It would be good to take a look at you Tomcat's server.xml (connectors part) file as well. Without that it's hard to answer your questions. Bu there are some answers: On 1/18/07, Tomo <tom@xxxxxxxx> wrote:
Could anyone help me with a problem I have using mod_rewrite to send an https request from apache to tomcat. I have a couple of questions: Does my working rule (below) break the security imposed by SSL by redirecting to port 8080?
No if your Tomcat is configured to listen on 127.0.0.1 address only.
Why does my rewrite rule to the ssl port on tomcat fail?
Hard to tell. Need to see connectors config.
In this example the tomcat application name is the same as the subdomain
name.
My current rewrite rule that works is:
RewriteCond %{THE_REQUEST} "^(GET|POST) https://.*";
RewriteRule ^/(.*) https://localhost:80/ [F,L]
RewriteCond %{REQUEST_URI} "!^/sub_domain_name/.*"
RewriteRule ^/(.*) http://localhost:8080/sub_domain_name/$1 [P]
RewriteCond %{REQUEST_URI} ^/sub_domain_name/.*
RewriteRule ^/(.*) http://localhost:8080/$1 [P]
Since port 8080 is not secure I have tried the following, but it does not
work:
RewriteCond %{REQUEST_URI} "!^/sub_domain_name/.*"
RewriteRule ^/(.*) https://localhost:8444/sub_domain_name/$1 [P]
RewriteCond %{REQUEST_URI} ^/sub_domain_name/.*
RewriteRule ^/(.*) https://localhost:8444/$1 [P]
https is on 8444 rather than 8443 because a plesk system is running on 8443.
The tomcat certificate has been generated and the server.xml modified.
Tomcat is happy serving pages on https://localhost:8444 directly so why
would this rewrite rule fail?
What do you mean by "fail". Do you get 501 error or something else?
The mod_rewrite log has the same output (except for the urls used in the rewrite) for both of these rules, so thats no help. the ssl_error log says: RSA server certificate CommonName (CN) `localhost.localdomain' does NOT match server name!? the error_log has a similar warning: [warn] RSA server certificate CommonName (CN) `plesk' does NOT match server name!?
How did you generate a certificate for Tomcat? Is it self-signed or a real one? For what server that cert was generated?
-- View this message in context: http://www.nabble.com/Problem-with-Apache-%2B-Tomcat-%2B-SSL-%2B-mod_rewrite-tf3033654.html#a8429080 Sent from the Apache HTTP Server - Users mailing list archive at Nabble.com. --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
--------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|