You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@wicket.apache.org by vp143 <vi...@cipriati.co.uk> on 2011/07/01 15:23:29 UTC
Re: Configure http and https with apache and jboss
I am delving into the SwitchProtocolRequestTarget code a little to see if it
gives me any answers. When the requireProtocol is called the protocol is
https but request.getScheme() returns http. Why would this be?
--
View this message in context: http://apache-wicket.1842946.n4.nabble.com/Configure-http-and-https-with-apache-and-jboss-tp3633546p3638188.html
Sent from the Users forum mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
For additional commands, e-mail: users-help@wicket.apache.org
Re: Configure http and https with apache and jboss
Posted by Igor Vaynberg <ig...@gmail.com>.
it would be awesome if you could make a wiki page out of this...
-igor
On Wed, Jul 6, 2011 at 8:47 AM, vp143 <vi...@cipriati.co.uk> wrote:
> All,
>
> I think I have this resolved, at least no problems so far.
>
> There were many things that I needed to add:
> 1) Within server.xml, I added proxyName and proxyPort to the 8080 connector.
> I found this in the Tomcat documentation "When you are running behind a
> proxy server (or a web server that is configured to behave like a proxy
> server), you will sometimes prefer to manage the values returned by these
> calls. In particular, you will generally want the port number to reflect
> that specified in the original request, not the one on which the Connector
> itself is listening. You can use the proxyName and proxyPort attributes on
> the <Connector> element to configure these values."
>
> I also added a NEW connector at 8443 for https support. I found that
> request.getScheme and similar code was returning incorrect values. To solve
> this, this connector should have the value scheme="https".
>
> Here are the new connectors:
>
> <Connector protocol="HTTP/1.1" port="8080" address="${jboss.bind.address}"
> connectionTimeout="20000" proxyName="myserver.com" proxyPort="80"/>
>
> <Connector protocol="HTTP/1.1" port="8443" address="${jboss.bind.address}"
> connectionTimeout="20000" proxyName="myserver.com" proxyPort="443"
> scheme="https" />
>
> 2) A mistake I made was putting myserver.com within the ProxyPass and
> ProxyPassReverse. This was a mistake because this address was not valid for
> port 8080 as my firewall was blocking it. My firewall only allows 80 and
> 443. I change these values to localhost. Additionally, the VirtualHost for
> 443 should point to 8443- the new connector created above.
>
> Additionally, the myapp is removed entirely (see the next point for the
> reasons).
>
> The httpd.conf I have now is as follows:
>
> NameVirtualHost *:80
> <VirtualHost *:80>
> ServerName myserver.com:80
>
> ProxyPreserveHost On
> ProxyPass / http://localhost:8080/
> ProxyPassReverse / http://localhost:8080/
> </VirtualHost>
>
> NameVirtualHost *:443
> <VirtualHost *:443>
> ServerName myserver.com:443
>
> SSLEngine On
> SSLCertificateKeyFile /etc/ssl/private/server.key
> SSLCertificateFile /etc/ssl/certs/server.crt
>
> ProxyPass / http://localhost:8443/
> ProxyPassReverse / http://localhost:8443/
>
> #Cookie stuff- untested for now
> ProxyPreserveHost On
> ProxyPassReverseCookiePath / /
> </VirtualHost>
>
> 3) Finally, my war file that I deploy needs to be called ROOT.war. From the
> Jboss documentation "The only special case to this naming special name ROOT.
> To deploy an application under the root context, you simply name it
> ROOT.war. JBoss already contains a ROOT.war web application in the
> jbossweb.sar directory. You will need to remove or rename that one to create
> your own root application." Renaming it ROOT removes the myapp in the url
> within wicket.
>
> I hope this helps any one else trying to setup in a similar way. As I first
> thought, it wasnt anything in wicket. Thank you all for your help.
