Return-Path: 
 <users-return-81736-apmail-httpd-users-archive=httpd.apache.org@httpd.apache.org>
Delivered-To: apmail-httpd-users-archive@www.apache.org
Received: (qmail 21106 invoked from network); 30 Jun 2008 12:46:51 -0000
Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2)
  by minotaur.apache.org with SMTP; 30 Jun 2008 12:46:51 -0000
Received: (qmail 40344 invoked by uid 500); 30 Jun 2008 12:46:44 -0000
Delivered-To: apmail-httpd-users-archive@httpd.apache.org
Received: (qmail 39675 invoked by uid 500); 30 Jun 2008 12:46:42 -0000
Mailing-List: contact users-help@httpd.apache.org; run by ezmlm
Precedence: bulk
Reply-To: users@httpd.apache.org
list-help: <mailto:users-help@httpd.apache.org>
list-unsubscribe: <mailto:users-unsubscribe@httpd.apache.org>
List-Post: <mailto:users@httpd.apache.org>
List-Id: <users.httpd.apache.org>
Delivered-To: mailing list users@httpd.apache.org
Received: (qmail 39664 invoked by uid 99); 30 Jun 2008 12:46:42 -0000
Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136)
    by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 30 Jun 2008 05:46:42 -0700
X-ASF-Spam-Status: No, hits=-0.0 required=10.0
	tests=SPF_PASS
X-Spam-Check-By: apache.org
Received-SPF: pass (athena.apache.org: domain of sergeyfd@gmail.com designates
 216.239.58.184 as permitted sender)
Received: from [216.239.58.184] (HELO gv-out-0910.google.com) (216.239.58.184)
    by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 30 Jun 2008 12:45:51 +0000
Received: by gv-out-0910.google.com with SMTP id u5so166410gve.23
        for <users@httpd.apache.org>; Mon, 30 Jun 2008 05:46:10 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=gamma;
        h=domainkey-signature:received:received:message-id:date:from:to
         :subject:in-reply-to:mime-version:content-type
         :content-transfer-encoding:content-disposition:references;
        bh=3JgoYAOEiUPSoW6of/CxBWgJzNvzUh7/Eu3i0aKvtGQ=;
        b=pyYyXNTGK5ITbFM6vZAn1ziMO3SmG4ybp+X8vq9y+Gm3UaR4csO44OEnEtuznWHBKH
         LV2s4azpVyFVLbvHGoPSUa2nVSmmD4U0qcUgoGaLVJ3goyeTxQiNI4kpwSYMERwGl61a
         1mzj3y3v5vQ79cd+xSIypaxt+8g2NO1PwCuqA=
DomainKey-Signature: a=rsa-sha1; c=nofws;
        d=gmail.com; s=gamma;
        h=message-id:date:from:to:subject:in-reply-to:mime-version
         :content-type:content-transfer-encoding:content-disposition
         :references;
        b=r1Xi9zFQdcdIlnYlX3v3B9zlJiu/5GMiKTSDNqTKhCxC86KRR6Pzcg1QgRU+JLnFPA
         W+CJvYGykDlMKB58tj1yVGOt5dHDf9Ool59EKWLpi0hgT2yOCtKsD+0svlXAAKLrsaDs
         BOwMuVg3nFFbtCK2aK+1TsOlxNmmRIZ/S5O4o=
Received: by 10.78.176.20 with SMTP id y20mr1292270hue.107.1214829969419;
        Mon, 30 Jun 2008 05:46:09 -0700 (PDT)
Received: by 10.78.172.3 with HTTP; Mon, 30 Jun 2008 05:46:09 -0700 (PDT)
Message-ID: <868cbbaa0806300546x6ceb6a9awa13c5a0c6082a01a@mail.gmail.com>
Date: Mon, 30 Jun 2008 06:46:09 -0600
From: "Serge Dubrouski" <sergeyfd@gmail.com>
To: users@httpd.apache.org
In-Reply-To: <c30def490806300516t1d4e9ab3s87df44e3c17a06d8@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
References: <c30def490806300140i6b688a3ap848712b97d07d007@mail.gmail.com>
	 <868cbbaa0806300500s4385305k19f00213e190d148@mail.gmail.com>
	 <c30def490806300516t1d4e9ab3s87df44e3c17a06d8@mail.gmail.com>
X-Virus-Checked: Checked by ClamAV on apache.org
Subject: Re: [users@httpd] how to configure apache+ssl+mod_jk+tomcat

It sounds like you have an HTTP virtual server configured on port 8000
and HTTPS virtual server  configured on port 443. Most probably your
mod_jk commands are defined in the scope of HTPP server and aren't
active on the scope of HTTPS server. Try to move/duplicate them in the
http-ssl.conf inside the VirtualServer definition or make sure that
they are diefined in the global scope, not HTTP virtual server scope.

