You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Meir Yanovich <me...@gmail.com> on 2008/06/30 10:40:26 UTC
[users@httpd] how to configure apache+ssl+mod_jk+tomcat
Hello all
im having problem on configuring apache 2.2 forward ssl requests to tomcat
im using basic configuration that i collected on the web ( mostly
using old apache )
im can use ssl on the apache htdocs . but i can't make it forward to
the tomcat .
by the way with no ssl the http forwarding to tomcat works fine .
here is my configuration :
in the http-ssl.conf i have the standard configuration i didn't
change any thing beside
SSLCertificateKeyFile and the SSLCertificateFile to the proper files
and the mod_jk conf in the httpd.conf looks like this :
#*****************************************************
# Load mod_jk module
# Update this path to match your modules location
LoadModule jk_module modules/mod_jk.so
# The workers that jk should create and work with
# Define 1 real worker using ajp13
JkWorkerProperty worker.list=Tomcat01
JkWorkerProperty worker.Tomcat01.type=ajp13
JkWorkerProperty worker.Tomcat01.host=app1
JkWorkerProperty worker.Tomcat01.port=48333
# Should mod_jk send SSL information to Tomcat (default is On)
JkExtractSSL off
# What is the indicator for SSL (default is HTTPS)
JkHTTPSIndicator HTTPS
# What is the indicator for SSL session (default is SSL_SESSION_ID)
JkSESSIONIndicator SSL_SESSION_ID
# What is the indicator for client SSL cipher suit (default is SSL_CIPHER)
JkCIPHERIndicator SSL_CIPHER
# What is the indicator for the client SSL certificated (default is
SSL_CLIENT_CERT)
JkCERTSIndicator SSL_CLIENT_CERT
# JkOptions indicate to send SSL KEY SIZE,
JkOptions +ForwardKeySize +ForwardURICompat -ForwardDirectories
# Where to put jk logs
# Update this path to match your logs directory location (put
mod_jk.log next to access_log)
JkLogFile logs/mod_jk.log
# Set the jk log level [debug/error/info]
JkLogLevel debug
# Select the timestamp log format
JkLogStampFormat "[%a %b %d %H:%M:%S %Y] "
# Set the request log format
JkRequestLogFormat "%w %V %T %b %H %s %m %U %q"
# Send everything for context /examples to worker named worker1 (ajp13)
JkMount /* Tomcat01
# Serve html, jpg and gif using httpd
JkUnMount /*.html ajp13
JkUnMount /*.jpg ajp13
JkUnMount /*.gif ajp13
only when i browse to the port that is in the Listen 8000 the
forwarding to tomcat works but this is not ssl as i need
what im doing wrong here ? can it be done ?
thanks
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] how to configure apache+ssl+mod_jk+tomcat
Posted by Serge Dubrouski <se...@gmail.com>.
On Mon, Jun 30, 2008 at 7:04 AM, Meir Yanovich <me...@gmail.com> wrote:
> hi thanks for the fast reply , i did what you said , and moved the
> JkMount configuration
> to be under the <VirtualHost _default_:443> in http-ssl.conf.
> and it does work .
> i will never could guess that . part of the mod_jk config is in the
> http.conf and other part in the http-ssl.conf.
Glad that it helped.
You could have it just outside of any <VirtualServer> definition and
it'll work for all of them.
>
> ok i have another question now i all of my jsp application is secured
> with ssl , what if i like
> to secure only parts of the application for example
> only this 3 directories only and the rest will be not secured
> d:/tomcat/webapps/ROOT/ThisSecureDir1/
> d:/tomcat/webapps/ROOT/ThisSecureDir2/
> d:/tomcat/webapps/ROOT/ThisSecureDir3/
Then define separate Mount definitions. You can even have different
workers defined for different Tomcat instances and point different
mounts to different workers.
>
> Thanks Again
>
>
> On Mon, Jun 30, 2008 at 3:46 PM, Serge Dubrouski <se...@gmail.com> wrote:
>> It sounds like you have an HTTP virtual server configured on port 8000
>> and HTTPS virtual server configured on port 443. Most probably your
>> mod_jk commands are defined in the scope of HTPP server and aren't
>> active on the scope of HTTPS server. Try to move/duplicate them in the
>> http-ssl.conf inside the VirtualServer definition or make sure that
>> they are diefined in the global scope, not HTTP virtual server scope.
