httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Serge Dubrouski" <serge...@gmail.com>
Subject Re: [users@httpd] Apache, mod_jk, client certificates, and Jetty
Date Tue, 28 Nov 2006 17:07:30 GMT
On 11/28/06, Lucuk, Pete <pete.lucuk@ngc.com> wrote:
> >> Jetty = http://www.mortbay.org/
> >
> >Just for my curiosity: why do you need 3 Web servers: Apache -> JBoss
> >-> Jetty ? What Jetty does that JBoss can't do?
>
>
> Jetty is the HTTP servlet engine for Jboss.
>
> Just like Tomcat is the HTTP servelet engine for Jboss 4.x

Got you. I thought you had JBoss with Tomcat + Jetty.

Then I'm not sure that it'd work at all because I'm not sure that
Jetty support AJP 1.3. Why not to upgrade JBoss and replace Jetty with
Tomcat?

>
> Without Jetty, or Tomcat for that matter, Jboss does not hav a HTTP
> interface.
> Jboss is not web server by itself, it needs Tomcat, Jetty, etc. in front
> of it to do the HTTP.
>
>
> >
> >>
> >> Jetty Server died, gave some bogus java error that told you nothing
> >>
> >>
> >> >
> >> >>
> >> >> Could the way I have my ordering things in httpd.conf and
> >> >> httpd-ssl.conf be throwing something off?
> >> >
> >> >I don't thinks so.
> >> >
> >> >>
> >> >> Where the httpd-ssl.conf comes first in the httpd.conf,
> >before the
> >> >> acutual mod_jk stuff?
> >> >>
> >> >
> >> >I'd put mod_jk stuff before mod_ssl stuff. But I don't
> >think that it
> >> >matters.
> >>
> >> I will try it and see if it works, once again, thank you
> >>
> >> >
> >> >>
> >> >> Thanks for your responses, I appreciate your help
> >> >>
> >> >>
> >> >>
> >> >>
> >> >>
> >> >> >-----Original Message-----
> >> >> >From: Serge Dubrouski [mailto:sergeyfd@gmail.com]
> >> >> >Sent: Tuesday, November 28, 2006 10:53 AM
> >> >> >To: users@httpd.apache.org
> >> >> >Subject: Re: [users@httpd] Apache, mod_jk, client certificates,
> >> >> >and Jetty
> >> >> >
> >> >> >On 11/28/06, Lucuk, Pete <pete.lucuk@ngc.com> wrote:
> >> >> >>
> >> >> >> I am trying to perform the following...
> >> >> >>
> >> >> >>
> >> >>
> >>
> >>>Browser_client_with_client_certificate<--https-->apache_with_mod_jk<
> >> >>-
> >> >> >-
> >> >> >> ht
> >> >> >> tps-->Jetty
> >> >> >>
> >> >> >> Also, the browser client is passing a client
> >certificate that I
> >> >> >> want Jetty to have access to perform A&A.
> >> >> >>
> >> >> >> Browser version = IE 6
> >> >> >> Apache version = 2.2.3
> >> >> >> Mod_jk version = 1.2.19
> >> >> >> Jetty version = 4.2.9
> >> >> >>
> >> >> >> I CAN get the full round trip working under HTTPS,
> >that is not a
> >> >> >> problem.
> >> >> >> I CAN *** NOT *** get Jetty to have access to the client
> >> >> >certificate,
> >> >> >> Jetty states that it can not find the client certificate.
> >> >> >>
> >> >> >> I am confident that Jetty is configured for AJP (round trip
in
> >> >> >> HTTPS work)and client certificates (when the
> >> >> >> Browser_client_with_client_certificate hits it directly,
> >> >it works).
> >> >> >>
> >> >> >>
> >> >> >> Not sure if it is a config thing on apache/mod_jk or what.
> >> >> >>
> >> >> >>
> >> >> >> Below is my Apache and mod_jk config, any ideas???...
> >> >> >>
> >> >> >> ###########################################################
> >> >> >> In my httpd.conf file I have the following...
> >> >> >>
> >> >> >> # Secure (SSL/TLS) connections
> >> >> >> Include conf/extra/httpd-ssl.conf
> >> >> >>
> >> >> >> <IfModule !mod_jk.c>
> >> >> >>
> >> >> >>   #LoadModule jk_module  modules/mod_jk.so
> >> >> >>   LoadModule jk_module
> >> >> >> modules/mod_jk-1.2.19-apache-2.2.3-solaris-sparc.so
> >> >> >>
> >> >> >> </IfModule>
> >> >> >>
> >> >> >>
> >> >> >> <IfModule mod_jk.c>
> >> >> >>
> >> >> >>   JkWorkersFile "conf/worker.properties"
> >> >> >>
> >> >> >>   JkLogFile "logs/mod_jk.log"
> >> >> >>
> >> >> >>   JkLogLevel info
> >> >> >>
> >> >> >>   JkLogStampFormat "[%a %b %d %H:%M:%S %Y] "
> >> >> >>
> >> >> >>   JkOptions +ForwardKeySize +ForwardURICompat
> >> >> >>
> >> >> >> JkExtractSSL On
> >> >> >> # What is the indicator for SSL (default is HTTPS)
> >> >JkHTTPSIndicator
> >> >> >> HTTPS # What is the indicator for SSL session (default is
> >> >> >> SSL_SESSION_ID) JkSESSIONIndicator SSL_SESSION_ID #
> >What is the
> >> >> >> indicator for client SSL cipher suit (default is
> >> >> >> SSL_CIPHER)
> >> >> >> JkCIPHERIndicator SSL_CIPHER
> >> >> >> # What is the indicator for the client SSL certificated
> >> >(default is
> >> >> >> SSL_CLIENT_CERT)
> >> >> >> JkCERTSIndicator SSL_CLIENT_CERT
> >> >> >>
> >> >> >> </IfModule>
> >> >> >>
> >> >> >> ###########################################################