On Mon, Jun 30, 2008 at 6:16 AM, Meir Yanovich <meiry242@gmail.com> wrote:
> it looks like this : ( i changed it from the default 8009 )
>
>  <Connector port="8443" maxHttpHeaderSize="8192"
>               maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
>               enableLookups="false" disableUploadTimeout="true"
>               acceptCount="100" scheme="https" secure="true"
>                           keystoreFile="D:/tomcat/conf/keystore" keystorePass="password"  />
>
>        <Connector port="48333"
>            enableLookups="false" redirectPort="8443" protocol="AJP/1.3"
>                        secure="true" connectionTimeout="0" threadPriority="5"
>                        connectionUploadTimeout="0" connectionLinger="0"
>                        maxSpareThreads="50" maxThreads="200"
>                        maxKeepAliveRequests="100" disableUploadTimeout="false"
>                        uRIEncoding="null" tcpNoDelay="false" minSpareThreads="4"
>                        acceptCount="60000" />
>
> On Mon, Jun 30, 2008 at 3:00 PM, Serge Dubrouski <sergeyfd@gmail.com> wrote:
>> How does your Tomcat's server.xml file looks like? Does it have an AJP
>> listener on port 48333 like you configured in workers file?
>>
>> On Mon, Jun 30, 2008 at 2:40 AM, Meir Yanovich <meiry242@gmail.com> wrote:
>>> Hello all
>>> im having problem on configuring apache 2.2 forward ssl requests to tomcat
>>> im using basic configuration that i collected on the web ( mostly
>>> using old apache )
>>> im can use ssl on the apache htdocs . but i can't make it forward to
>>> the tomcat .
>>> by the way with no ssl the http forwarding to tomcat works fine .
>>> here is my configuration :
>>> in the http-ssl.conf  i have the standard configuration i didn't
>>> change any thing beside
>>> SSLCertificateKeyFile and the SSLCertificateFile to the proper files
>>> and the mod_jk conf in the httpd.conf looks like this :
>>>
>>> #*****************************************************
>>> # Load mod_jk module
>>> # Update this path to match your modules location
>>> LoadModule    jk_module  modules/mod_jk.so
>>>
>>> # The workers that jk should create and work with
>>> # Define 1 real worker using ajp13
>>> JkWorkerProperty worker.list=Tomcat01
>>>
>>>  JkWorkerProperty worker.Tomcat01.type=ajp13
>>> JkWorkerProperty worker.Tomcat01.host=app1
>>> JkWorkerProperty worker.Tomcat01.port=48333
>>>
>>> # Should mod_jk send SSL information to Tomcat (default is On)
>>> JkExtractSSL off
>>> # What is the indicator for SSL (default is HTTPS)
>>> JkHTTPSIndicator HTTPS
>>> # What is the indicator for SSL session (default is SSL_SESSION_ID)
>>> JkSESSIONIndicator SSL_SESSION_ID
>>> # What is the indicator for client SSL cipher suit (default is SSL_CIPHER)
>>> JkCIPHERIndicator SSL_CIPHER
>>> # What is the indicator for the client SSL certificated (default is
>>> SSL_CLIENT_CERT)
>>> JkCERTSIndicator SSL_CLIENT_CERT
>>>
>>> # JkOptions indicate to send SSL KEY SIZE,
>>> JkOptions +ForwardKeySize +ForwardURICompat -ForwardDirectories
>>> # Where to put jk logs
>>> # Update this path to match your logs directory location (put
>>> mod_jk.log next to access_log)
>>> JkLogFile     logs/mod_jk.log
>>>
>>> # Set the jk log level [debug/error/info]
>>> JkLogLevel   debug
>>>
>>> # Select the timestamp log format
>>> JkLogStampFormat "[%a %b %d %H:%M:%S %Y] "
>>>
>>> # Set the request log format
>>> JkRequestLogFormat     "%w %V %T %b %H %s %m %U %q"
>>>
>>> # Send everything for context /examples to worker named worker1 (ajp13)
>>> JkMount /* Tomcat01
>>>
>>> # Serve html, jpg and gif using httpd
>>>  JkUnMount /*.html ajp13
>>>  JkUnMount /*.jpg  ajp13
>>>  JkUnMount /*.gif  ajp13
>>>
>>>
>>> only when i browse to the port that is in the Listen 8000 the
>>> forwarding to tomcat works but this is not ssl as i need
>>> what im doing wrong here ? can it be done ?
>>> thanks
>>>
>>> ---------------------------------------------------------------------
>>> The official User-To-User support forum of the Apache HTTP Server Project.
>>> See <URL:http://httpd.apache.org/userslist.html> for more info.
>>> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>>>   "   from the digest: users-digest-unsubscribe@httpd.apache.org
>>> For additional commands, e-mail: users-help@httpd.apache.org
>>>
>>>
>>
>>
>>
>> --
>> Serge Dubrouski.
>>
>> ---------------------------------------------------------------------
>> The official User-To-User support forum of the Apache HTTP Server Project.
>> See <URL:http://httpd.apache.org/userslist.html> for more info.
>> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>>   "   from the digest: users-digest-unsubscribe@httpd.apache.org
>> For additional commands, e-mail: users-help@httpd.apache.org
>>
>>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>   "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>



-- 
Serge Dubrouski.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org