tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Oscar Carrillo <>
Subject Re: SSL and non-SSL webapps (Apache 2.0.44/mod_jk/Tomcat 4.1.18)
Date Sun, 02 Feb 2003 06:58:29 GMT
Thank You!

You got me on the right track and I've been able to get something working.
I don't feel very confident in my http.conf or ssl.conf being completely 
how it should be.

I think my main problem was that I was including in http.conf the
mod_jk.conf that is automatically generated by tomcat. And I believe that
the file needs to be included not inside a <VirtualHost> tag. So that 
would make it global?

Now I just manually moved the relevant listings in mod_jk.conf to 
http.conf and ssl.conf. Is that how you have your setup?

The other thing that is odd, is that if I set my browser pointed at the 
webapps directory (or anywhere inside of it), the browser gets redirected 
to the secure connection (https). This is EXACTLY how I want it to behave, 
but I don't know what makes that happen.

Thanks again,

On 2 Feb 2003, Ed Robbins wrote:

> You should be able to do this without much trouble.  The thing to
> remember is that Apache treats non-ssl and ssl connections as two
> different entities.  You have a VirtualHost configuration for the
> non-ssl stuff on port 80 and a VirtualHost configuration for SSL
> communication.  You can mount or not mount in either of these areas. 
> The tricky part is to keep the document root of each one seperate, that
> may be where your running into trouble.  In my ssl setup I make my
> document root, for a given virtual host, a completely different location
> then its non-ssl counterpart.  Thus for a given host I
> may have the following doc roots:
> Non-SSL
> /var/httpd/nonsecure/htdocs/testhost
> /var/httpd/secure/htdocs/testhost
> This way I have a clear delineation of where my secure content is served
> from vs. my non secure content.
> Ed
> On Sat, 2003-02-01 at 13:30, Oscar Carrillo wrote:
> > I am having a difficult time with what would appear to be a common issue.
> > 
> > I have Tomcat 4.1.18 with mod_jk connecting with Apache/SSL.
> > It works great, but I am having difficulty figuring out how to separate 
> > SSL and non-SSL communcations.
> > 
> > Ideally, it would seem that the proper way for this to function would be
> > to have <VirtualHost> in Apache and they mount the repective webapps
> > directory (or none at all for inaccessibility) using the mod_jk connector
> > configuration.
> > 
> > But mounting seems to be global as far as I can tell. So that 
> > http://myhost.mydomain/myTomcatDirectory/ goes the same place that
> > https://myhost.mydomain/myTomcatDirectory/
> > 
> > If this is not possible or very involved, maybe it would somehow be easier 
> > to disable just that directory in Apache for port 80. I could not get that 
> > to work either as it seemed to pass the request to the mod_jk connector. I 
> > may have done something wrong there, but I tried to follow the 
> > documentation with Directory directives.
> > 
> > If that had worked I could not use that same directory name for content on 
> > the Apache side but that's not that big of a deal.
> > 
> > The other option I thought of was to do URL Rewriting in Apache so that 
> > all "http://myhost.mydomain/myTomcatDirectory" would get replaced with
> > "https://myhost.mydomain/myTomcatDirectory". That seemed like a decent 
> > option to, but the configuration for the mod_rewrite was a bear to try and 
> > figure out. If someone knows how do something simple like I describe 
> > please post.
> > 
> > The other option I could think of is to not have apache listen on port 80, 
> > and then run another instance of apache with it's own config files that 
> > would just listen to port 80. Seems a little awkward but I also had 
> > difficulty getting a second copy of apache running.
> > 
> > A little enlightenment is greatly appreciated.
> > 
> > Thank you,
> > Oscar Carrillo
> > 
> > 
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail:
> > For additional commands, e-mail:

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message