlandchurch.net> wrote:
To start with --
> Apache Virtual Host Configuration Fragment
> NameVirtualHost xxx.xx.xx.x:443
NameVirtualHosting and SSL don't go together -- yank that
> <VirtualHost xxx.xx.xx.x:443>
Put the real IP that belongs to the SSL cert there
> ServerName www.resourcepoint.org:443
>
> DocumentRoot E:\Apache2\vhosts\resourcepoint
>
> ServerAlias www.resourcepoint.org:443
The server name and alias should not have the port # appended
In the example, the name and alias are the same, which makes no
sense. And if you're proxying everything, you don't need to specify
a DocumentRoot. However,
> ProxyPass ajp://127.0.0.1:8009/
> ProxyPassReverse ajp://127.0.0.1:8009/
that's wrong -- those two directives take two arguments, e.g
ProxyPass / ajp://127.0.0.1:8009
Fix those, and make sure your config files at least passes the config
test ( $APACHE_HOME/bin/apachectl -t )
HTH!
--
Hassan Schroeder ------------------------ hassan.schroeder@gmail.com
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: AJP Connector - Problems Proxying HTTPS Connections
Posted by Rainer Jung <ra...@kippdata.de>.
It should be OK, it's not named based virtual hosts in his case.
You should be posting this to the httpd user list, since you are using
mod_proxy_* and not mod_jk. You might get help here too, but it's more a
question concerning an httpd standard module.
From general experience: the answer might depend on which component is
actually producing the redirect: tomcat, you application or some
framework used. In general the ajp protocol transports knowledge about
using https on the apache side to your servelt container, such that it
is able to produce correct self-referring URLs. If the redirect comes
from some other component, this could produce wrong redirects.
Regards,
Rainer
David Delbecq wrote:
> Not speaking of tomcat, as far as i know https and virtual hosting do
> not mix very well unless the same certificate is used for all hosts.
>
> En l'instant précis du 02/05/07 15:53, Bill Bailey s'exprimait en ces
> termes:
>> Hi,
>>
>>
>>
>> I am trying to run Tomcat 5.5.20 behind Win32 Apache HTTPD 2.2.4 with
>> SSL (downloaded from apachelounge.com) using the AJP connector.
>>
>>
>>
>> I have a virtual host configured on both Tomcat and Apache HTTPD.
>>
>>
>>
>> Everything works fine if I configure my Apache HTTPD virtual host to run
>> unsecured on port 80, but if I set it up to run secured on port 443, it
>> appears that when it forwards an https request to Tomcat, Tomcat is
>> redirecting Apache to http://www.resourcepoint.org
>> <http://www.resourcepoint.org/> . If I also have the port 80 virtual
>> host configured in Apache HTTPD, it simply resubmits the http request to
>> Tomcat which happily processes it (but obviously this is not what was
>> wanted since I am now running unsecured). If the Apache HTTPD port 80
>> virtual host hasn't been configured, Apache can't find a suitable
>> virtual host and tries to serve up the document from htdocs and, of
>> course, fails.
>>
>>
>>
>> I can see in Apache HTTPD log files where it is successfully getting the
>> https request and I can see a connection accepted on port 8009 in the
>> tomcat log files (followed by a line containing Location =
>> http://www.resourcepoint.org/index.jsp). Finally, in the case where the
>> Apache HTTPD port 80 virtual host is not configured I can see entries in
>> the Apache HTTPD error file where it says the file could not be found in
>> htdocs (because that isn't where it is).
>>
>>
>>
>> My question is:
>>
>>
>>
>> Why doesn't Tomcat process this https request? Why is it redirecting
>> Apache to an http URL? Am I missing some configuration parameter that
>> I'm unaware of?
>>
>>
>>
>> I have included fragments of both my Apache and Tomcat configuration
>> files below.
>>
>>
>>
>> Thanks in advance for any assistance you can provide.
