hi thanks for the fast reply , i did what you said , and moved the JkMount configuration to be under the <VirtualHost _default_:443> in http-ssl.conf. and it does work . i will never could guess that . part of the mod_jk config is in the http.conf and other part in the http-ssl.conf. ok i have another question now i all of my jsp application is secured with ssl , what if i like to secure only parts of the application for example only this 3 directories only and the rest will be not secured d:/tomcat/webapps/ROOT/ThisSecureDir1/ d:/tomcat/webapps/ROOT/ThisSecureDir2/ d:/tomcat/webapps/ROOT/ThisSecureDir3/ Thanks Again On Mon, Jun 30, 2008 at 3:46 PM, Serge Dubrouski <sergeyfd@xxxxxxxxx> wrote: > It sounds like you have an HTTP virtual server configured on port 8000 > and HTTPS virtual server configured on port 443. Most probably your > mod_jk commands are defined in the scope of HTPP server and aren't > active on the scope of HTTPS server. Try to move/duplicate them in the > http-ssl.conf inside the VirtualServer definition or make sure that > they are diefined in the global scope, not HTTP virtual server scope. > > On Mon, Jun 30, 2008 at 6:16 AM, Meir Yanovich <meiry242@xxxxxxxxx> wrote: >> it looks like this : ( i changed it from the default 8009 ) >> >> <Connector port="8443" maxHttpHeaderSize="8192" >> maxThreads="150" minSpareThreads="25" maxSpareThreads="75" >> enableLookups="false" disableUploadTimeout="true" >> acceptCount="100" scheme="https" secure="true" >> keystoreFile="D:/tomcat/conf/keystore" keystorePass="password" /> >> >> <Connector port="48333" >> enableLookups="false" redirectPort="8443" protocol="AJP/1.3" >> secure="true" connectionTimeout="0" threadPriority="5" >> connectionUploadTimeout="0" connectionLinger="0" >> maxSpareThreads="50" maxThreads="200" >> maxKeepAliveRequests="100" disableUploadTimeout="false" >> uRIEncoding="null" tcpNoDelay="false" minSpareThreads="4" >> acceptCount="60000" /> >> >> On Mon, Jun 30, 2008 at 3:00 PM, Serge Dubrouski <sergeyfd@xxxxxxxxx> wrote: >>> How does your Tomcat's server.xml file looks like? Does it have an AJP >>> listener on port 48333 like you configured in workers file? >>> >>> On Mon, Jun 30, 2008 at 2:40 AM, Meir Yanovich <meiry242@xxxxxxxxx> wrote: >>>> Hello all >>>> im having problem on configuring apache 2.2 forward ssl requests to tomcat >>>> im using basic configuration that i collected on the web ( mostly >>>> using old apache ) >>>> im can use ssl on the apache htdocs . but i can't make it forward to >>>> the tomcat . >>>> by the way with no ssl the http forwarding to tomcat works fine . >>>> here is my configuration : >>>> in the http-ssl.conf i have the standard configuration i didn't >>>> change any thing beside >>>> SSLCertificateKeyFile and the SSLCertificateFile to the proper files >>>> and the mod_jk conf in the httpd.conf looks like this : >>>> >>>> #***************************************************** >>>> # Load mod_jk module >>>> # Update this path to match your modules location >>>> LoadModule jk_module modules/mod_jk.so >>>> >>>> # The workers that jk should create and work with >>>> # Define 1 real worker using ajp13 >>>> JkWorkerProperty worker.list=Tomcat01 >>>> >>>> JkWorkerProperty worker.Tomcat01.type=ajp13 >>>> JkWorkerProperty worker.Tomcat01.host=app1 >>>> JkWorkerProperty worker.Tomcat01.port=48333 >>>> >>>> # Should mod_jk send SSL information to Tomcat (default is On) >>>> JkExtractSSL off >>>> # What is the indicator for SSL (default is HTTPS) >>>> JkHTTPSIndicator HTTPS >>>> # What is the indicator for SSL session (default is SSL_SESSION_ID) >>>> JkSESSIONIndicator SSL_SESSION_ID >>>> # What is the indicator for client SSL cipher suit (default is SSL_CIPHER) >>>> JkCIPHERIndicator SSL_CIPHER >>>> # What is the indicator for the client SSL certificated (default is >>>> SSL_CLIENT_CERT) >>>> JkCERTSIndicator SSL_CLIENT_CERT >>>> >>>> # JkOptions indicate to send SSL KEY SIZE, >>>> JkOptions +ForwardKeySize +ForwardURICompat -ForwardDirectories >>>> # Where to put jk logs >>>> # Update this path to match your logs directory location (put >>>> mod_jk.log next to access_log) >>>> JkLogFile logs/mod_jk.log >>>> >>>> # Set the jk log level [debug/error/info] >>>> JkLogLevel debug >>>> >>>> # Select the timestamp log format >>>> JkLogStampFormat "[%a %b %d %H:%M:%S %Y] " >>>> >>>> # Set the request log format >>>> JkRequestLogFormat "%w %V %T %b %H %s %m %U %q" >>>> >>>> # Send everything for context /examples to worker named worker1 (ajp13) >>>> JkMount /* Tomcat01 >>>> >>>> # Serve html, jpg and gif using httpd >>>> JkUnMount /*.html ajp13 >>>> JkUnMount /*.jpg ajp13 >>>> JkUnMount /*.gif ajp13 >>>> >>>> >>>> only when i browse to the port that is in the Listen 8000 the >>>> forwarding to tomcat works but this is not ssl as i need >>>> what im doing wrong here ? can it be done ? >>>> thanks >>>> >>>> --------------------------------------------------------------------- >>>> The official User-To-User support forum of the Apache HTTP Server Project. >>>> See <URL:http://httpd.apache.org/userslist.html> for more info. >>>> To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx >>>> " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx >>>> For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx >>>> >>>> >>> >>> >>> >>> -- >>> Serge Dubrouski. >>> >>> --------------------------------------------------------------------- >>> The official User-To-User support forum of the Apache HTTP Server Project. >>> See <URL:http://httpd.apache.org/userslist.html> for more info. >>> To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx >>> " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx >>> For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx >>> >>> >> >> --------------------------------------------------------------------- >> The official User-To-User support forum of the Apache HTTP Server Project. >> See <URL:http://httpd.apache.org/userslist.html> for more info. >> To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx >> " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx >> For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx >> >> > > > > -- > Serge Dubrouski. > > --------------------------------------------------------------------- > The official User-To-User support forum of the Apache HTTP Server Project. > See <URL:http://httpd.apache.org/userslist.html> for more info. > To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx > " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx > For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx > > --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|