>>
>> On Mon, Jun 30, 2008 at 6:16 AM, Meir Yanovich <me...@gmail.com> wrote:
>>> it looks like this : ( i changed it from the default 8009 )
>>>
>>> <Connector port="8443" maxHttpHeaderSize="8192"
>>> maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
>>> enableLookups="false" disableUploadTimeout="true"
>>> acceptCount="100" scheme="https" secure="true"
>>> keystoreFile="D:/tomcat/conf/keystore" keystorePass="password" />
>>>
>>> <Connector port="48333"
>>> enableLookups="false" redirectPort="8443" protocol="AJP/1.3"
>>> secure="true" connectionTimeout="0" threadPriority="5"
>>> connectionUploadTimeout="0" connectionLinger="0"
>>> maxSpareThreads="50" maxThreads="200"
>>> maxKeepAliveRequests="100" disableUploadTimeout="false"
>>> uRIEncoding="null" tcpNoDelay="false" minSpareThreads="4"
>>> acceptCount="60000" />
>>>
>>> On Mon, Jun 30, 2008 at 3:00 PM, Serge Dubrouski <se...@gmail.com> wrote:
>>>> How does your Tomcat's server.xml file looks like? Does it have an AJP
>>>> listener on port 48333 like you configured in workers file?
>>>>
>>>> On Mon, Jun 30, 2008 at 2:40 AM, Meir Yanovich <me...@gmail.com> wrote:
>>>>> Hello all
>>>>> im having problem on configuring apache 2.2 forward ssl requests to tomcat
>>>>> im using basic configuration that i collected on the web ( mostly
>>>>> using old apache )
>>>>> im can use ssl on the apache htdocs . but i can't make it forward to
>>>>> the tomcat .
>>>>> by the way with no ssl the http forwarding to tomcat works fine .
>>>>> here is my configuration :
>>>>> in the http-ssl.conf i have the standard configuration i didn't
>>>>> change any thing beside
>>>>> SSLCertificateKeyFile and the SSLCertificateFile to the proper files
>>>>> and the mod_jk conf in the httpd.conf looks like this :
>>>>>
>>>>> #*****************************************************
>>>>> # Load mod_jk module
>>>>> # Update this path to match your modules location
>>>>> LoadModule jk_module modules/mod_jk.so
>>>>>
>>>>> # The workers that jk should create and work with
>>>>> # Define 1 real worker using ajp13
>>>>> JkWorkerProperty worker.list=Tomcat01
>>>>>
>>>>> JkWorkerProperty worker.Tomcat01.type=ajp13
>>>>> JkWorkerProperty worker.Tomcat01.host=app1
>>>>> JkWorkerProperty worker.Tomcat01.port=48333
>>>>>
>>>>> # Should mod_jk send SSL information to Tomcat (default is On)
>>>>> JkExtractSSL off
>>>>> # What is the indicator for SSL (default is HTTPS)
>>>>> JkHTTPSIndicator HTTPS
>>>>> # What is the indicator for SSL session (default is SSL_SESSION_ID)
>>>>> JkSESSIONIndicator SSL_SESSION_ID
>>>>> # What is the indicator for client SSL cipher suit (default is SSL_CIPHER)
>>>>> JkCIPHERIndicator SSL_CIPHER
>>>>> # What is the indicator for the client SSL certificated (default is
>>>>> SSL_CLIENT_CERT)
>>>>> JkCERTSIndicator SSL_CLIENT_CERT
>>>>>
>>>>> # JkOptions indicate to send SSL KEY SIZE,
>>>>> JkOptions +ForwardKeySize +ForwardURICompat -ForwardDirectories
>>>>> # Where to put jk logs
>>>>> # Update this path to match your logs directory location (put
>>>>> mod_jk.log next to access_log)
>>>>> JkLogFile logs/mod_jk.log
>>>>>
>>>>> # Set the jk log level [debug/error/info]
>>>>> JkLogLevel debug
>>>>>
>>>>> # Select the timestamp log format
>>>>> JkLogStampFormat "[%a %b %d %H:%M:%S %Y] "
>>>>>
>>>>> # Set the request log format
>>>>> JkRequestLogFormat "%w %V %T %b %H %s %m %U %q"
>>>>>
>>>>> # Send everything for context /examples to worker named worker1 (ajp13)
>>>>> JkMount /* Tomcat01
>>>>>
>>>>> # Serve html, jpg and gif using httpd
>>>>> JkUnMount /*.html ajp13
>>>>> JkUnMount /*.jpg ajp13
>>>>> JkUnMount /*.gif ajp13
>>>>>
>>>>>
>>>>> only when i browse to the port that is in the Listen 8000 the
>>>>> forwarding to tomcat works but this is not ssl as i need
>>>>> what im doing wrong here ? can it be done ?