>>
>>
>>
>> Bill Bailey
>>
>> Senior Developer / DBA
>>
>> Northland, A Church Distributed
>>
>>
>>
>> Apache Virtual Host Configuration Fragment
>>
>>
>>
>> NameVirtualHost xxx.xx.xx.x:443
>>
>>
>>
>> <VirtualHost xxx.xx.xx.x:443>
>>
>>
>>
>> # General setup for the virtual host
>>
>>
>>
>> ServerName www.resourcepoint.org:443
>>
>> DocumentRoot E:\Apache2\vhosts\resourcepoint
>>
>> ServerAlias www.resourcepoint.org:443
>>
>> ErrorLog logs/resourcepoint-ssl-error_log
>>
>> CustomLog logs/resourcepoint-ssl-access_log common
>>
>>
>>
>> <Directory "E:/Apache2/vhosts/resourcepoint">
>>
>>
>>
>> ... directory stuff in here ...
>>
>>
>>
>> </Directory>
>>
>>
>>
>> <Location / >
>>
>>
>>
>> ProxyPass ajp://127.0.0.1:8009/
>>
>> ProxyPassReverse ajp://127.0.0.1:8009/
>>
>>
>>
>> </Location>
>>
>>
>>
>> ... SSL stuff here ...
>>
>> </VirtualHost>
>>
>>
>>
>> Tomcat Virtual Host Configuration Fragment
>>
>>
>>
>> <Service name="Catalina">
>>
>>
>>
>> <!-- Define a non-SSL HTTP/1.1 Connector on port 8080 -->
>>
>>
>>
>> <Connector port="8888"
>>
>> address="127.0.0.1"
>>
>> maxHttpHeaderSize="8192"
>>
>> maxThreads="150"
>>
>> minSpareThreads="25"
>>
>> maxSpareThreads="75"
>>
>> enableLookups="false"
>>
>> redirectPort="8443"
>>
>> acceptCount="100"
>>
>> connectionTimeout="20000"
>>
>> disableUploadTimeout="true" />
>>
>>
>>
>> <!-- Define an AJP 1.3 Connector on port 8009 -->
>>
>>
>>
>> <Connector port="8009"
>>
>> address="127.0.0.1"
>>
>> enableLookups="false"
>>
>> protocol="AJP/1.3"
>>
>> secure="true"
>>
>> scheme="https"
>>
>> proxyName="www.resourcepoint.org"
>>
>> proxyPort="443" />
>>
>>
>>
>> <!-- Define the top level container in our container hierarchy -->
>>
>>
>>
>> <Engine name="Catalina" defaultHost="www.resourcepoint.org">
>>
>>
>>
>> <Realm className="org.apache.catalina.realm.UserDatabaseRealm"
>> resourceName="UserDatabase" />
>>
>>
>>
>> <Host name="localhost" appBase="webapps" />
>>
>>
>>
>> <Host name="www.resourcepoint.org"
>>
>> appBase="E:\webapps\resourcepoint"
>>
>> unpackWARs="true"
>>
>> autoDeploy="true"
>>
>> xmlValidation="false"
>>
>> xmlNamespaceAware="false">
>>
>>
>>
>> <Context path="" docBase="ROOT" debug="1"/>
>>
>>
>>
>> <Logger className="org.apache.catalina.logger.FileLogger"/>
>>
>> </Host>
>>
>>
>>
>> </Engine>
>>
>>
>>
>> </Service>
>>
>>
>>
>>
>>
>>
>>
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: AJP Connector - Problems Proxying HTTPS Connections
Posted by David Delbecq <de...@oma.be>.
Not speaking of tomcat, as far as i know https and virtual hosting do
not mix very well unless the same certificate is used for all hosts.
En l'instant précis du 02/05/07 15:53, Bill Bailey s'exprimait en ces
termes:
> Hi,
>
>
>
> I am trying to run Tomcat 5.5.20 behind Win32 Apache HTTPD 2.2.4 with
> SSL (downloaded from apachelounge.com) using the AJP connector.
>
>
>
> I have a virtual host configured on both Tomcat and Apache HTTPD.
