httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Serge Dubrouski" <serge...@gmail.com>
Subject Re: [users@httpd] Problem with Apache + Tomcat + SSL + mod_rewrite
Date Thu, 18 Jan 2007 14:54:15 GMT
It would be good to take a look at you Tomcat's server.xml (connectors
part) file as well. Without that it's hard to answer your questions.
Bu there are some answers:

On 1/18/07, Tomo <tom@ukmn.com> wrote:
>
> Could anyone help me with a problem I have using mod_rewrite to send an https
> request from apache to tomcat. I have a couple of questions:
> Does my working rule (below) break the security imposed by SSL by
> redirecting to port 8080?

No if your Tomcat is configured to listen on 127.0.0.1 address only.

> Why does my rewrite rule to the ssl port on tomcat fail?

Hard to tell. Need to see connectors config.

>
> In this example the tomcat application name is the same as the subdomain
> name.
>
> My current rewrite rule that works is:
>
> RewriteCond %{THE_REQUEST} "^(GET|POST) https://.*"
> RewriteRule ^/(.*) https://localhost:80/ [F,L]
> RewriteCond %{REQUEST_URI} "!^/sub_domain_name/.*"
> RewriteRule ^/(.*) http://localhost:8080/sub_domain_name/$1 [P]
> RewriteCond %{REQUEST_URI} ^/sub_domain_name/.*
> RewriteRule ^/(.*) http://localhost:8080/$1 [P]
>
> Since port 8080 is not secure I have tried the following, but it does not
> work:
>
> RewriteCond %{REQUEST_URI} "!^/sub_domain_name/.*"
> RewriteRule ^/(.*) https://localhost:8444/sub_domain_name/$1 [P]
> RewriteCond %{REQUEST_URI} ^/sub_domain_name/.*
> RewriteRule ^/(.*) https://localhost:8444/$1 [P]
>
> https is on 8444 rather than 8443 because a plesk system is running on 8443.
> The tomcat certificate has been generated and the server.xml modified.
> Tomcat is happy serving pages on https://localhost:8444 directly so why
> would this rewrite rule fail?

What do you mean by "fail". Do you get 501 error or something else?

>
> The mod_rewrite log has the same output (except for the urls used in the
> rewrite) for both of these rules, so thats no help.
> the ssl_error log says:
> RSA server certificate CommonName (CN) `localhost.localdomain' does NOT
> match server name!?
> the error_log has a similar warning:
> [warn] RSA server certificate CommonName (CN) `plesk' does NOT match server
> name!?

How did you generate a certificate for Tomcat? Is it self-signed or a
real one? For what server that cert was generated?

> --
> View this message in context: http://www.nabble.com/Problem-with-Apache-%2B-Tomcat-%2B-SSL-%2B-mod_rewrite-tf3033654.html#a8429080
> Sent from the Apache HTTP Server - Users mailing list archive at Nabble.com.
>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>   "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message