tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Tam, Michael" <m...@PFC.Forestry.CA>
Subject RE: SSL and mod_jk Problems on Tomcat 4.0.5 + Apache 1.3.26 (on L inux RH 7.3)
Date Wed, 02 Oct 2002 19:45:21 GMT
Thank you John for your correction.

Actually, I have run through my apache conf file and found the port 8443
being comment out.  

Regarding to the original question, the given example url is using the
default 443 port for ssl and tomcat ssl default is using 8443.  So, make
sure you make tomcat to listen to 443 instead.

I am using 8443 at this point and it works for me and I suppose it works the
same for port 443.

Cheers,
Michael


-----Original Message-----
From: Turner, John [mailto:JTurner@AAS.com]
Sent: Wednesday, October 02, 2002 12:05 PM
To: 'Tomcat Users List'
Subject: RE: SSL and mod_jk Problems on Tomcat 4.0.5 + Apache 1.3.26 (on
L inux RH 7.3)



That won't work...only one service can bind to a given port at a
time...communications between Apache and Tomcat occur on the given connector
port (8009 is the default for AJP13), SSL or not.

John

> -----Original Message-----
> From: Tam, Michael [mailto:mtam@PFC.Forestry.CA]
> Sent: Wednesday, October 02, 2002 3:01 PM
> To: 'Tomcat Users List'
> Subject: RE: SSL and mod_jk Problems on Tomcat 4.0.5 + Apache 
> 1.3.26 (on
> L inux RH 7.3)
> 
> 
> I believe you have to make Tomcat to listen to port 443 
> instead of 8443 for
> SSL then allow Apache to listen to port 443.
> 
> Hope this help.
> 
> Cheers,
> Michael
> 
> -----Original Message-----
> From: Gustavo Vegas [mailto:gustavo@colltech.com]
> Sent: Wednesday, October 02, 2002 11:56 AM
> To: tomcat-user@jakarta.apache.org
> Subject: SSL and mod_jk Problems on Tomcat 4.0.5 + Apache 1.3.26 (on
> Linux RH 7.3)
> 
> 
> Hello everyone,
>     Here is my problem; I am trying to make SSL requests to Tomcat 
> through mod_jk, but they do not appear to work. I am even able to see 
> properly through plain HTTP those pages I want served by 
> Tomcat through 
> SSL. When I use the https://hosts/directory/page.jsp, I get 
> the source 
> code of the file. If I try using the 8443 port, it displays 
> properly. I 
> am also using j2sdk version 1.4.1.
> Here is the definition of the virtual host under Apache:
> --------------------------------------------------------------
> --------------
> -------------------
> <IfModule !mod_jk.c>
>   LoadModule jk_module libexec/mod_jk.so
> </IfModule>
> 
> JkWorkersFile "/usr/local/apache/conf/workers.properties"
> JkLogFile "/web/logs/mod_jk.log"
> 
> JkLogLevel debug
> 
>  NameVirtualHost *
> 
> <IfDefine SSL>
> # Should mod_jk send SSL information to Tomcat (default is On)
> JkExtractSSL On
> # What is the indicator for SSL (default is HTTPS)
> JkHTTPSIndicator HTTPS
> # What is the indicator for SSL session (default is SSL_SESSION_ID)
> JkSESSIONIndicator SSL_SESSION_ID
> # What is the indicator for client SSL cipher suit (default 
> is SSL_CIPHER)
> JkCIPHERIndicator SSL_CIPHER
> # What is the indicator for the client SSL certificated (default is 
> SSL_CLIENT_C
> ERT)
> JkCERTSIndicator SSL_CLIENT_CERT
> # Other needed settings
> SSLOptions +StdEnvVars +ExportCertData
> ###############################################################
> # (BEGIN) Definition of SSL host.company.com virtual host #
> # NOTE: SSL Connections are only supported on IP-based virtual#
> # hosts                                                       #
> ###############################################################
> 
> <VirtualHost 192.168.25.100:443>
>     ServerName host.company.com
>     ServerAdmin root@company.com
>     DocumentRoot /web/htdocs/host.company.com
>     ScriptAlias     /cgi-bin/ 
> /web/htdocs/host.company.com/www/cgi-bin/
>     DirectoryIndex index.html index.htm index.shtml 
> index.shtm index.jsp
>     Alias /reports/ /web/htdocs/host.company.com/reports
>     JkAutoAlias /export/home/host.company.com
>     SSLEngine On
>     SSLCertificateFile /usr/local/XXX/certs/host.company.com.cert
>     SSLCertificateKeyFile /usr/local/XXX/keys/host.company.com.com.key
>     SSLCipherSuite 
> ALL:!ADH:!EXP56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
> 
> Alias /pfctestssl "/web/htdocs/host.company.com/ssl"
> 
>     JkMount /pfctestssl/*.jsp ajp13
>     JkMount /pfctestssl/* ajp13
>     JkMount /pfctestssl/*.do ajp13
>     JkMount /pfctestssl/manager ajp13
>     JkMount /pfctestssl/manager/* ajp13
> 
>     JkMount /pfctestssl/*/*.jsp ajp13
>     JkMount /pfctestssl/*/* ajp13
>     JkMount /pfctestssl/*/*.do ajp13
>     JkMount /pfctestssl/*/manager ajp13
>     JkMount /pfctestssl/*/manager/* ajp13
> 
>     <Location "/pfctestssl/WEB-INF/">
>     </Location>
> 
>     <Location "/pfctestssl/WEB-INF/">
>          AllowOverride None
>          Deny from all
>     </Location>
>     ErrorLog        /web/logs/host.company.com/ssl_error_log
>     CustomLog       /web/logs/host.company.com/ssl_access_log combined
>     TransferLog       /web/logs/host.company.com/ssl_transfer_log
> </VirtualHost>
> ###############################################################
> # (END) Definition of SSL host.company.com virtual host   #
> # ##############################################################
> </IfDefine>
> 
> --------------------------------------------------------------
> --------------
> -------------------
> I believe this to be a problem with jk_mod not understanding 
> what to do 
> with the requests for these pages. I even tried  to tell it 
> to pass such 
> requests by adding wildcards for the subdirectories under the ssl 
> directory, but it did not work. Any help on this issue would 
> be highly 
> appreciated. BTW, all other configuration bits seem to work. This was 
> actually working prior to us getting Tomcat talking to a database 
> server, but this would be extremely weird if it prevents mod_jk from 
> talking SSL. That is why I am not including any other configuration 
> files here. If need be, I will post any additional information that 
> people may want to take a look at.
> 
> Thanks,
> 
> -- Gustavo Vegas.
> 
> 
> --
> To unsubscribe, e-mail:
> <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
> For additional commands, e-mail:
> <mailto:tomcat-user-help@jakarta.apache.org>
> 
> --
> To unsubscribe, e-mail:   
<mailto:tomcat-user-unsubscribe@jakarta.apache.org>
For additional commands, e-mail:
<mailto:tomcat-user-help@jakarta.apache.org>

--
To unsubscribe, e-mail:
<mailto:tomcat-user-unsubscribe@jakarta.apache.org>
For additional commands, e-mail:
<mailto:tomcat-user-help@jakarta.apache.org>

--
To unsubscribe, e-mail:   <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
For additional commands, e-mail: <mailto:tomcat-user-help@jakarta.apache.org>


Mime
View raw message