>
>
>
> Everything works fine if I configure my Apache HTTPD virtual host to run
> unsecured on port 80, but if I set it up to run secured on port 443, it
> appears that when it forwards an https request to Tomcat, Tomcat is
> redirecting Apache to http://www.resourcepoint.org
> <http://www.resourcepoint.org/> . If I also have the port 80 virtual
> host configured in Apache HTTPD, it simply resubmits the http request to
> Tomcat which happily processes it (but obviously this is not what was
> wanted since I am now running unsecured). If the Apache HTTPD port 80
> virtual host hasn't been configured, Apache can't find a suitable
> virtual host and tries to serve up the document from htdocs and, of
> course, fails.
>
>
>
> I can see in Apache HTTPD log files where it is successfully getting the
> https request and I can see a connection accepted on port 8009 in the
> tomcat log files (followed by a line containing Location =
> http://www.resourcepoint.org/index.jsp). Finally, in the case where the
> Apache HTTPD port 80 virtual host is not configured I can see entries in
> the Apache HTTPD error file where it says the file could not be found in
> htdocs (because that isn't where it is).
>
>
>
> My question is:
>
>
>
> Why doesn't Tomcat process this https request? Why is it redirecting
> Apache to an http URL? Am I missing some configuration parameter that
> I'm unaware of?
>
>
>
> I have included fragments of both my Apache and Tomcat configuration
> files below.
>
>
>
> Thanks in advance for any assistance you can provide.
>
>
>
> Bill Bailey
>
> Senior Developer / DBA
>
> Northland, A Church Distributed
>
>
>
> Apache Virtual Host Configuration Fragment
>
>
>
> NameVirtualHost xxx.xx.xx.x:443
>
>
>
> <VirtualHost xxx.xx.xx.x:443>
>
>
>
> # General setup for the virtual host
>
>
>
> ServerName www.resourcepoint.org:443
>
> DocumentRoot E:\Apache2\vhosts\resourcepoint
>
> ServerAlias www.resourcepoint.org:443
>
> ErrorLog logs/resourcepoint-ssl-error_log
>
> CustomLog logs/resourcepoint-ssl-access_log common
>
>
>
> <Directory "E:/Apache2/vhosts/resourcepoint">
>
>
>
> ... directory stuff in here ...
>
>
>
> </Directory>
>
>
>
> <Location / >
>
>
>
> ProxyPass ajp://127.0.0.1:8009/
>
> ProxyPassReverse ajp://127.0.0.1:8009/
>
>
>
> </Location>
>
>
>
> ... SSL stuff here ...
>
> </VirtualHost>
>
>
>
> Tomcat Virtual Host Configuration Fragment
>
>
>
> <Service name="Catalina">
>
>
>
> <!-- Define a non-SSL HTTP/1.1 Connector on port 8080 -->
>
>
>
> <Connector port="8888"
>
> address="127.0.0.1"
>
> maxHttpHeaderSize="8192"
>
> maxThreads="150"
>
> minSpareThreads="25"
>
> maxSpareThreads="75"
>
> enableLookups="false"
>
> redirectPort="8443"
>
> acceptCount="100"
>
> connectionTimeout="20000"
>
> disableUploadTimeout="true" />
>
>
>
> <!-- Define an AJP 1.3 Connector on port 8009 -->
>
>
>
> <Connector port="8009"
>
> address="127.0.0.1"
>
> enableLookups="false"
>
> protocol="AJP/1.3"
>
> secure="true"
>
> scheme="https"
>
> proxyName="www.resourcepoint.org"
>
> proxyPort="443" />
>
>
>
> <!-- Define the top level container in our container hierarchy -->
>
>
>
> <Engine name="Catalina" defaultHost="www.resourcepoint.org">
>
>
>
> <Realm className="org.apache.catalina.realm.UserDatabaseRealm"
> resourceName="UserDatabase" />
>
>
>
> <Host name="localhost" appBase="webapps" />
>
>
>
> <Host name="www.resourcepoint.org"
>
> appBase="E:\webapps\resourcepoint"
>
> unpackWARs="true"
>
> autoDeploy="true"
>
> xmlValidation="false"
>
> xmlNamespaceAware="false">
>
>
>
> <Context path="" docBase="ROOT" debug="1"/>
>
>
>
> <Logger className="org.apache.catalina.logger.FileLogger"/>
>
> </Host>
>
>
>
> </Engine>
>
>
>
> </Service>
>
>
>
>
>
>
>
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org