tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Dean Searle" <d...@computingoasis.com>
Subject RE: HTTPS with Apache 2.0.48 and Tomcat 5.0.16
Date Tue, 03 Feb 2004 14:13:54 GMT
Here is part of my httpd.conf for and Apache2, Tomcat 4.1.29 and mod_jk2 setup. This is only
for the Virtual host part. Assuming you have everyhting else loading correctly it should work.

NameVirtualHost 127.0.0.1:443
NameVirtualHost 127.0.0.1:80

<VirtualHost 127.0.0.1:80>
	ServerName www.domain.com
	ServerAlias domain.com
	Redirect permanent / https://www.domain.com
</VirtualHost>


<VirtualHost 127.0.0.1:443>
	ServerName www.domain.com
	ServerAlias domain.com
	DocumentRoot z:/tomcattest/webapps
	ErrorLog z:/tomcattest/logs/domain_error.log
	CustomLog z:/tomcattest/logs/domain_access.log common
	SSLEngine On
	SSLCertificateFile		conf/ssl/domain.crt
	SSLCertificateKeyFile		conf/ssl/domain.key.unsecure
	SSLCACertificateFile 		conf/ssl/intermediate.crt

	<Location /rvdc>
		SSLRequireSSL
	</Location>
	
	<Location "/domain/WEB-INF/*">
		AllowOverride None
		deny from all
	</Location>
	
	<Location /webapps/*.jsp>
		JkUriSet group ajp13:localhost:8109
	</Location>
</VirtualHost>

The JkMount directives only work for mod_jk. Mod_jk2 requires a whole new set of directives
to work. Following is my server.xml and workers2.properties that should help.

***workers2.properties***

# only at beginnin. In production uncomment it out
[logger.apache2]
level=DEBUG

[shm]
file=z:/tomcat/logs/jk2.shm
size=1048576

# Example socket channel, override port and host.
[channel.socket:localhost:8109]
port=8109
host=127.0.0.1

[channel.socket:localhost:8110]
port=8110
host=127.0.0.1

[channel.socket:localhost:8111]
port=8111
host=127.0.0.1

#[channel.jni:jni]
#info=The jni channel, used if tomcat is started inprocess

[status:]
info=Status worker, displays runtime information

#[vm:]
#info=Parameters used to load a JVM in the server process
#JVM=C:\jdk\jre\bin\hotspot\jvm.dll
#OPT=-Djava.class.path=Z:/Tomcat/bin/tomcat-jni.jar;Z:/Tomcat/server/lib/commons-logging.jar
#OPT=-Dtomcat.home=${TOMCAT_HOME}
#OPT=-Dcatalina.home=${TOMCAT_HOME}
#OPT=-Xmx128M
#OPT=-Djava.compiler=NONE
#disabled=0

#[worker1.jni:onStartup]
#info=Command to be executed by the VM on startup. This one will start tomcat.
#class=org/apache/jk/apr/TomcatStarter
#ARG=start
#disabled=0
#stdout=Z:/tomcat/logs/stdout.log
#stderr=Z:/tomcat/logs/stderr.log

#[worker1.jni:onShutdown]
#info=Command to be executed by the VM on shutdown. This one will stop tomcat.
#class=org/apache/jk/apr/TomcatStarter
#ARG=stop
#disabled=0

# Define the worker
# First Web Application Worker
[ajp13:localhost:8109]
channel=channel.socket:localhost:8109

# Second Web Application Worker
[ajp13:localhost:8110]
channel=channel.socket:localhost:8110

# Third Web Application Worker
[ajp13:localhost:8111]
channel=channel.socket:localhost:8111

 Uri mapping
[uri:127.0.0.1/*.jsp]
worker=ajp13:localhost:8109

[uri:/jkstatus/*]
info=Display status information and checks the config file for changes.
worker=status:status

[uri:www.domain.com/*.jsp]
group=ajp13:localhost:8109


***server.xml***
***This is the only section you need to make sure is enabled. Leave everything else alone.
Note: the port designated here might be different than yours. You can use any port you want
here as long as you use the same port in the httpd.conf and the workers2.properties file.****

 <!-- Define a Coyote/JK2 AJP 1.3 Connector on port 8009 -->
    <Connector className="org.apache.coyote.tomcat4.CoyoteConnector"
               port="8109" minProcessors="5" maxProcessors="75"
               enableLookups="true" redirectPort="8443"
               acceptCount="10" debug="0" connectionTimeout="0"
               useURIValidationHack="false"
               protocolHandlerClassName="org.apache.jk.server.JkCoyoteHandler"/>

***I hope that this helps you out.***

Dean


-----Original Message-----
From: Oscar Carrillo [mailto:tomcat@daydream.stanford.edu]
Sent: Mon 2/2/2004 4:04 PM
To: Tomcat Users List; ralf@tapfere-schneiderleins.de
Subject: Re: HTTPS with Apache 2.0.48 and Tomcat 5.0.16
 
Hi,

The JkMount directives tell Apache to pass these request thru the 
Connector to Tomcat.

I do this very same thing for jWebMail, cause I don't want it accessible 
thru http, only https. Here's my ssl.conf config section for it:
--------------------------------------------------------------
<VirtualHost _default_:443>
#Other stuff about your ssl host

#Webmail
    # Static files
    Alias /webmail "/usr/local/tomcat/webapps/webmail"

    <Directory "/usr/local/tomcat/webapps/webmail">
        Options Indexes FollowSymLinks
        DirectoryIndex index.jsp
    </Directory>

    <Location "/webmail/META-INF/*">
        AllowOverride None
        deny from all
    </Location>

    <Location "/webmail/WEB-INF/*">
        AllowOverride None
        deny from all
    </Location>

    JkMount /webmail/do/*  ajp13
    JkMount /webmail/*.jsp  ajp13
    JkMount /webmail/WebMail  ajp13
    JkMount /webmail/WebMail/*  ajp13
---------------------------------------

Does that help? BTW, this is all on my site but there's quite a bit of stuff there that you
can miss it.

Oscar
http://www.linuxjava.net/howto/webapp/



On Mon, 2 Feb 2004, Ralf Schneider wrote:

> Am Montag, 2. Februar 2004 21:26 schrieb Oscar Carrillo:
> > I believe you need to setup a VirtualHost section in httpd.conf even if
> > you don't really need Virtual Hosting.
> 
> I did that.
> 
> > Also try Redirecting the whole site. I'm not sure if I've tried just the
> > webapp. I'm not sure if you need to compile the rewrite module for the
> > redirect, but I don't think so.
> >
> > #httpd.conf VirtualHost section of myhost.mydomain
> > Redirect / https://myhost.mydomain/mywebapp
> 
> But I don't want to do this with the whole site, because there are parts that 
> should be accessible with normal HTTP.
> 
> > Also, you can't include the mod_jk configuration. You must put the mount
> > commands explicitly in each virtual host. If you include the modjk conf
> > file "Include mod_jk.conf", then it will be global and all hosts will get
> > access. This is likely your problem especially if you haven't put mod_jk
> > mount commands in "ssl.conf".
> 
> I did not put any JKMount statements in ssl.conf. Which do I need? Something 
> like this:
> 
> JKMount /demo_02/* ajp13
> 
> Or anything else? I think I did not understood correctly what this JkMount 
> does.
> 
> Ralf.
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
> 


---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org






Mime
View raw message