On 01.10.2010 13:05, Mike Rea wrote:
Sorry. Yes they are https, not https just me mis-typing. The email client was seeing all of those as links and the apache listserv bounced my original email as spam. So I added the spaces to get it to go thru. They are not in the conf files. Yes general message in IE, I will try it in firefox and others and see what I get. Really not getting anything in the error log, first place I looked. Thanks
Don't overlook my hint about using port 8080 instead of 8443.
On Fri, Oct 1, 2010 at 3:44 AM, Rainer Jung <rainer.jung@xxxxxxxxxxx
<mailto:rainer.jung@xxxxxxxxxxx>> wrote:
On 30.09.2010 22:29, Mike Rea wrote:
I am running a Win2003 server using Apache2.2 to basically just
proxy to
Tomcat6 with SSL.
I had tried running just tomcat6 but from everything that I read
it was
better for SSL traffic to proxy using Apache, so that is what i did.
Right now I am just pointing it to the Tomcat default page, that
is easy
enough to change later.
Here is where I am at.
1. On the server if I go to http: //localhost: it brings up the
page fine.
2. On the server https: //localhost also brings up the page
fine. Of
course I do get a certificate error because the SSL cert is for my
domain. But it does work and the samples run fine.
3. From either the server or another PC, if I goto http: //my.
domain.com <http://domain.com/> <http://domain.com
<http://domain.com/>> it works fine and brings up the Tomcat
default page.
4. From either place going to https the browser says waiting and
eventually returns an error.
In my httpd.conf file I have:
Listen 80
Listen 443
The mod_proxy 's, mod_ssl & mod_vhost_alias are all turned on.
In my httpd-vhosts.conf file here is what I have:
NameVirtualHost *:80 (although on this try it isn't named, shows
error
in the logs but doesnt seem to hurt anything)
NameVirtualHost *:443
<IfModule ssl_module>
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
</IfModule>
ProxyPass / http: //localhost:8080/
ProxyPassReverse / http: //localhost:8080/
<VirtualHost *:443>
SSLEngine On
SSLProxyEngine on
SSLCertificateFile conf/ssl/certname.cer
SSLCertificateKeyFile conf/ssl/keyname.key
I assume you have a more complete SSL config included, like setting
the cipher suite and enabling SSL session handling. See the default
configuration provided with the Apache web server.
ProxyPass / httpa: //localhost:8443/
ProxyPassReverse / httpa: //localhost:8443/
httpa does not exist, and the space between the scheme and the rest
of the URL won't be good either. What do you really have in your
config here?
If you only want Tomcat to do http and the Apache reverse proxy
should do the full https, then use again
ProxyPass / http: //localhost:8080/
ProxyPassReverse / http: //localhost:8080/
ErrorLog "logs/mydomain.com-error.log"
CustomLog "logs/mydomain.com-access.log" common
</VirtualHost>
I have tried several different rewrites on this and just not
getting it
to work.
I did put the port 80 => 8080 pass in a VirtualHost tag, it
works fine
on http: //localhost but when using https it gives some bogus
message
of the server being too busy.
I took the 443 =>8443 directives out of the VirtualHost tag and that
works fine on http: //localhost but when using https it goes to the
Apache default page.
No matter what I do, I still get an error from http: //my.
domain.com <http://domain.com/>
<http://domain.com <http://domain.com/>> while http: //my.
domain.com <http://domain.com/> <http://domain.com
<http://domain.com/>>
runs fine.
Any ideas? I am definately not an expert with Apache setup. I
am more
a DB & ERP system guy who has been writting more and more jsp apps.
Now I have one that I need to secure and having one heck of a
time doing it.
(Sorry for the spaces. e-mail was seeing them as URLs and the
listserv
SPAM filter was blocking the email)
Thanks in advance for any help.
Mike
If it still doesn't work:
What error message do you get in the client? If it is the general
error message provided by Microsoft Internet Explorer, use some
other browser to see the full error message.
Is there any message in the error log of Apache?
Regards,
Rainer
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server
Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
<mailto:users-unsubscribe@xxxxxxxxxxxxxxxx>
" from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
<mailto:users-digest-unsubscribe@xxxxxxxxxxxxxxxx>
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
<mailto:users-help@xxxxxxxxxxxxxxxx>
--------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|