You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Randeep <ra...@gmail.com> on 2013/12/04 18:22:04 UTC
ssl on tomcat
hi,
I'm using apacche 2.2 as front end and apache tomcat 6.0.37 as backend. I'm
using mod_jk for connecting them.
The problem is. I'm using ssl certificates. I'v configured ssl on apache.
when I connect the site with https. it works. but when I click on an link
it goes. I mean its not secure browsing anymore.
My requirement is as follows.
If user connects as https all the links should work as https.
If the user connects as http all the links should work as http. is such
thing is possible?
--
Randeep
Mob: +919447831699[kerala]
Mob: +919880050349[B'lore]
I blog here:
http://www.randeeppr.me/
Follow me Here:
http://twitter.com/Randeeppr
Poke me here!
http://www.facebook.com/Randeeppr
A little Linux Help
http://www.linuxhelp.in/
Work profile:
http://in.linkedin.com/in/randeeppr
Re: ssl on tomcat
Posted by André Warnier <aw...@ice-sa.com>.
Please do not top-post.
It is annoying when someone is trying to figure out what you are talking about.
Randeep wrote:
> Chris,
> Yes. I have so many http links as some of our old submitted apps used non
> secured http links. as the apps are in use we cannot change it. I cannot
> use any redirect rules to convert all the http to https because of that.
>
Well then, basically, you are doomed.
The basic problem is that these old apps are very badly written, if they use absolute URLs
to point to things on the same site.
The only real good way to do this, is to modify these apps and pages, to use relative
links. Maybe you could do that with some automated script ?
s#http://myserver.com/(.*)$#/$1#g
Otherwise, you are going to be applying patches over patches over redirects over rewrites
all over the place, and there will always be something not working, and it will be a
maintenance nightmare.
What you have to think about it this :
- If *the browser* gets a html page containing a link that starts with "http://", then
*the browser* is going to establish a HTTP (non-secure) connection with the server, and
send that request through this connection.
- If *the browser* gets a html page containing a link that starts with "https://", then
*the browser* is going to establish a HTTPS (secure) connection with the server, and pass
that request through this connection.
There is nothing that the server can do, to magically change a HTTP to a HTTPS connection.
(At best, the server could send back a "redirect" response).
So if your pages, server-side, originally contain links that start with "http://", you
have to change those links, *inside of the pages*, before you send them to the browser.
Otherwise there is little that you can do on the server side.
You can theoretically achieve this, on the server side, with a filter which examines all
the outgoing pages and replaces the links in them before they go out to the browser, but
as you can imagine this is very inefficient, and prone to errors.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: ssl on tomcat
Posted by Christopher Schultz <ch...@christopherschultz.net>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Randeep,
On 12/4/13, 1:30 PM, Randeep wrote:
> Chris, Yes. I have so many http links as some of our old submitted
> apps used non secured http links. as the apps are in use we cannot
> change it. I cannot use any redirect rules to convert all the http
> to https because of that.
>
> We use struts for framework. And normal jsp pages. I'm not a
> developer so cant say much about it.
>
> This is in my server.xml <Listener
> className="org.apache.catalina.core.AprLifecycleListener"
> SSLEngine="on" /> <Connector port="8080" protocol="HTTP/1.1"
> connectionTimeout="20000" redirectPort="8443" /> <Connector
> port="8009" protocol="AJP/1.3" redirectPort="8443" />
>
>
> [root@server conf.d]# cat mod_jk.conf # Where to find
> workers.properties JkWorkersFile
> /etc/httpd/conf.d/workers.properties # Where to put jk logs
> JkLogFile /var/log/httpd/mod_jk.log # Set the jk log level
> [debug/error/info] JkLogLevel info # Select the log format
> JkLogStampFormat "[%a %b %d %H:%M:%S %Y] " # JkOptions indicate to
> send SSL KEY SIZE, JkOptions +ForwardKeySize +ForwardURICompat
> -ForwardDirectories # JkRequestLogFormat set the request format
> JkRequestLogFormat "%w %V %T" # Send servlet for context /examples
> to worker named worker1 #JkMount /examples worker1 # Send JSPs for
> context /examples/* to worker named worker1 JkMount /* worker1
> JkShmFile /etc/httpd/logs/jk-runtime-status
>
> [root@server conf.d]# cat /etc/httpd/conf.d/workers.properties
> #workers.tomcat_home=/usr/tomcat/apache-tomcat-6.0.26
> #workers.tomcat_home=/usr/share/tomcat5
> workers.tomcat_home=/usr/share/apache-tomcat-6.0.37/
> workers.java_home=/usr/java/default ps=/ worker.list=worker1
> worker.default.port=8009 worker.default.host=localhost
> worker.default.type=ajp13 #worker.default.lbfactor=1
>
> Let me know if there is anything else i need to provide
Yes. What do your links look like in your pages?
- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.15 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iQIcBAEBCAAGBQJSoMX5AAoJEBzwKT+lPKRY+bMP/1bsOUTESydTjx0uP7SxYzeZ
FES9UkmjtcqV3UNarMwRg9QfdUpQMZQjDoQ1Gqa+wBITgpI87j5QTJApiwOPLK/9
dH6QAd79vDWP+HctlfdYyLnBEzEvKnFTHSsVibP9bHBz+YPXZOXVyatPf7Rn5ZjP
wG5Jp60AP1sQ4bM7zSlG9oxPT2V534LkS9/r3804rehg9Y3e4bOH9wSx+ZMu85qf
nK596yEF8C9DY2A6Ngddb5pcqg2ZHM5JpE2GX30s+hcIg9+QIKTX3dXgVHXvVBmD
pEfrp53J8t1UQVgK5GVcIJUe7r2Tl/vsnTeU6vvHJiafSNd9qQiG5F1wHHdFwPe9
Ugr12vCX76RrLpANaCe9Dc5fq1nWLjzdH/2S1Pd5KXbFLRNZV1+dV2x+z6m1nDfR
RTwy5TwkiYBUuo4qPxl/D5rUQVt3Um4BzuQXPikd1hAiUXnT8AZhzovc+CuOx5UW
ssTXdSOJRk/Ubz6DMHtkcTnHiNUlmcP+zMH/udGHKNBbZU7JRGkp6mPYg3WuoXv5
kjxXIPelXiDGfIajioxUvBc7BxwGEfuDuym189WlhFrkVAlt2laU3zmGJQAIbtW8
650yRjFj3JAQtTQ+1tBHHhOXCSfLxAwA4Xf/Ah0+5voSSsSmkIVb4Da2e80/wWlZ
qTiIADVgqbfkZ9vkzY19
=gBPr
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: ssl on tomcat
Posted by Randeep <ra...@gmail.com>.
Chris,
Yes. I have so many http links as some of our old submitted apps used non
secured http links. as the apps are in use we cannot change it. I cannot
use any redirect rules to convert all the http to https because of that.
We use struts for framework. And normal jsp pages. I'm not a developer so
cant say much about it.
This is in my server.xml
<Listener className="org.apache.catalina.core.AprLifecycleListener"
SSLEngine="on" />
<Connector port="8080" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="8443" />
<Connector port="8009" protocol="AJP/1.3" redirectPort="8443" />
[root@server conf.d]# cat mod_jk.conf
# Where to find workers.properties
JkWorkersFile /etc/httpd/conf.d/workers.properties
# Where to put jk logs
JkLogFile /var/log/httpd/mod_jk.log
# Set the jk log level [debug/error/info]
JkLogLevel info
# Select the log format
JkLogStampFormat "[%a %b %d %H:%M:%S %Y] "
# JkOptions indicate to send SSL KEY SIZE,
JkOptions +ForwardKeySize +ForwardURICompat -ForwardDirectories
# JkRequestLogFormat set the request format
JkRequestLogFormat "%w %V %T"
# Send servlet for context /examples to worker named worker1
#JkMount /examples worker1
# Send JSPs for context /examples/* to worker named worker1
JkMount /* worker1
JkShmFile /etc/httpd/logs/jk-runtime-status
[root@server conf.d]# cat /etc/httpd/conf.d/workers.properties
#workers.tomcat_home=/usr/tomcat/apache-tomcat-6.0.26
#workers.tomcat_home=/usr/share/tomcat5
workers.tomcat_home=/usr/share/apache-tomcat-6.0.37/
workers.java_home=/usr/java/default
ps=/
worker.list=worker1
worker.default.port=8009
worker.default.host=localhost
worker.default.type=ajp13
#worker.default.lbfactor=1
Let me know if there is anything else i need to provide
Thanks.
On Wed, Dec 4, 2013 at 11:18 PM, Christopher Schultz <
chris@christopherschultz.net> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> Randeep,
>
> On 12/4/13, 12:22 PM, Randeep wrote:
> > I'm using apacche 2.2 as front end and apache tomcat 6.0.37 as
> > backend. I'm using mod_jk for connecting them.
> >
> > The problem is. I'm using ssl certificates. I'v configured ssl on
> > apache. when I connect the site with https. it works. but when I
> > click on an link it goes. I mean its not secure browsing anymore.
>
> Do you mean that links on your https:// pages are http:// (i.e.
> non-secure) links?
>
> What does the code look like that produced your pages (e.g. static
> file, JSP, or servlet)?
>
> > My requirement is as follows.
> >
> > If user connects as https all the links should work as https. If
> > the user connects as http all the links should work as http. is
> > such thing is possible?
>
> Absolutely. You just need to supply more information.
>
> Give us the following and we can help:
>
> 1. <Connector> configuration for all connectors. Remember to remove
> any sensitive information you may have in that configuration.
>
> 2. Explain how your webapp produces link URLs. An example would be great.