> >> >> >> In my worker.properties I have...
> >> >> >>
> >> >> >> worker.list=jetty
> >> >> >>
> >> >> >> #worker.jetty.port=8009
> >> >> >> worker.jetty.port=5309
> >> >> >>
> >> >> >> worker.jetty.host=servera
> >> >> >>
> >> >> >> worker.jetty.type=ajp13
> >> >> >>
> >> >> >> worker.jetty.lbfactor=1
> >> >> >>
> >> >> >>
> >> >> >> ###########################################################
> >> >> >> In my httpd-ssl.conf I have...
> >> >> >>
> >> >> >> <VirtualHost _default_:5443>
> >> >> >>
> >> >> >> #SSLOptions +StdEnvVars +ExportCertData
> >> >> >
> >> >> >Uncomment this.
> >> >> >
> >> >> >>
> >> >> >> JkMount /* jetty
> >> >> >>
> >> >> >> #   General setup for the virtual host
> >> >> >> DocumentRoot "/data/dir/dir/tools/web/apache/server/htdocs"
> >> >> >> ServerName kftcsu14.ftc.lab:5443 ServerAdmin you@example.com
> >> >> >> ErrorLog /data/dir/dir/tools/web/apache/server/logs/error_log
> >> >> >> TransferLog
> >> >> >> /data/dir/dir/tools/web/apache/server/logs/access_log
> >> >> >>
> >> >> >> #   SSL Engine Switch:
> >> >> >> #   Enable/Disable SSL for this virtual host.
> >> >> >> SSLEngine on
> >> >> >>
> >> >> >> SSLProxyEngine on
> >> >> >>
> >> >> >> SSLCipherSuite
> >> >> >>
> >ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
> >> >> >>
> >> >> >> SSLCertificateFile
> >> >> >> /data/dir/dir/tools/web/apache/ssl/bin/cacert.pem
> >> >> >> SSLCertificateKeyFile
> >> >> >> /data/dir/dir/tools/web/apache/ssl/bin/privkey.pem
> >> >> >>
> >> >> >> SSLCACertificateFile
> >> >> >> /data/dir/dir/tools/web/apache/ssl/bin/public_ca.pem
> >> >> >> SSLVerifyClient optional
> >> >> >>
> >> >> >>
> >> >> >> </VirtualHost>
> >> >> >>
> >> >> >>
> >> >> >>
> >> >> >>
> >> >-------------------------------------------------------------------
> >> >> >> -- The official User-To-User support forum of the Apache HTTP
> >> >> >Server Project.
> >> >> >> See <URL:http://httpd.apache.org/userslist.html> for
more info.
> >> >> >> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> >> >> >>    "   from the digest:
> >users-digest-unsubscribe@httpd.apache.org
> >> >> >> For additional commands, e-mail: users-help@httpd.apache.org
> >> >> >>
> >> >> >>
> >> >> >
> >> >>
> >>
> >>>--------------------------------------------------------------------
> >> >>-
> >> >> >The official User-To-User support forum of the Apache
> >HTTP Server
> >> >> >Project.
> >> >> >See <URL:http://httpd.apache.org/userslist.html> for more
info.
> >> >> >To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> >> >> >   "   from the digest: users-digest-unsubscribe@httpd.apache.org
> >> >> >For additional commands, e-mail: users-help@httpd.apache.org
> >> >> >
> >> >> >
> >> >>
> >> >>
> >-------------------------------------------------------------------
> >> >> -- The official User-To-User support forum of the Apache HTTP
> >> >Server Project.
> >> >> See <URL:http://httpd.apache.org/userslist.html> for more info.
> >> >> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> >> >>    "   from the digest: users-digest-unsubscribe@httpd.apache.org
> >> >> For additional commands, e-mail: users-help@httpd.apache.org
> >> >>
> >> >>
> >> >
> >>
> >>---------------------------------------------------------------------
> >> >The official User-To-User support forum of the Apache HTTP Server
> >> >Project.
> >> >See <URL:http://httpd.apache.org/userslist.html> for more info.
> >> >To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> >> >   "   from the digest: users-digest-unsubscribe@httpd.apache.org
> >> >For additional commands, e-mail: users-help@httpd.apache.org
> >> >
> >> >
> >>
> >> ---------------------------------------------------------------------
> >> The official User-To-User support forum of the Apache HTTP
> >Server Project.
> >> See <URL:http://httpd.apache.org/userslist.html> for more info.
> >> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> >>    "   from the digest: users-digest-unsubscribe@httpd.apache.org
> >> For additional commands, e-mail: users-help@httpd.apache.org
> >>
> >>
> >
> >---------------------------------------------------------------------
> >The official User-To-User support forum of the Apache HTTP
> >Server Project.
> >See <URL:http://httpd.apache.org/userslist.html> for more info.
> >To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> >   "   from the digest: users-digest-unsubscribe@httpd.apache.org
> >For additional commands, e-mail: users-help@httpd.apache.org
> >
> >
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>    "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message