Re: how to configure apache+ssl+mod_jk+tomcat

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Mon, Jun 30, 2008 at 7:04 AM, Meir Yanovich <meiry242@xxxxxxxxx> wrote:
> hi thanks for the fast reply , i did what you said , and moved the
> JkMount configuration
> to be under the <VirtualHost _default_:443> in http-ssl.conf.
> and it does work .
> i will never could guess that . part of the mod_jk config is in the
> http.conf and other part in the http-ssl.conf.

Glad that it helped.
You could have it just outside of any <VirtualServer> definition and
it'll work for all of them.

>
> ok i have another question now i all of my jsp application is secured
> with ssl , what if i like
> to secure only parts of the application for example
> only this 3 directories only and the rest will be not secured
> d:/tomcat/webapps/ROOT/ThisSecureDir1/
> d:/tomcat/webapps/ROOT/ThisSecureDir2/
> d:/tomcat/webapps/ROOT/ThisSecureDir3/

Then define separate Mount definitions. You can even have different
workers defined for different Tomcat instances and point different
mounts to different workers.
>
> Thanks Again
>
>
> On Mon, Jun 30, 2008 at 3:46 PM, Serge Dubrouski <sergeyfd@xxxxxxxxx> wrote:
>> It sounds like you have an HTTP virtual server configured on port 8000
>> and HTTPS virtual server  configured on port 443. Most probably your
>> mod_jk commands are defined in the scope of HTPP server and aren't
>> active on the scope of HTTPS server. Try to move/duplicate them in the
>> http-ssl.conf inside the VirtualServer definition or make sure that
>> they are diefined in the global scope, not HTTP virtual server scope.
>>
>> On Mon, Jun 30, 2008 at 6:16 AM, Meir Yanovich <meiry242@xxxxxxxxx> wrote:
>>> it looks like this : ( i changed it from the default 8009 )
>>>
>>>  <Connector port="8443" maxHttpHeaderSize="8192"
>>>               maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
>>>               enableLookups="false" disableUploadTimeout="true"
>>>               acceptCount="100" scheme="https" secure="true"
>>>                           keystoreFile="D:/tomcat/conf/keystore" keystorePass="password"  />
>>>
>>>        <Connector port="48333"
>>>            enableLookups="false" redirectPort="8443" protocol="AJP/1.3"
>>>                        secure="true" connectionTimeout="0" threadPriority="5"
>>>                        connectionUploadTimeout="0" connectionLinger="0"
>>>                        maxSpareThreads="50" maxThreads="200"
>>>                        maxKeepAliveRequests="100" disableUploadTimeout="false"
>>>                        uRIEncoding="null" tcpNoDelay="false" minSpareThreads="4"
>>>                        acceptCount="60000" />
>>>
>>> On Mon, Jun 30, 2008 at 3:00 PM, Serge Dubrouski <sergeyfd@xxxxxxxxx> wrote:
>>>> How does your Tomcat's server.xml file looks like? Does it have an AJP
>>>> listener on port 48333 like you configured in workers file?
>>>>
>>>> On Mon, Jun 30, 2008 at 2:40 AM, Meir Yanovich <meiry242@xxxxxxxxx> wrote:
>>>>> Hello all
>>>>> im having problem on configuring apache 2.2 forward ssl requests to tomcat
>>>>> im using basic configuration that i collected on the web ( mostly
>>>>> using old apache )
>>>>> im can use ssl on the apache htdocs . but i can't make it forward to
>>>>> the tomcat .
>>>>> by the way with no ssl the http forwarding to tomcat works fine .
>>>>> here is my configuration :
>>>>> in the http-ssl.conf  i have the standard configuration i didn't
>>>>> change any thing beside
>>>>> SSLCertificateKeyFile and the SSLCertificateFile to the proper files
>>>>> and the mod_jk conf in the httpd.conf looks like this :
>>>>>
>>>>> #*****************************************************
>>>>> # Load mod_jk module
>>>>> # Update this path to match your modules location
>>>>> LoadModule    jk_module  modules/mod_jk.so
>>>>>
>>>>> # The workers that jk should create and work with