>
> --
> View this message in context: http://apache-wicket.1842946.n4.nabble.com/Configure-http-and-https-with-apache-and-jboss-tp3633546p3649180.html
> Sent from the Users forum mailing list archive at Nabble.com.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
> For additional commands, e-mail: users-help@wicket.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
For additional commands, e-mail: users-help@wicket.apache.org
Re: Configure http and https with apache and jboss
Posted by vp143 <vi...@cipriati.co.uk>.
All,
I think I have this resolved, at least no problems so far.
There were many things that I needed to add:
1) Within server.xml, I added proxyName and proxyPort to the 8080 connector.
I found this in the Tomcat documentation "When you are running behind a
proxy server (or a web server that is configured to behave like a proxy
server), you will sometimes prefer to manage the values returned by these
calls. In particular, you will generally want the port number to reflect
that specified in the original request, not the one on which the Connector
itself is listening. You can use the proxyName and proxyPort attributes on
the <Connector> element to configure these values."
I also added a NEW connector at 8443 for https support. I found that
request.getScheme and similar code was returning incorrect values. To solve
this, this connector should have the value scheme="https".
Here are the new connectors:
<Connector protocol="HTTP/1.1" port="8080" address="${jboss.bind.address}"
connectionTimeout="20000" proxyName="myserver.com" proxyPort="80"/>
<Connector protocol="HTTP/1.1" port="8443" address="${jboss.bind.address}"
connectionTimeout="20000" proxyName="myserver.com" proxyPort="443"
scheme="https" />
2) A mistake I made was putting myserver.com within the ProxyPass and
ProxyPassReverse. This was a mistake because this address was not valid for
port 8080 as my firewall was blocking it. My firewall only allows 80 and
443. I change these values to localhost. Additionally, the VirtualHost for
443 should point to 8443- the new connector created above.
Additionally, the myapp is removed entirely (see the next point for the
reasons).
The httpd.conf I have now is as follows:
NameVirtualHost *:80
<VirtualHost *:80>
ServerName myserver.com:80
ProxyPreserveHost On
ProxyPass / http://localhost:8080/
ProxyPassReverse / http://localhost:8080/
</VirtualHost>
NameVirtualHost *:443
<VirtualHost *:443>
ServerName myserver.com:443
SSLEngine On
SSLCertificateKeyFile /etc/ssl/private/server.key
SSLCertificateFile /etc/ssl/certs/server.crt
ProxyPass / http://localhost:8443/
ProxyPassReverse / http://localhost:8443/
#Cookie stuff- untested for now
ProxyPreserveHost On
ProxyPassReverseCookiePath / /
</VirtualHost>
3) Finally, my war file that I deploy needs to be called ROOT.war. From the
Jboss documentation "The only special case to this naming special name ROOT.
To deploy an application under the root context, you simply name it
ROOT.war. JBoss already contains a ROOT.war web application in the
jbossweb.sar directory. You will need to remove or rename that one to create
your own root application." Renaming it ROOT removes the myapp in the url
within wicket.
I hope this helps any one else trying to setup in a similar way. As I first
thought, it wasnt anything in wicket. Thank you all for your help.
--
View this message in context: http://apache-wicket.1842946.n4.nabble.com/Configure-http-and-https-with-apache-and-jboss-tp3633546p3649180.html
Sent from the Users forum mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
For additional commands, e-mail: users-help@wicket.apache.org
Re: Configure http and https with apache and jboss
Posted by Jeremy Levy <je...@gmail.com>.
Thats correct, your entire HTTPS set up can be only from Apache outwards and
AJP/HTTP between Apache and JBoss/Tomcat.