>>>>> thanks
>>>>>
>>>>> ---------------------------------------------------------------------
>>>>> The official User-To-User support forum of the Apache HTTP Server Project.
>>>>> See <URL:http://httpd.apache.org/userslist.html> for more info.
>>>>> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>>>>> " from the digest: users-digest-unsubscribe@httpd.apache.org
>>>>> For additional commands, e-mail: users-help@httpd.apache.org
>>>>>
>>>>>
>>>>
>>>>
>>>>
>>>> --
>>>> Serge Dubrouski.
>>>>
>>>> ---------------------------------------------------------------------
>>>> The official User-To-User support forum of the Apache HTTP Server Project.
>>>> See <URL:http://httpd.apache.org/userslist.html> for more info.
>>>> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>>>> " from the digest: users-digest-unsubscribe@httpd.apache.org
>>>> For additional commands, e-mail: users-help@httpd.apache.org
>>>>
>>>>
>>>
>>> ---------------------------------------------------------------------
>>> The official User-To-User support forum of the Apache HTTP Server Project.
>>> See <URL:http://httpd.apache.org/userslist.html> for more info.
>>> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>>> " from the digest: users-digest-unsubscribe@httpd.apache.org
>>> For additional commands, e-mail: users-help@httpd.apache.org
>>>
>>>
>>
>>
>>
>> --
>> Serge Dubrouski.
>>
>> ---------------------------------------------------------------------
>> The official User-To-User support forum of the Apache HTTP Server Project.
>> See <URL:http://httpd.apache.org/userslist.html> for more info.
>> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>> " from the digest: users-digest-unsubscribe@httpd.apache.org
>> For additional commands, e-mail: users-help@httpd.apache.org
>>
>>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>
--
Serge Dubrouski.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] how to configure apache+ssl+mod_jk+tomcat
Posted by Meir Yanovich <me...@gmail.com>.
hi thanks for the fast reply , i did what you said , and moved the
JkMount configuration
to be under the <VirtualHost _default_:443> in http-ssl.conf.
and it does work .
i will never could guess that . part of the mod_jk config is in the
http.conf and other part in the http-ssl.conf.
ok i have another question now i all of my jsp application is secured
with ssl , what if i like
to secure only parts of the application for example
only this 3 directories only and the rest will be not secured
d:/tomcat/webapps/ROOT/ThisSecureDir1/
d:/tomcat/webapps/ROOT/ThisSecureDir2/
d:/tomcat/webapps/ROOT/ThisSecureDir3/
Thanks Again
On Mon, Jun 30, 2008 at 3:46 PM, Serge Dubrouski <se...@gmail.com> wrote:
> It sounds like you have an HTTP virtual server configured on port 8000
> and HTTPS virtual server configured on port 443. Most probably your
> mod_jk commands are defined in the scope of HTPP server and aren't
> active on the scope of HTTPS server. Try to move/duplicate them in the
> http-ssl.conf inside the VirtualServer definition or make sure that
> they are diefined in the global scope, not HTTP virtual server scope.
>
> On Mon, Jun 30, 2008 at 6:16 AM, Meir Yanovich <me...@gmail.com> wrote:
>> it looks like this : ( i changed it from the default 8009 )
>>
>> <Connector port="8443" maxHttpHeaderSize="8192"
>> maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
>> enableLookups="false" disableUploadTimeout="true"
>> acceptCount="100" scheme="https" secure="true"
>> keystoreFile="D:/tomcat/conf/keystore" keystorePass="password" />
>>
>> <Connector port="48333"
>> enableLookups="false" redirectPort="8443" protocol="AJP/1.3"
>> secure="true" connectionTimeout="0" threadPriority="5"
>> connectionUploadTimeout="0" connectionLinger="0"
>> maxSpareThreads="50" maxThreads="200"
>> maxKeepAliveRequests="100" disableUploadTimeout="false"
>> uRIEncoding="null" tcpNoDelay="false" minSpareThreads="4"
>> acceptCount="60000" />
>>
>> On Mon, Jun 30, 2008 at 3:00 PM, Serge Dubrouski <se...@gmail.com> wrote:
>>> How does your Tomcat's server.xml file looks like? Does it have an AJP
>>> listener on port 48333 like you configured in workers file?
