You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Robin Johnson <ro...@syndicom.com> on 2005/03/14 00:37:19 UTC
Re: Tomcat 5 - Apache2 & SSL with mod_proxy
I know this is a pretty old post, but I'll respond to it anyways so the
solution shows up in the archives:
All you have to do is set scheme="https" and proxyPort="443" and the
connector will properly redirect your connections using https.
HTH,
Robin
Kris Reese wrote:
> Apache 2.0.52
> Tomcat 5.5
> openSSL 9.7e
>
> I've successfully been able to install all three components with the
> following attributes:
> I've successfully connected Tomcat to Apache via the mod_proxy
> module instead of using the JK2 connector
> I've also successfully integrated openSSL into apache, so that I
> can have a secure connection via HTTPS.
>
> So far, I'm only using the examples that shipped with Tomcat for
> testing purposes (i.e. /jsp-examples).
>
> My problem is when I try to access /jsp-examples via HTTPS. It always
> redirects back to port 80, thus I lose my secure connection. I have a
> feeling this is due to the "proxyPort="80" as defined in server.xml.
> If I change proxyPort to 443, it appends :443 at the end of my URL
> instead of using https. My ultimate goal is to have a webserver that
> only runs on port 443 which has a login.jsp page as the "index" page
> so people can login securely.
>
> I've read I need to use SSLProxyEngine and have attempted to
> implement. My configuration is as follows:
>
> httpd.conf (from none other than apache2)
> -------------------------------------------------------
> <VirtualHost 129.17.66.193:80>
> ServerName www.mysite.com
> DocumentRoot /usr/local/apache2/htdocs
> SSLProxyEngine on
>
> <IfModule mod_proxy.c>
> ProxyRequests On
> ProxyPass /jsp-examples http://129.17.66.193:8082/jsp-examples
> ProxyPass /*.jsp http://129.17.66.193:8082
> </IfModule>
> </VirtualHost>
>
> server.xml (from none other than Tomcat)
> -------------------------------------------------------
> <!-- non-SSL HTTP/1.1 Connector on port 8080 is commented out -->
> <!-- SSL HTTP/1.1 Connector on port 8443 is commented out -->
>
> <!-- Define an AJP 1.3 Connector on port 8009 -- NOTE I AM NOT
> USING THIS -->
> <Connector port="8009"
> enableLookups="false" redirectPort="8443"
> protocol="AJP/1.3" />
>
> <!-- Define a Proxied HTTP/1.1 Connector on port 8082 -->
> <Connector port="8082"
> maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
> enableLookups="false" acceptCount="100"
> connectionTimeout="20000"
> proxyPort="80" disableUploadTimeout="true" />
>
.....
> With this configuration, If I attempt to lauch
> https://myserver.com/jsp-examples, it redirects me to
> http://myserver.com/jsp-examples and I lose my secure connection.
> Based on my error_log file, I see that I need to enable SSLProxyEngine:
> [Tue Jan 18 14:40:02 2005] [error] SSL Proxy requested for
> myserver.com:80 but not enabled [Hint: SSLProxyEngine]
> [Tue Jan 18 14:40:02 2005] [error] proxy: failed to enable ssl support
> for 129.17.66.193:8082 (k001gxb-0010)
>
> As you can see, I added this directive above in my config files, but
> it's either in the wrong place or there's a missing piece.
>
> I don't want port 80 open at all. I want everything to run through
> HTTPS. Can you help me in getting the configuration so that all data
> transfered is through HTTPS?
>
> This is on an Enterprise SUN E450 server running Solaris Sparc 9 btw.
>
> - - - - - - - - - - - - - - - - - - - - -
> Thank you,
>
> Kristian T Reese
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org