>
> - -chris
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.15 (Darwin)
> Comment: GPGTools - http://gpgtools.org
> Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
>
> iQIcBAEBCAAGBQJSn2rmAAoJEBzwKT+lPKRYejMP+wcKlv7ap7c2D4gU/tO2jEru
> 7hRmaJO9wYHaM6WGCPA4tRzqEwBw3vrUBLIu7roGSqLiqecK/uDxa0IqEFi9uvEc
> N4ba9BA+khHftEw5xPaSmZjtsQ/al0eTpaej6s4FgTS7EOUxK1yvAz84aZZlA3aA
> ArAjz9VhNZZ49/KWjYEHSdL59bOvwn9uvnKUxTRIrrJoj1LKj26R85OPV6nnPDPT
> y7Vo8XsCSxnqPTTkOW4goNrIP4LjyuKES1HjtWIolbCOLYBSVUaaTr1NXZcB6eX/
> UKvb0uDTYxyLXgrGwJbE2XK/oZUsbr9lMIy65o3acrTyuBR4JBx4bL0HMTbpvZz9
> dOPmQPaxpJ0uIttfnlk1rshCO8mfMhWv6L1yzuPOZy42KObwYmvV1PA2jZy7V6wR
> 3bv6T5lrDAJmU5kl1U67jcGLYGxjFGu8jHtsp56eP3ACV6ZbliVOmDK52mvuzBJr
> TYal0brQZnIzrmUeP3By07y+rDJnHOwihNwRT+dOOUH1mwA4zXzTe6+rm41G7tbX
> 7hDG4YNqBuxahqqdBBXZQnsPRa511o+IVlWS82IO0r08Yfk2Ki459Guv4qCkMg+y
> QfWK/WeszLURnURaNUubkhWARUBkEds+ghh/wMAAVJ3wcbD74hjMhoah1y2vcOcQ
> q/4Ny9yxlarj99aJ1wSe
> =rdj7
> -----END PGP SIGNATURE-----
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>
--
Randeep
Mob: +919447831699[kerala]
Mob: +919880050349[B'lore]
I blog here:
http://www.randeeppr.me/
Follow me Here:
http://twitter.com/Randeeppr
Poke me here!
http://www.facebook.com/Randeeppr
A little Linux Help
http://www.linuxhelp.in/
Work profile:
http://in.linkedin.com/in/randeeppr
Re: ssl on tomcat
Posted by Christopher Schultz <ch...@christopherschultz.net>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Randeep,
On 12/4/13, 12:22 PM, Randeep wrote:
> I'm using apacche 2.2 as front end and apache tomcat 6.0.37 as
> backend. I'm using mod_jk for connecting them.
>
> The problem is. I'm using ssl certificates. I'v configured ssl on
> apache. when I connect the site with https. it works. but when I
> click on an link it goes. I mean its not secure browsing anymore.
Do you mean that links on your https:// pages are http:// (i.e.
non-secure) links?
What does the code look like that produced your pages (e.g. static
file, JSP, or servlet)?
> My requirement is as follows.
>
> If user connects as https all the links should work as https. If
> the user connects as http all the links should work as http. is
> such thing is possible?
Absolutely. You just need to supply more information.
Give us the following and we can help:
1. <Connector> configuration for all connectors. Remember to remove
any sensitive information you may have in that configuration.
2. Explain how your webapp produces link URLs. An example would be great.
- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.15 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iQIcBAEBCAAGBQJSn2rmAAoJEBzwKT+lPKRYejMP+wcKlv7ap7c2D4gU/tO2jEru
7hRmaJO9wYHaM6WGCPA4tRzqEwBw3vrUBLIu7roGSqLiqecK/uDxa0IqEFi9uvEc
N4ba9BA+khHftEw5xPaSmZjtsQ/al0eTpaej6s4FgTS7EOUxK1yvAz84aZZlA3aA
ArAjz9VhNZZ49/KWjYEHSdL59bOvwn9uvnKUxTRIrrJoj1LKj26R85OPV6nnPDPT
y7Vo8XsCSxnqPTTkOW4goNrIP4LjyuKES1HjtWIolbCOLYBSVUaaTr1NXZcB6eX/
UKvb0uDTYxyLXgrGwJbE2XK/oZUsbr9lMIy65o3acrTyuBR4JBx4bL0HMTbpvZz9
dOPmQPaxpJ0uIttfnlk1rshCO8mfMhWv6L1yzuPOZy42KObwYmvV1PA2jZy7V6wR
3bv6T5lrDAJmU5kl1U67jcGLYGxjFGu8jHtsp56eP3ACV6ZbliVOmDK52mvuzBJr
TYal0brQZnIzrmUeP3By07y+rDJnHOwihNwRT+dOOUH1mwA4zXzTe6+rm41G7tbX
7hDG4YNqBuxahqqdBBXZQnsPRa511o+IVlWS82IO0r08Yfk2Ki459Guv4qCkMg+y
QfWK/WeszLURnURaNUubkhWARUBkEds+ghh/wMAAVJ3wcbD74hjMhoah1y2vcOcQ
q/4Ny9yxlarj99aJ1wSe
=rdj7
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org