>>>
>>> On Mon, Jun 30, 2008 at 2:40 AM, Meir Yanovich <me...@gmail.com> wrote:
>>>> Hello all
>>>> im having problem on configuring apache 2.2 forward ssl requests to tomcat
>>>> im using basic configuration that i collected on the web ( mostly
>>>> using old apache )
>>>> im can use ssl on the apache htdocs . but i can't make it forward to
>>>> the tomcat .
>>>> by the way with no ssl the http forwarding to tomcat works fine .
>>>> here is my configuration :
>>>> in the http-ssl.conf i have the standard configuration i didn't
>>>> change any thing beside
>>>> SSLCertificateKeyFile and the SSLCertificateFile to the proper files
>>>> and the mod_jk conf in the httpd.conf looks like this :
>>>>
>>>> #*****************************************************
>>>> # Load mod_jk module
>>>> # Update this path to match your modules location
>>>> LoadModule jk_module modules/mod_jk.so
>>>>
>>>> # The workers that jk should create and work with
>>>> # Define 1 real worker using ajp13
>>>> JkWorkerProperty worker.list=Tomcat01
>>>>
>>>> JkWorkerProperty worker.Tomcat01.type=ajp13
>>>> JkWorkerProperty worker.Tomcat01.host=app1
>>>> JkWorkerProperty worker.Tomcat01.port=48333
>>>>
>>>> # Should mod_jk send SSL information to Tomcat (default is On)
>>>> JkExtractSSL off
>>>> # What is the indicator for SSL (default is HTTPS)
>>>> JkHTTPSIndicator HTTPS
>>>> # What is the indicator for SSL session (default is SSL_SESSION_ID)
>>>> JkSESSIONIndicator SSL_SESSION_ID
>>>> # What is the indicator for client SSL cipher suit (default is SSL_CIPHER)
>>>> JkCIPHERIndicator SSL_CIPHER
>>>> # What is the indicator for the client SSL certificated (default is
>>>> SSL_CLIENT_CERT)
>>>> JkCERTSIndicator SSL_CLIENT_CERT
>>>>
>>>> # JkOptions indicate to send SSL KEY SIZE,
>>>> JkOptions +ForwardKeySize +ForwardURICompat -ForwardDirectories
>>>> # Where to put jk logs
>>>> # Update this path to match your logs directory location (put
>>>> mod_jk.log next to access_log)
>>>> JkLogFile logs/mod_jk.log
>>>>
>>>> # Set the jk log level [debug/error/info]
>>>> JkLogLevel debug
>>>>
>>>> # Select the timestamp log format
>>>> JkLogStampFormat "[%a %b %d %H:%M:%S %Y] "
>>>>
>>>> # Set the request log format
>>>> JkRequestLogFormat "%w %V %T %b %H %s %m %U %q"
>>>>
>>>> # Send everything for context /examples to worker named worker1 (ajp13)
>>>> JkMount /* Tomcat01
>>>>
>>>> # Serve html, jpg and gif using httpd
>>>> JkUnMount /*.html ajp13
>>>> JkUnMount /*.jpg ajp13
>>>> JkUnMount /*.gif ajp13
>>>>
>>>>
>>>> only when i browse to the port that is in the Listen 8000 the
>>>> forwarding to tomcat works but this is not ssl as i need
>>>> what im doing wrong here ? can it be done ?
>>>> thanks
>>>>
>>>> ---------------------------------------------------------------------
>>>> The official User-To-User support forum of the Apache HTTP Server Project.
>>>> See <URL:http://httpd.apache.org/userslist.html> for more info.
>>>> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>>>> " from the digest: users-digest-unsubscribe@httpd.apache.org
>>>> For additional commands, e-mail: users-help@httpd.apache.org
>>>>
>>>>
>>>
>>>
>>>
>>> --
>>> Serge Dubrouski.
