On Mon, Jun 30, 2008 at 7:04 AM, Meir Yanovich <meiry242@xxxxxxxxx> wrote: > hi thanks for the fast reply , i did what you said , and moved the > JkMount configuration > to be under the <VirtualHost _default_:443> in http-ssl.conf. > and it does work . > i will never could guess that . part of the mod_jk config is in the > http.conf and other part in the http-ssl.conf. Glad that it helped. You could have it just outside of any <VirtualServer> definition and it'll work for all of them. > > ok i have another question now i all of my jsp application is secured > with ssl , what if i like > to secure only parts of the application for example > only this 3 directories only and the rest will be not secured > d:/tomcat/webapps/ROOT/ThisSecureDir1/ > d:/tomcat/webapps/ROOT/ThisSecureDir2/ > d:/tomcat/webapps/ROOT/ThisSecureDir3/ Then define separate Mount definitions. You can even have different workers defined for different Tomcat instances and point different mounts to different workers. > > Thanks Again > > > On Mon, Jun 30, 2008 at 3:46 PM, Serge Dubrouski <sergeyfd@xxxxxxxxx> wrote: >> It sounds like you have an HTTP virtual server configured on port 8000 >> and HTTPS virtual server configured on port 443. Most probably your >> mod_jk commands are defined in the scope of HTPP server and aren't >> active on the scope of HTTPS server. Try to move/duplicate them in the >> http-ssl.conf inside the VirtualServer definition or make sure that >> they are diefined in the global scope, not HTTP virtual server scope. >> >> On Mon, Jun 30, 2008 at 6:16 AM, Meir Yanovich <meiry242@xxxxxxxxx> wrote: >>> it looks like this : ( i changed it from the default 8009 ) >>> >>> <Connector port="8443" maxHttpHeaderSize="8192" >>> maxThreads="150" minSpareThreads="25" maxSpareThreads="75" >>> enableLookups="false" disableUploadTimeout="true" >>> acceptCount="100" scheme="https" secure="true" >>> keystoreFile="D:/tomcat/conf/keystore" keystorePass="password" /> >>> >>> <Connector port="48333" >>> enableLookups="false" redirectPort="8443" protocol="AJP/1.3" >>> secure="true" connectionTimeout="0" threadPriority="5" >>> connectionUploadTimeout="0" connectionLinger="0" >>> maxSpareThreads="50" maxThreads="200" >>> maxKeepAliveRequests="100" disableUploadTimeout="false" >>> uRIEncoding="null" tcpNoDelay="false" minSpareThreads="4" >>> acceptCount="60000" /> >>> >>> On Mon, Jun 30, 2008 at 3:00 PM, Serge Dubrouski <sergeyfd@xxxxxxxxx> wrote: >>>> How does your Tomcat's server.xml file looks like? Does it have an AJP >>>> listener on port 48333 like you configured in workers file? >>>> >>>> On Mon, Jun 30, 2008 at 2:40 AM, Meir Yanovich <meiry242@xxxxxxxxx> wrote: >>>>> Hello all >>>>> im having problem on configuring apache 2.2 forward ssl requests to tomcat >>>>> im using basic configuration that i collected on the web ( mostly >>>>> using old apache ) >>>>> im can use ssl on the apache htdocs . but i can't make it forward to >>>>> the tomcat . >>>>> by the way with no ssl the http forwarding to tomcat works fine . >>>>> here is my configuration : >>>>> in the http-ssl.conf i have the standard configuration i didn't >>>>> change any thing beside >>>>> SSLCertificateKeyFile and the SSLCertificateFile to the proper files >>>>> and the mod_jk conf in the httpd.conf looks like this : >>>>> >>>>> #***************************************************** >>>>> # Load mod_jk module >>>>> # Update this path to match your modules location >>>>> LoadModule jk_module modules/mod_jk.so >>>>> >>>>> # The workers that jk should create and work with >>>>> # Define 1 real worker using ajp13 >>>>> JkWorkerProperty worker.list=Tomcat01 >>>>> >>>>> JkWorkerProperty worker.Tomcat01.type=ajp13 >>>>> JkWorkerProperty worker.Tomcat01.host=app1 >>>>> JkWorkerProperty worker.Tomcat01.port=48333 >>>>> >>>>> # Should mod_jk send SSL information to Tomcat (default is On) >>>>> JkExtractSSL off >>>>> # What is the indicator for SSL (default is HTTPS) >>>>> JkHTTPSIndicator HTTPS >>>>> # What is the indicator for SSL session (default is SSL_SESSION_ID) >>>>> JkSESSIONIndicator SSL_SESSION_ID >>>>> # What is the indicator for client SSL cipher suit (default is SSL_CIPHER) >>>>> JkCIPHERIndicator SSL_CIPHER >>>>> # What is the indicator for the client SSL certificated (default is >>>>> SSL_CLIENT_CERT) >>>>> JkCERTSIndicator SSL_CLIENT_CERT >>>>> >>>>> # JkOptions indicate to send SSL KEY SIZE, >>>>> JkOptions +ForwardKeySize +ForwardURICompat -ForwardDirectories >>>>> # Where to put jk logs >>>>> # Update this path to match your logs directory location (put >>>>> mod_jk.log next to access_log) >>>>> JkLogFile logs/mod_jk.log >>>>> >>>>> # Set the jk log level [debug/error/info] >>>>> JkLogLevel debug >>>>> >>>>> # Select the timestamp log format >>>>> JkLogStampFormat "[%a %b %d %H:%M:%S %Y] " >>>>> >>>>> # Set the request log format >>>>> JkRequestLogFormat "%w %V %T %b %H %s %m %U %q" >>>>> >>>>> # Send everything for context /examples to worker named worker1 (ajp13) >>>>> JkMount /* Tomcat01 >>>>> >>>>> # Serve html, jpg and gif using httpd >>>>> JkUnMount /*.html ajp13 >>>>> JkUnMount /*.jpg ajp13 >>>>> JkUnMount /*.gif ajp13 >>>>> >>>>> >>>>> only when i browse to the port that is in the Listen 8000 the >>>>> forwarding to tomcat works but this is not ssl as i need >>>>> what im doing wrong here ? can it be done ? >>>>> thanks >>>>> >>>>> --------------------------------------------------------------------- >>>>> The official User-To-User support forum of the Apache HTTP Server Project. >>>>> See <URL:http://httpd.apache.org/userslist.html> for more info. >>>>> To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx >>>>> " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx >>>>> For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx >>>>> >>>>> >>>> >>>> >>>> >>>> -- >>>> Serge Dubrouski. >>>> >>>> --------------------------------------------------------------------- >>>> The official User-To-User support forum of the Apache HTTP Server Project. >>>> See <URL:http://httpd.apache.org/userslist.html> for more info. >>>> To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx >>>> " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx >>>> For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx >>>> >>>> >>> >>> --------------------------------------------------------------------- >>> The official User-To-User support forum of the Apache HTTP Server Project. >>> See <URL:http://httpd.apache.org/userslist.html> for more info. >>> To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx >>> " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx >>> For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx >>> >>> >> >> >> >> -- >> Serge Dubrouski. >> >> --------------------------------------------------------------------- >> The official User-To-User support forum of the Apache HTTP Server Project. >> See <URL:http://httpd.apache.org/userslist.html> for more info. >> To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx >> " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx >> For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx >> >> > > --------------------------------------------------------------------- > The official User-To-User support forum of the Apache HTTP Server Project. > See <URL:http://httpd.apache.org/userslist.html> for more info. > To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx > " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx > For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx > > -- Serge Dubrouski. --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|