On Fri, Jul 1, 2011 at 9:45 AM, vp143 <vi...@cipriati.co.uk> wrote:
> I have seen posts talking about this connector in Tomcat/Jboss
>
> <Connector protocol="HTTP/1.1" SSLEnabled="true"
> port="8443" address="${jboss.bind.address}"
> scheme="https" secure="true" clientAuth="false"
> keystoreFile="${jboss.server.home.dir}/conf/chap8.keystore"
> keystorePass="rmi+ssl" sslProtocol = "TLS" />
>
> My understanding from what I have read is that this connector does not need
> to be enabled because I am using Apache as the web server which handles all
> the SSL traffic i.e SSL traffic is transparent to the Tomcat/Jboss, hence
> ProxyPass etc are forwarding to port 8080 even for VirtualHost 443.
> Can anyone verify this is correct?
>
> On 1 Jul 2011, at 14:32, Martin Grigorov-4 [via Apache Wicket] wrote:
>
> > Your Apache conf is SSL for 443, but the proxyed web server (Tomcat?!)
> > is http://
> > Maybe this is the problem.
> >
> >
> > If you reply to this email, your message will be added to the discussion
> below:
> >
> http://apache-wicket.1842946.n4.nabble.com/Configure-http-and-https-with-apache-and-jboss-tp3633546p3638211.html
> > To unsubscribe from Configure http and https with apache and jboss, click
> here.
>
>
>
> --
> View this message in context:
> http://apache-wicket.1842946.n4.nabble.com/Configure-http-and-https-with-apache-and-jboss-tp3633546p3638231.html
> Sent from the Users forum mailing list archive at Nabble.com.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
> For additional commands, e-mail: users-help@wicket.apache.org
>
>
--
Jeremy Levy
Re: Configure http and https with apache and jboss
Posted by vp143 <vi...@cipriati.co.uk>.
I have seen posts talking about this connector in Tomcat/Jboss
<Connector protocol="HTTP/1.1" SSLEnabled="true"
port="8443" address="${jboss.bind.address}"
scheme="https" secure="true" clientAuth="false"
keystoreFile="${jboss.server.home.dir}/conf/chap8.keystore"
keystorePass="rmi+ssl" sslProtocol = "TLS" />
My understanding from what I have read is that this connector does not need to be enabled because I am using Apache as the web server which handles all the SSL traffic i.e SSL traffic is transparent to the Tomcat/Jboss, hence ProxyPass etc are forwarding to port 8080 even for VirtualHost 443.
Can anyone verify this is correct?
On 1 Jul 2011, at 14:32, Martin Grigorov-4 [via Apache Wicket] wrote:
> Your Apache conf is SSL for 443, but the proxyed web server (Tomcat?!)
> is http://
> Maybe this is the problem.
>
>
> If you reply to this email, your message will be added to the discussion below:
> http://apache-wicket.1842946.n4.nabble.com/Configure-http-and-https-with-apache-and-jboss-tp3633546p3638211.html
> To unsubscribe from Configure http and https with apache and jboss, click here.
--
View this message in context: http://apache-wicket.1842946.n4.nabble.com/Configure-http-and-https-with-apache-and-jboss-tp3633546p3638231.html
Sent from the Users forum mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
For additional commands, e-mail: users-help@wicket.apache.org
Re: Configure http and https with apache and jboss
Posted by Martin Grigorov <mg...@apache.org>.
Your Apache conf is SSL for 443, but the proxyed web server (Tomcat?!)
is http://
Maybe this is the problem.
On Fri, Jul 1, 2011 at 4:23 PM, vp143 <vi...@cipriati.co.uk> wrote:
> I am delving into the SwitchProtocolRequestTarget code a little to see if it
> gives me any answers. When the requireProtocol is called the protocol is
> https but request.getScheme() returns http. Why would this be?
>
> --
> View this message in context: http://apache-wicket.1842946.n4.nabble.com/Configure-http-and-https-with-apache-and-jboss-tp3633546p3638188.html
> Sent from the Users forum mailing list archive at Nabble.com.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
> For additional commands, e-mail: users-help@wicket.apache.org
>
>
--
Martin Grigorov
jWeekend
Training, Consulting, Development
http://jWeekend.com
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
For additional commands, e-mail: users-help@wicket.apache.org