>>>
>>> ---------------------------------------------------------------------
>>> The official User-To-User support forum of the Apache HTTP Server Project.
>>> See <URL:http://httpd.apache.org/userslist.html> for more info.
>>> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>>> " from the digest: users-digest-unsubscribe@httpd.apache.org
>>> For additional commands, e-mail: users-help@httpd.apache.org
>>>
>>>
>>
>> ---------------------------------------------------------------------
>> The official User-To-User support forum of the Apache HTTP Server Project.
>> See <URL:http://httpd.apache.org/userslist.html> for more info.
>> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>> " from the digest: users-digest-unsubscribe@httpd.apache.org
>> For additional commands, e-mail: users-help@httpd.apache.org
>>
>>
>
>
>
> --
> Serge Dubrouski.
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] how to configure apache+ssl+mod_jk+tomcat
Posted by Serge Dubrouski <se...@gmail.com>.
It sounds like you have an HTTP virtual server configured on port 8000
and HTTPS virtual server configured on port 443. Most probably your
mod_jk commands are defined in the scope of HTPP server and aren't
active on the scope of HTTPS server. Try to move/duplicate them in the
http-ssl.conf inside the VirtualServer definition or make sure that
they are diefined in the global scope, not HTTP virtual server scope.
On Mon, Jun 30, 2008 at 6:16 AM, Meir Yanovich <me...@gmail.com> wrote:
> it looks like this : ( i changed it from the default 8009 )
>
> <Connector port="8443" maxHttpHeaderSize="8192"
> maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
> enableLookups="false" disableUploadTimeout="true"
> acceptCount="100" scheme="https" secure="true"
> keystoreFile="D:/tomcat/conf/keystore" keystorePass="password" />
>
> <Connector port="48333"
> enableLookups="false" redirectPort="8443" protocol="AJP/1.3"
> secure="true" connectionTimeout="0" threadPriority="5"
> connectionUploadTimeout="0" connectionLinger="0"
> maxSpareThreads="50" maxThreads="200"
> maxKeepAliveRequests="100" disableUploadTimeout="false"
> uRIEncoding="null" tcpNoDelay="false" minSpareThreads="4"
> acceptCount="60000" />
>
> On Mon, Jun 30, 2008 at 3:00 PM, Serge Dubrouski <se...@gmail.com> wrote:
>> How does your Tomcat's server.xml file looks like? Does it have an AJP
>> listener on port 48333 like you configured in workers file?
>>
>> On Mon, Jun 30, 2008 at 2:40 AM, Meir Yanovich <me...@gmail.com> wrote:
>>> Hello all
>>> im having problem on configuring apache 2.2 forward ssl requests to tomcat
>>> im using basic configuration that i collected on the web ( mostly
>>> using old apache )
>>> im can use ssl on the apache htdocs . but i can't make it forward to
>>> the tomcat .
>>> by the way with no ssl the http forwarding to tomcat works fine .
>>> here is my configuration :
>>> in the http-ssl.conf i have the standard configuration i didn't
>>> change any thing beside
>>> SSLCertificateKeyFile and the SSLCertificateFile to the proper files
>>> and the mod_jk conf in the httpd.conf looks like this :
>>>
>>> #*****************************************************
>>> # Load mod_jk module
>>> # Update this path to match your modules location
>>> LoadModule jk_module modules/mod_jk.so
>>>
>>> # The workers that jk should create and work with
>>> # Define 1 real worker using ajp13
>>> JkWorkerProperty worker.list=Tomcat01
>>>
>>> JkWorkerProperty worker.Tomcat01.type=ajp13
>>> JkWorkerProperty worker.Tomcat01.host=app1
>>> JkWorkerProperty worker.Tomcat01.port=48333
>>>
>>> # Should mod_jk send SSL information to Tomcat (default is On)
>>> JkExtractSSL off
>>> # What is the indicator for SSL (default is HTTPS)
