tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ed Robbins ...@erobbins.com>
Subject Re: SSL and non-SSL webapps (Apache 2.0.44/mod_jk/Tomcat 4.1.18)
Date Sun, 02 Feb 2003 14:03:14 GMT
You should be able to do this without much trouble.  The thing to
remember is that Apache treats non-ssl and ssl connections as two
different entities.  You have a VirtualHost configuration for the
non-ssl stuff on port 80 and a VirtualHost configuration for SSL
communication.  You can mount or not mount in either of these areas. 
The tricky part is to keep the document root of each one seperate, that
may be where your running into trouble.  In my ssl setup I make my
document root, for a given virtual host, a completely different location
then its non-ssl counterpart.  Thus for a given host www.testhost.com I
may have the following doc roots:

Non-SSL

/var/httpd/nonsecure/htdocs/testhost

SSL

/var/httpd/secure/htdocs/testhost

This way I have a clear delineation of where my secure content is served
from vs. my non secure content.


Ed

On Sat, 2003-02-01 at 13:30, Oscar Carrillo wrote:
> I am having a difficult time with what would appear to be a common issue.
> 
> I have Tomcat 4.1.18 with mod_jk connecting with Apache/SSL.
> It works great, but I am having difficulty figuring out how to separate 
> SSL and non-SSL communcations.
> 
> Ideally, it would seem that the proper way for this to function would be
> to have <VirtualHost> in Apache and they mount the repective webapps
> directory (or none at all for inaccessibility) using the mod_jk connector
> configuration.
> 
> But mounting seems to be global as far as I can tell. So that 
> http://myhost.mydomain/myTomcatDirectory/ goes the same place that
> https://myhost.mydomain/myTomcatDirectory/
> 
> If this is not possible or very involved, maybe it would somehow be easier 
> to disable just that directory in Apache for port 80. I could not get that 
> to work either as it seemed to pass the request to the mod_jk connector. I 
> may have done something wrong there, but I tried to follow the 
> documentation with Directory directives.
> 
> If that had worked I could not use that same directory name for content on 
> the Apache side but that's not that big of a deal.
> 
> The other option I thought of was to do URL Rewriting in Apache so that 
> all "http://myhost.mydomain/myTomcatDirectory" would get replaced with
> "https://myhost.mydomain/myTomcatDirectory". That seemed like a decent 
> option to, but the configuration for the mod_rewrite was a bear to try and 
> figure out. If someone knows how do something simple like I describe 
> please post.
> 
> The other option I could think of is to not have apache listen on port 80, 
> and then run another instance of apache with it's own config files that 
> would just listen to port 80. Seems a little awkward but I also had 
> difficulty getting a second copy of apache running.
> 
> A little enlightenment is greatly appreciated.
> 
> Thank you,
> Oscar Carrillo
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
-- 
Ed Robbins <ed@erobbins.com>


---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


Mime
View raw message