httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Tomo <...@ukmn.com>
Subject [users@httpd] Problem with Apache + Tomcat + SSL + mod_rewrite
Date Thu, 18 Jan 2007 11:25:35 GMT

Could anyone help me with a problem I have using mod_rewrite to send an https
request from apache to tomcat. I have a couple of questions:
Does my working rule (below) break the security imposed by SSL by
redirecting to port 8080?
Why does my rewrite rule to the ssl port on tomcat fail?

In this example the tomcat application name is the same as the subdomain
name.

My current rewrite rule that works is:

RewriteCond %{THE_REQUEST} "^(GET|POST) https://.*"
RewriteRule ^/(.*) https://localhost:80/ [F,L]
RewriteCond %{REQUEST_URI} "!^/sub_domain_name/.*"
RewriteRule ^/(.*) http://localhost:8080/sub_domain_name/$1 [P]
RewriteCond %{REQUEST_URI} ^/sub_domain_name/.*
RewriteRule ^/(.*) http://localhost:8080/$1 [P]

Since port 8080 is not secure I have tried the following, but it does not
work:

RewriteCond %{REQUEST_URI} "!^/sub_domain_name/.*"
RewriteRule ^/(.*) https://localhost:8444/sub_domain_name/$1 [P]
RewriteCond %{REQUEST_URI} ^/sub_domain_name/.*
RewriteRule ^/(.*) https://localhost:8444/$1 [P]

https is on 8444 rather than 8443 because a plesk system is running on 8443.
The tomcat certificate has been generated and the server.xml modified.
Tomcat is happy serving pages on https://localhost:8444 directly so why
would this rewrite rule fail?

The mod_rewrite log has the same output (except for the urls used in the
rewrite) for both of these rules, so thats no help.
the ssl_error log says:
RSA server certificate CommonName (CN) `localhost.localdomain' does NOT
match server name!? 
the error_log has a similar warning:
[warn] RSA server certificate CommonName (CN) `plesk' does NOT match server
name!? 
-- 
View this message in context: http://www.nabble.com/Problem-with-Apache-%2B-Tomcat-%2B-SSL-%2B-mod_rewrite-tf3033654.html#a8429080
Sent from the Apache HTTP Server - Users mailing list archive at Nabble.com.


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message