>>> JkHTTPSIndicator HTTPS
>>> # What is the indicator for SSL session (default is SSL_SESSION_ID)
>>> JkSESSIONIndicator SSL_SESSION_ID
>>> # What is the indicator for client SSL cipher suit (default is SSL_CIPHER)
>>> JkCIPHERIndicator SSL_CIPHER
>>> # What is the indicator for the client SSL certificated (default is
>>> SSL_CLIENT_CERT)
>>> JkCERTSIndicator SSL_CLIENT_CERT
>>>
>>> # JkOptions indicate to send SSL KEY SIZE,
>>> JkOptions +ForwardKeySize +ForwardURICompat -ForwardDirectories
>>> # Where to put jk logs
>>> # Update this path to match your logs directory location (put
>>> mod_jk.log next to access_log)
>>> JkLogFile logs/mod_jk.log
>>>
>>> # Set the jk log level [debug/error/info]
>>> JkLogLevel debug
>>>
>>> # Select the timestamp log format
>>> JkLogStampFormat "[%a %b %d %H:%M:%S %Y] "
>>>
>>> # Set the request log format
>>> JkRequestLogFormat "%w %V %T %b %H %s %m %U %q"
>>>
>>> # Send everything for context /examples to worker named worker1 (ajp13)
>>> JkMount /* Tomcat01
>>>
>>> # Serve html, jpg and gif using httpd
>>> JkUnMount /*.html ajp13
>>> JkUnMount /*.jpg ajp13
>>> JkUnMount /*.gif ajp13
>>>
>>>
>>> only when i browse to the port that is in the Listen 8000 the
>>> forwarding to tomcat works but this is not ssl as i need
>>> what im doing wrong here ? can it be done ?
>>> thanks
>>>
>>> ---------------------------------------------------------------------
>>> The official User-To-User support forum of the Apache HTTP Server Project.
>>> See <URL:http://httpd.apache.org/userslist.html> for more info.
>>> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>>> " from the digest: users-digest-unsubscribe@httpd.apache.org
>>> For additional commands, e-mail: users-help@httpd.apache.org
>>>
>>>
>>
>>
>>
>> --
>> Serge Dubrouski.
>>
>> ---------------------------------------------------------------------
>> The official User-To-User support forum of the Apache HTTP Server Project.
>> See <URL:http://httpd.apache.org/userslist.html> for more info.
>> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>> " from the digest: users-digest-unsubscribe@httpd.apache.org
>> For additional commands, e-mail: users-help@httpd.apache.org
>>
>>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>
--
Serge Dubrouski.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] how to configure apache+ssl+mod_jk+tomcat
Posted by Meir Yanovich <me...@gmail.com>.
it looks like this : ( i changed it from the default 8009 )
<Connector port="8443" maxHttpHeaderSize="8192"
maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
enableLookups="false" disableUploadTimeout="true"
acceptCount="100" scheme="https" secure="true"
keystoreFile="D:/tomcat/conf/keystore" keystorePass="password" />
<Connector port="48333"
enableLookups="false" redirectPort="8443" protocol="AJP/1.3"
secure="true" connectionTimeout="0" threadPriority="5"
connectionUploadTimeout="0" connectionLinger="0"
maxSpareThreads="50" maxThreads="200"
maxKeepAliveRequests="100" disableUploadTimeout="false"
uRIEncoding="null" tcpNoDelay="false" minSpareThreads="4"
acceptCount="60000" />
On Mon, Jun 30, 2008 at 3:00 PM, Serge Dubrouski <se...@gmail.com> wrote:
> How does your Tomcat's server.xml file looks like? Does it have an AJP
> listener on port 48333 like you configured in workers file?
>
> On Mon, Jun 30, 2008 at 2:40 AM, Meir Yanovich <me...@gmail.com> wrote:
>> Hello all
>> im having problem on configuring apache 2.2 forward ssl requests to tomcat
>> im using basic configuration that i collected on the web ( mostly
>> using old apache )
>> im can use ssl on the apache htdocs . but i can't make it forward to
>> the tomcat .
>> by the way with no ssl the http forwarding to tomcat works fine .