>>>>> # Define 1 real worker using ajp13
>>>>> JkWorkerProperty worker.list=Tomcat01
>>>>>
>>>>>  JkWorkerProperty worker.Tomcat01.type=ajp13
>>>>> JkWorkerProperty worker.Tomcat01.host=app1
>>>>> JkWorkerProperty worker.Tomcat01.port=48333
>>>>>
>>>>> # Should mod_jk send SSL information to Tomcat (default is On)
>>>>> JkExtractSSL off
>>>>> # What is the indicator for SSL (default is HTTPS)
>>>>> JkHTTPSIndicator HTTPS
>>>>> # What is the indicator for SSL session (default is SSL_SESSION_ID)
>>>>> JkSESSIONIndicator SSL_SESSION_ID
>>>>> # What is the indicator for client SSL cipher suit (default is SSL_CIPHER)
>>>>> JkCIPHERIndicator SSL_CIPHER
>>>>> # What is the indicator for the client SSL certificated (default is
>>>>> SSL_CLIENT_CERT)
>>>>> JkCERTSIndicator SSL_CLIENT_CERT
>>>>>
>>>>> # JkOptions indicate to send SSL KEY SIZE,
>>>>> JkOptions +ForwardKeySize +ForwardURICompat -ForwardDirectories
>>>>> # Where to put jk logs
>>>>> # Update this path to match your logs directory location (put
>>>>> mod_jk.log next to access_log)
>>>>> JkLogFile     logs/mod_jk.log
>>>>>
>>>>> # Set the jk log level [debug/error/info]
>>>>> JkLogLevel   debug
>>>>>
>>>>> # Select the timestamp log format
>>>>> JkLogStampFormat "[%a %b %d %H:%M:%S %Y] "
>>>>>
>>>>> # Set the request log format
>>>>> JkRequestLogFormat     "%w %V %T %b %H %s %m %U %q"
>>>>>
>>>>> # Send everything for context /examples to worker named worker1 (ajp13)
>>>>> JkMount /* Tomcat01
>>>>>
>>>>> # Serve html, jpg and gif using httpd
>>>>>  JkUnMount /*.html ajp13
>>>>>  JkUnMount /*.jpg  ajp13
>>>>>  JkUnMount /*.gif  ajp13
>>>>>
>>>>>
>>>>> only when i browse to the port that is in the Listen 8000 the
>>>>> forwarding to tomcat works but this is not ssl as i need
>>>>> what im doing wrong here ? can it be done ?
>>>>> thanks
>>>>>
>>>>> ---------------------------------------------------------------------
>>>>> The official User-To-User support forum of the Apache HTTP Server Project.
>>>>> See <URL:http://httpd.apache.org/userslist.html> for more info.
>>>>> To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
>>>>>   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
>>>>> For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
>>>>>
>>>>>
>>>>
>>>>
>>>>
>>>> --
>>>> Serge Dubrouski.
>>>>
>>>> ---------------------------------------------------------------------
>>>> The official User-To-User support forum of the Apache HTTP Server Project.
>>>> See <URL:http://httpd.apache.org/userslist.html> for more info.
>>>> To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
>>>>   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
>>>> For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
>>>>
>>>>
>>>
>>> ---------------------------------------------------------------------
>>> The official User-To-User support forum of the Apache HTTP Server Project.
>>> See <URL:http://httpd.apache.org/userslist.html> for more info.
>>> To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
>>>   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
>>> For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
>>>
>>>
>>
>>
>>
>> --
>> Serge Dubrouski.
>>
>> ---------------------------------------------------------------------
>> The official User-To-User support forum of the Apache HTTP Server Project.
>> See <URL:http://httpd.apache.org/userslist.html> for more info.
>> To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
>>   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
>> For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
>>
>>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
>   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
> For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
>
>



-- 
Serge Dubrouski.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx


[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux