On 11/28/06, Lucuk, Pete <pete.lucuk@xxxxxxx> wrote:
>> Jetty = http://www.mortbay.org/ > >Just for my curiosity: why do you need 3 Web servers: Apache -> JBoss >-> Jetty ? What Jetty does that JBoss can't do? Jetty is the HTTP servlet engine for Jboss. Just like Tomcat is the HTTP servelet engine for Jboss 4.x
Got you. I thought you had JBoss with Tomcat + Jetty. Then I'm not sure that it'd work at all because I'm not sure that Jetty support AJP 1.3. Why not to upgrade JBoss and replace Jetty with Tomcat?
Without Jetty, or Tomcat for that matter, Jboss does not hav a HTTP interface. Jboss is not web server by itself, it needs Tomcat, Jetty, etc. in front of it to do the HTTP. > >> >> Jetty Server died, gave some bogus java error that told you nothing >> >> >> > >> >> >> >> Could the way I have my ordering things in httpd.conf and >> >> httpd-ssl.conf be throwing something off? >> > >> >I don't thinks so. >> > >> >> >> >> Where the httpd-ssl.conf comes first in the httpd.conf, >before the >> >> acutual mod_jk stuff? >> >> >> > >> >I'd put mod_jk stuff before mod_ssl stuff. But I don't >think that it >> >matters. >> >> I will try it and see if it works, once again, thank you >> >> > >> >> >> >> Thanks for your responses, I appreciate your help >> >> >> >> >> >> >> >> >> >> >> >> >-----Original Message----- >> >> >From: Serge Dubrouski [mailto:sergeyfd@xxxxxxxxx] >> >> >Sent: Tuesday, November 28, 2006 10:53 AM >> >> >To: users@xxxxxxxxxxxxxxxx >> >> >Subject: Re: Apache, mod_jk, client certificates, >> >> >and Jetty >> >> > >> >> >On 11/28/06, Lucuk, Pete <pete.lucuk@xxxxxxx> wrote: >> >> >> >> >> >> I am trying to perform the following... >> >> >> >> >> >> >> >> >> >>>Browser_client_with_client_certificate<--https-->apache_with_mod_jk< >> >>- >> >> >- >> >> >> ht >> >> >> tps-->Jetty >> >> >> >> >> >> Also, the browser client is passing a client >certificate that I >> >> >> want Jetty to have access to perform A&A. >> >> >> >> >> >> Browser version = IE 6 >> >> >> Apache version = 2.2.3 >> >> >> Mod_jk version = 1.2.19 >> >> >> Jetty version = 4.2.9 >> >> >> >> >> >> I CAN get the full round trip working under HTTPS, >that is not a >> >> >> problem. >> >> >> I CAN *** NOT *** get Jetty to have access to the client >> >> >certificate, >> >> >> Jetty states that it can not find the client certificate. >> >> >> >> >> >> I am confident that Jetty is configured for AJP (round trip in >> >> >> HTTPS work)and client certificates (when the >> >> >> Browser_client_with_client_certificate hits it directly, >> >it works). >> >> >> >> >> >> >> >> >> Not sure if it is a config thing on apache/mod_jk or what. >> >> >> >> >> >> >> >> >> Below is my Apache and mod_jk config, any ideas???... >> >> >> >> >> >> ########################################################### >> >> >> In my httpd.conf file I have the following... >> >> >> >> >> >> # Secure (SSL/TLS) connections >> >> >> Include conf/extra/httpd-ssl.conf >> >> >> >> >> >> <IfModule !mod_jk.c> >> >> >> >> >> >> #LoadModule jk_module modules/mod_jk.so >> >> >> LoadModule jk_module >> >> >> modules/mod_jk-1.2.19-apache-2.2.3-solaris-sparc.so >> >> >> >> >> >> </IfModule> >> >> >> >> >> >> >> >> >> <IfModule mod_jk.c> >> >> >> >> >> >> JkWorkersFile "conf/worker.properties" >> >> >> >> >> >> JkLogFile "logs/mod_jk.log" >> >> >> >> >> >> JkLogLevel info >> >> >> >> >> >> JkLogStampFormat "[%a %b %d %H:%M:%S %Y] " >> >> >> >> >> >> JkOptions +ForwardKeySize +ForwardURICompat >> >> >> >> >> >> JkExtractSSL On >> >> >> # What is the indicator for SSL (default is HTTPS) >> >JkHTTPSIndicator >> >> >> HTTPS # What is the indicator for SSL session (default is >> >> >> SSL_SESSION_ID) JkSESSIONIndicator SSL_SESSION_ID # >What is the >> >> >> indicator for client SSL cipher suit (default is >> >> >> SSL_CIPHER) >> >> >> JkCIPHERIndicator SSL_CIPHER >> >> >> # What is the indicator for the client SSL certificated >> >(default is >> >> >> SSL_CLIENT_CERT) >> >> >> JkCERTSIndicator SSL_CLIENT_CERT >> >> >> >> >> >> </IfModule> >> >> >> >> >> >> ########################################################### >> >> >> In my worker.properties I have... >> >> >> >> >> >> worker.list=jetty >> >> >> >> >> >> #worker.jetty.port=8009 >> >> >> worker.jetty.port=5309 >> >> >> >> >> >> worker.jetty.host=servera >> >> >> >> >> >> worker.jetty.type=ajp13 >> >> >> >> >> >> worker.jetty.lbfactor=1 >> >> >> >> >> >> >> >> >> ########################################################### >> >> >> In my httpd-ssl.conf I have... >> >> >> >> >> >> <VirtualHost _default_:5443> >> >> >> >> >> >> #SSLOptions +StdEnvVars +ExportCertData >> >> > >> >> >Uncomment this. >> >> > >> >> >> >> >> >> JkMount /* jetty >> >> >> >> >> >> # General setup for the virtual host >> >> >> DocumentRoot "/data/dir/dir/tools/web/apache/server/htdocs" >> >> >> ServerName kftcsu14.ftc.lab:5443 ServerAdmin you@xxxxxxxxxxx >> >> >> ErrorLog /data/dir/dir/tools/web/apache/server/logs/error_log >> >> >> TransferLog >> >> >> /data/dir/dir/tools/web/apache/server/logs/access_log >> >> >> >> >> >> # SSL Engine Switch: >> >> >> # Enable/Disable SSL for this virtual host. >> >> >> SSLEngine on >> >> >> >> >> >> SSLProxyEngine on >> >> >> >> >> >> SSLCipherSuite >> >> >> >ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL >> >> >> >> >> >> SSLCertificateFile >> >> >> /data/dir/dir/tools/web/apache/ssl/bin/cacert.pem >> >> >> SSLCertificateKeyFile >> >> >> /data/dir/dir/tools/web/apache/ssl/bin/privkey.pem >> >> >> >> >> >> SSLCACertificateFile >> >> >> /data/dir/dir/tools/web/apache/ssl/bin/public_ca.pem >> >> >> SSLVerifyClient optional >> >> >> >> >> >> >> >> >> </VirtualHost> >> >> >> >> >> >> >> >> >> >> >> >> >> >------------------------------------------------------------------- >> >> >> -- The official User-To-User support forum of the Apache HTTP >> >> >Server Project. >> >> >> See <URL:http://httpd.apache.org/userslist.html> for more info. >> >> >> To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx >> >> >> " from the digest: >users-digest-unsubscribe@xxxxxxxxxxxxxxxx >> >> >> For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx >> >> >> >> >> >> >> >> > >> >> >> >>>-------------------------------------------------------------------- >> >>- >> >> >The official User-To-User support forum of the Apache >HTTP Server >> >> >Project. >> >> >See <URL:http://httpd.apache.org/userslist.html> for more info. >> >> >To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx >> >> > " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx >> >> >For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx >> >> > >> >> > >> >> >> >> >------------------------------------------------------------------- >> >> -- The official User-To-User support forum of the Apache HTTP >> >Server Project. >> >> See <URL:http://httpd.apache.org/userslist.html> for more info. >> >> To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx >> >> " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx >> >> For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx >> >> >> >> >> > >> >>--------------------------------------------------------------------- >> >The official User-To-User support forum of the Apache HTTP Server >> >Project. >> >See <URL:http://httpd.apache.org/userslist.html> for more info. >> >To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx >> > " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx >> >For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx >> > >> > >> >> --------------------------------------------------------------------- >> The official User-To-User support forum of the Apache HTTP >Server Project. >> See <URL:http://httpd.apache.org/userslist.html> for more info. >> To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx >> " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx >> For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx >> >> > >--------------------------------------------------------------------- >The official User-To-User support forum of the Apache HTTP >Server Project. >See <URL:http://httpd.apache.org/userslist.html> for more info. >To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx > " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx >For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx > > --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
--------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|