>> here is my configuration :
>> in the http-ssl.conf i have the standard configuration i didn't
>> change any thing beside
>> SSLCertificateKeyFile and the SSLCertificateFile to the proper files
>> and the mod_jk conf in the httpd.conf looks like this :
>>
>> #*****************************************************
>> # Load mod_jk module
>> # Update this path to match your modules location
>> LoadModule jk_module modules/mod_jk.so
>>
>> # The workers that jk should create and work with
>> # Define 1 real worker using ajp13
>> JkWorkerProperty worker.list=Tomcat01
>>
>> JkWorkerProperty worker.Tomcat01.type=ajp13
>> JkWorkerProperty worker.Tomcat01.host=app1
>> JkWorkerProperty worker.Tomcat01.port=48333
>>
>> # Should mod_jk send SSL information to Tomcat (default is On)
>> JkExtractSSL off
>> # What is the indicator for SSL (default is HTTPS)
>> JkHTTPSIndicator HTTPS
>> # What is the indicator for SSL session (default is SSL_SESSION_ID)
>> JkSESSIONIndicator SSL_SESSION_ID
>> # What is the indicator for client SSL cipher suit (default is SSL_CIPHER)
>> JkCIPHERIndicator SSL_CIPHER
>> # What is the indicator for the client SSL certificated (default is
>> SSL_CLIENT_CERT)
>> JkCERTSIndicator SSL_CLIENT_CERT
>>
>> # JkOptions indicate to send SSL KEY SIZE,
>> JkOptions +ForwardKeySize +ForwardURICompat -ForwardDirectories
>> # Where to put jk logs
>> # Update this path to match your logs directory location (put
>> mod_jk.log next to access_log)
>> JkLogFile logs/mod_jk.log
>>
>> # Set the jk log level [debug/error/info]
>> JkLogLevel debug
>>
>> # Select the timestamp log format
>> JkLogStampFormat "[%a %b %d %H:%M:%S %Y] "
>>
>> # Set the request log format
>> JkRequestLogFormat "%w %V %T %b %H %s %m %U %q"
>>
>> # Send everything for context /examples to worker named worker1 (ajp13)
>> JkMount /* Tomcat01
>>
>> # Serve html, jpg and gif using httpd
>> JkUnMount /*.html ajp13
>> JkUnMount /*.jpg ajp13
>> JkUnMount /*.gif ajp13
>>
>>
>> only when i browse to the port that is in the Listen 8000 the
>> forwarding to tomcat works but this is not ssl as i need
>> what im doing wrong here ? can it be done ?
>> thanks
>>
>> ---------------------------------------------------------------------
>> The official User-To-User support forum of the Apache HTTP Server Project.
>> See <URL:http://httpd.apache.org/userslist.html> for more info.
>> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>> " from the digest: users-digest-unsubscribe@httpd.apache.org
>> For additional commands, e-mail: users-help@httpd.apache.org
>>
>>
>
>
>
> --
> Serge Dubrouski.
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] how to configure apache+ssl+mod_jk+tomcat
Posted by Serge Dubrouski <se...@gmail.com>.
How does your Tomcat's server.xml file looks like? Does it have an AJP
listener on port 48333 like you configured in workers file?
On Mon, Jun 30, 2008 at 2:40 AM, Meir Yanovich <me...@gmail.com> wrote:
> Hello all
> im having problem on configuring apache 2.2 forward ssl requests to tomcat
> im using basic configuration that i collected on the web ( mostly
> using old apache )
> im can use ssl on the apache htdocs . but i can't make it forward to
> the tomcat .
> by the way with no ssl the http forwarding to tomcat works fine .
> here is my configuration :
> in the http-ssl.conf i have the standard configuration i didn't
> change any thing beside
> SSLCertificateKeyFile and the SSLCertificateFile to the proper files
> and the mod_jk conf in the httpd.conf looks like this :
>
> #*****************************************************
> # Load mod_jk module
> # Update this path to match your modules location
> LoadModule jk_module modules/mod_jk.so
>
> # The workers that jk should create and work with
> # Define 1 real worker using ajp13
> JkWorkerProperty worker.list=Tomcat01
>
> JkWorkerProperty worker.Tomcat01.type=ajp13
> JkWorkerProperty worker.Tomcat01.host=app1
> JkWorkerProperty worker.Tomcat01.port=48333
>
> # Should mod_jk send SSL information to Tomcat (default is On)
> JkExtractSSL off
> # What is the indicator for SSL (default is HTTPS)
> JkHTTPSIndicator HTTPS
> # What is the indicator for SSL session (default is SSL_SESSION_ID)
> JkSESSIONIndicator SSL_SESSION_ID
> # What is the indicator for client SSL cipher suit (default is SSL_CIPHER)
> JkCIPHERIndicator SSL_CIPHER
> # What is the indicator for the client SSL certificated (default is
> SSL_CLIENT_CERT)
> JkCERTSIndicator SSL_CLIENT_CERT
>
> # JkOptions indicate to send SSL KEY SIZE,
> JkOptions +ForwardKeySize +ForwardURICompat -ForwardDirectories
> # Where to put jk logs
> # Update this path to match your logs directory location (put
> mod_jk.log next to access_log)
> JkLogFile logs/mod_jk.log
>
> # Set the jk log level [debug/error/info]
> JkLogLevel debug
>
> # Select the timestamp log format
> JkLogStampFormat "[%a %b %d %H:%M:%S %Y] "
>
> # Set the request log format
> JkRequestLogFormat "%w %V %T %b %H %s %m %U %q"
>
> # Send everything for context /examples to worker named worker1 (ajp13)
> JkMount /* Tomcat01
>
> # Serve html, jpg and gif using httpd
> JkUnMount /*.html ajp13
> JkUnMount /*.jpg ajp13
> JkUnMount /*.gif ajp13
>
>
> only when i browse to the port that is in the Listen 8000 the
> forwarding to tomcat works but this is not ssl as i need
> what im doing wrong here ? can it be done ?
