tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From r.@metamagix.net
Subject multiple ips, multiple ssl certificates and port forwarding
Date Mon, 17 Jan 2005 15:00:43 GMT
hello everybody!

i'm new to this list and dont have too much tomcat expericence but i've 
been searching for a while to solve the following problem - unfortunately 
up to date without success:
here is my little mind bender ;-)

i have tomcat 4.1.31 running on a linux server, to use multiple ssl 
keystores i built the following server.xml, i have port-forwarding on 
(script follows). my problem is, that i always get the same certificate, no 
matter what ip/domain i use.

server xml
-------------------------------
<Server port="8005" shutdown="SHUTDOWN" debug="0">


   <!-- Comment these entries out to disable JMX MBeans support -->
   <!-- You may also configure custom components (e.g. Valves/Realms) by
        including your own mbean-descriptor file(s), and setting the
        "descriptors" attribute to point to a ';' seperated list of paths
        (in the ClassLoader sense) of files to add to the default list.
        e.g. descriptors="/com/myfirm/mypackage/mbean-descriptor.xml"
   -->
   <Listener className="org.apache.catalina.mbeans.ServerLifecycleListener"
             debug="0"/>
   <Listener 
className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener"
             debug="0"/>

   <!-- Global JNDI resources -->
   <GlobalNamingResources>

     <!-- Test entry for demonstration purposes -->
     <Environment name="simpleValue" type="java.lang.Integer" value="30"/>

     <!-- Editable user database that can also be used by
          UserDatabaseRealm to authenticate users -->
     <Resource name="UserDatabase" auth="Container"
               type="org.apache.catalina.UserDatabase"
        description="User database that can be updated and saved">
     </Resource>
     <ResourceParams name="UserDatabase">
         <name>factory</name>
         <value>org.apache.catalina.users.MemoryUserDatabaseFactory</value>
       </parameter>
       <parameter>
         <name>pathname</name>
         <value>conf/tomcat-users.xml</value>
       </parameter>
     </ResourceParams>

   </GlobalNamingResources>

   <Service name="Service C">
     <!-- Define a non-SSL Coyote HTTP/1.1 Connector on port 8080 -->
     <Connector className="org.apache.coyote.tomcat4.CoyoteConnector"
                port="8080" address="100.100.100.3" minProcessors="10" 
maxProcessors="100"
                enableLookups="true" redirectPort="8080"
                acceptCount="100" debug="0" connectionTimeout="20000"
                useURIValidationHack="false" disableUploadTimeout="true" />
     <!-- Note : To disable connection timeouts, set connectionTimeout value
      to 0 -->

     <!-- Define a SSL Coyote HTTP/1.1 Connector on port 8443 -->
     <Connector className="org.apache.coyote.tomcat4.CoyoteConnector"
                port="8443" minProcessors="5" maxProcessors="30"
                address="100.100.100.3"
                enableLookups="true"
                acceptCount="30" debug="0" scheme="https" secure="true"
                useURIValidationHack="false" disableUploadTimeout="true">
       <Factory className="org.apache.coyote.tomcat4.CoyoteServerSocketFactory"
                keystoreFile="/home/essence/essence/KEYS/c.keystore"
                keystorePass="xxx"
                clientAuth="false" protocol="TLS" />
     </Connector>


     <Engine defaultHost="www.domainc.at" debug="0">
       <Logger className="org.apache.catalina.logger.FileLogger"
               prefix="catalina_log." suffix=".txt"
               timestamp="true"/>

       <Realm className="org.apache.catalina.realm.UserDatabaseRealm"
                  debug="0" resourceName="UserDatabase"/>

       <!-- Define the default virtual host -->
       <Host name="www.domainc.at" debug="0" appBase="webapps"
        unpackWARs="true" autoDeploy="true">

         <Logger className="org.apache.catalina.logger.FileLogger"
                  directory="logs"  prefix="domainc_log." suffix=".txt"
             timestamp="true"/>

         <!-- Tomcat Root Context -->
           <Context path="" docBase="essence" debug="0"/>

