httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From kohanm <kohan.mass...@gmail.com>
Subject [users@httpd] Apache 2.2+SSL+Tomocat+mod_JK configuration that accepts both HTTP and HTTPS requests
Date Sat, 26 Jul 2008 19:52:15 GMT
Hi,

I set up the  Apache 2.2+SSL+Tomcat 5.5 + mod_Jk  it works fine with HTTP but
when I use https I get Forbidden errors.

How should I configure the Apache2.2  to accept both HTTP and HTTPS requests?
The application uses https and http at the same time and there are not
any restricted directories for HTTPS.

The application uses HTTPS link when users want to login to the
system, the link goes to an external authentication server which
belongs to another organization and after success full login the
external server redirects web page to  our application.The external
authentication server force us to implement HTTPS.


here are the httpd.conf and httpd-ssl.conf files.

httpd.conf file(short describtion):

Listen  mydomainIP:80

LoadModule jk_module modules/mod_jk-apache-2.2.4.so

<IfModule mod_jk.c>

JkWorkersFile conf/workers.properties

JkLogFile logs/mod_jk.log
JkLogLevel error
JkLogStampFormat "[%a %b %d %H:%M:%S %Y] "
JkOptions +ForwardKeySize +ForwardURICompat -ForwardDirectories
JkRequestLogFormat "%w %V %T"

Alias /list  "/usr/local/jakarta-tomcat/webapps/list/"

<Directory "/usr/local/jakarta-tomcat/webapps/list/">
        Options Indexes +FollowSymLinks
        AllowOverride None
        Allow from all
    </Directory>

    <Location "/*/WEB-INF/*">
        AllowOverride None
        deny from all
    </Location>
JkMount  /list/*  example


</IfModule>


# Secure (SSL/TLS) connections
Include conf/extra/httpd-ssl.conf

<IfModule ssl_module>
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
</IfModule>



httpd-ssl.conf


Listen 443


AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl    .crl

SSLPassPhraseDialog  builtin
SSLSessionCache        shmcb:/usr/local/apache2.2/logs/ssl_scache(512000)
SSLSessionCacheTimeout  300

SSLMutex  file:/usr/local/apache2.2/logs/ssl_mutex


<VirtualHost _default_:443>

#   General setup for the virtual host
DocumentRoot "/usr/local/apache2.2/htdocs"
ServerName mydomain:443
ServerAdmin mk@kk.com
ErrorLog /usr/local/apache2.2/logs/error_log
TransferLog /usr/local/apache2.2/logs/access_log


SSLEngine on

SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL

SSLCertificateFile /usr/local/apache2.2/conf/server.crt
SSLCertificateKeyFile /usr/local/apache2.2/conf/server.key


#   Server Private Key:
<FilesMatch "\.(cgi|shtml|phtml|php)$">
    SSLOptions +StdEnvVars
</FilesMatch>
<Directory "/usr/local/apache2.2/cgi-bin">
    SSLOptions +StdEnvVars
</Directory>
BrowserMatch ".*MSIE.*" \
         nokeepalive ssl-unclean-shutdown \
         downgrade-1.0 force-response-1.0

#   Per-Server Logging:
#   The home of a custom SSL log file. Use this when you want a
#   compact non-error SSL logfile on a virtual host basis.
CustomLog /usr/local/apache2.2/logs/ssl_request_log \
          "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"

</VirtualHost>


Thanks for your help.

MK

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message