> thanks
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>
--
Serge Dubrouski.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
RE: [users@httpd] how to configure apache+ssl+mod_jk+tomcat
Posted by Jorge Medina <jm...@e-dialog.com>.
Have you configured the Tomcat AJP connector in the same port (48333)?
Tomcat has it configured in port 8009 by default.
-----Original Message-----
From: Meir Yanovich [mailto:meiry242@gmail.com]
Sent: Monday, June 30, 2008 4:40 AM
To: users@httpd.apache.org
Subject: [users@httpd] how to configure apache+ssl+mod_jk+tomcat
Hello all
im having problem on configuring apache 2.2 forward ssl requests to
tomcat
im using basic configuration that i collected on the web ( mostly
using old apache )
im can use ssl on the apache htdocs . but i can't make it forward to
the tomcat .
by the way with no ssl the http forwarding to tomcat works fine .
here is my configuration :
in the http-ssl.conf i have the standard configuration i didn't
change any thing beside
SSLCertificateKeyFile and the SSLCertificateFile to the proper files
and the mod_jk conf in the httpd.conf looks like this :
#*****************************************************
# Load mod_jk module
# Update this path to match your modules location
LoadModule jk_module modules/mod_jk.so
# The workers that jk should create and work with
# Define 1 real worker using ajp13
JkWorkerProperty worker.list=Tomcat01
JkWorkerProperty worker.Tomcat01.type=ajp13
JkWorkerProperty worker.Tomcat01.host=app1
JkWorkerProperty worker.Tomcat01.port=48333
# Should mod_jk send SSL information to Tomcat (default is On)
JkExtractSSL off
# What is the indicator for SSL (default is HTTPS)
JkHTTPSIndicator HTTPS
# What is the indicator for SSL session (default is SSL_SESSION_ID)
JkSESSIONIndicator SSL_SESSION_ID
# What is the indicator for client SSL cipher suit (default is
SSL_CIPHER)
JkCIPHERIndicator SSL_CIPHER
# What is the indicator for the client SSL certificated (default is
SSL_CLIENT_CERT)
JkCERTSIndicator SSL_CLIENT_CERT
# JkOptions indicate to send SSL KEY SIZE,
JkOptions +ForwardKeySize +ForwardURICompat -ForwardDirectories
# Where to put jk logs
# Update this path to match your logs directory location (put
mod_jk.log next to access_log)
JkLogFile logs/mod_jk.log
# Set the jk log level [debug/error/info]
JkLogLevel debug
# Select the timestamp log format
JkLogStampFormat "[%a %b %d %H:%M:%S %Y] "
# Set the request log format
JkRequestLogFormat "%w %V %T %b %H %s %m %U %q"
# Send everything for context /examples to worker named worker1 (ajp13)
JkMount /* Tomcat01
# Serve html, jpg and gif using httpd
JkUnMount /*.html ajp13
JkUnMount /*.jpg ajp13
JkUnMount /*.gif ajp13
only when i browse to the port that is in the Listen 8000 the
forwarding to tomcat works but this is not ssl as i need
what im doing wrong here ? can it be done ?
thanks
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server
Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org