       </Host>
</Engine>
   </Service>



   <Service name="service b">
     <!-- Define a non-SSL Coyote HTTP/1.1 Connector on port 8080 -->
     <Connector className="org.apache.coyote.tomcat4.CoyoteConnector"
                port="8080" address="100.100.100.2" minProcessors="10" 
maxProcessors="100"
                enableLookups="true" redirectPort="8080"
                acceptCount="100" debug="0" connectionTimeout="20000"
                useURIValidationHack="false" disableUploadTimeout="true" />
     <!-- Note : To disable connection timeouts, set connectionTimeout value
      to 0 -->

     <!-- Define a SSL Coyote HTTP/1.1 Connector on port 8443 -->
     <Connector className="org.apache.coyote.tomcat4.CoyoteConnector"
                port="8443" minProcessors="5" maxProcessors="50"
                address="100.100.100.2"
                enableLookups="true"
                acceptCount="50" debug="0" scheme="https" secure="true"
                useURIValidationHack="false" disableUploadTimeout="true">
       <Factory className="org.apache.coyote.tomcat4.CoyoteServerSocketFactory"
                keystoreFile="/home/essence/essence/KEYS/b.keystore"
                keystorePass="xxxx"
                clientAuth="false" protocol="TLS" />
     </Connector>


     <Engine defaultHost="www.domainb.at" debug="0">
       <Logger className="org.apache.catalina.logger.FileLogger"
               prefix="catalina_log." suffix=".txt"
               timestamp="true"/>

       <Realm className="org.apache.catalina.realm.UserDatabaseRealm"
                  debug="0" resourceName="UserDatabase"/>

       <!-- Define the default virtual host -->
       <Host name="www.domainb.at" debug="0" appBase="webapps"
        unpackWARs="true" autoDeploy="true">

         <Logger className="org.apache.catalina.logger.FileLogger"
                  directory="logs"  prefix="domainb_log." suffix=".txt"
             timestamp="true"/>

         <!-- Tomcat Root Context -->
           <Context path="" docBase="essence" debug="0"/>

       </Host>
       </Engine>
   </Service>


   <Service name="ServiceA">
     <!-- Define a non-SSL Coyote HTTP/1.1 Connector on port 8080 -->
     <Connector className="org.apache.coyote.tomcat4.CoyoteConnector"
                port="8080" address="100.100.100.1" minProcessors="10" 
maxProcessors="100"
                enableLookups="true" redirectPort="8080"
                acceptCount="100" debug="0" connectionTimeout="20000"
                useURIValidationHack="false" disableUploadTimeout="true" />
     <!-- Note : To disable connection timeouts, set connectionTimeout value
      to 0 -->

     <!-- Define a SSL Coyote HTTP/1.1 Connector on port 8443 -->
     <Connector className="org.apache.coyote.tomcat4.CoyoteConnector"
                port="8443" minProcessors="5" maxProcessors="30"
                address="100.100.100.1"
                enableLookups="true"
                acceptCount="30" debug="0" scheme="https" secure="true"
                useURIValidationHack="false" disableUploadTimeout="true">
       <Factory className="org.apache.coyote.tomcat4.CoyoteServerSocketFactory"
                keystoreFile="/home/essence/essence/KEYS/a.keystore"
                keystorePass="xxxxx"
                clientAuth="false" protocol="TLS" />
     </Connector>

     <Engine defaultHost="www.domaina.at" debug="0">
       <Logger className="org.apache.catalina.logger.FileLogger"
               prefix="catalina_log." suffix=".txt"
               timestamp="true"/>

       <Realm className="org.apache.catalina.realm.UserDatabaseRealm"
                  debug="0" resourceName="UserDatabase"/>

       <!-- Define the default virtual host -->
       <Host name="www.domaina.at" debug="0" appBase="webapps"
        unpackWARs="true" autoDeploy="true">

         <Logger className="org.apache.catalina.logger.FileLogger"
                  directory="logs"  prefix="domaina_log." suffix=".txt"
             timestamp="true"/>

         <!-- Tomcat Root Context -->
           <Context path="" docBase="essence" debug="0"/>

       </Host>
       </Engine>
   </Service>

</Server>

----------------------------

the multiple ips work and my portforwarding script looks as follows:

         iptables -t nat -A PREROUTING -j REDIRECT -p tcp 
--destination-port 80:80 --to-ports 8080
         iptables -t nat -A PREROUTING -j REDIRECT -p tcp 
--destination-port 443:443 --to-ports 8443

does anybody have a hint what is wrong with this?

kind regards

randolph





---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


Mime
View raw message