tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rainer Jung <rainer.j...@kippdata.de>
Subject Re: AJP Connector - Problems Proxying HTTPS Connections
Date Mon, 05 Feb 2007 17:02:21 GMT
It should be OK, it's not named based virtual hosts in his case.

You should be posting this to the httpd user list, since you are using 
mod_proxy_* and not mod_jk. You might get help here too, but it's more a 
question concerning an httpd standard module.

 From general experience: the answer might depend on which component is 
actually producing the redirect: tomcat, you application or some 
framework used. In general the ajp protocol transports knowledge about 
using https on the apache side to your servelt container, such that it 
is able to produce correct self-referring URLs. If the redirect comes 
from some other component, this could produce wrong redirects.

Regards,

Rainer

David Delbecq wrote:
> Not speaking of tomcat, as far as i know https and virtual hosting do
> not mix very well unless the same certificate is used for all hosts.
> 
> En l'instant précis du 02/05/07 15:53, Bill Bailey s'exprimait en ces
> termes:
>> Hi,
>>
>>  
>>
>> I am trying to run Tomcat 5.5.20 behind Win32 Apache HTTPD 2.2.4 with
>> SSL (downloaded from apachelounge.com) using the AJP connector. 
>>
>>  
>>
>> I have a virtual host configured on both Tomcat and Apache HTTPD.
>>
>>  
>>
>> Everything works fine if I configure my Apache HTTPD virtual host to run
>> unsecured on port 80, but if I set it up to run secured on port 443, it
>> appears that when it forwards an https request to Tomcat, Tomcat is
>> redirecting Apache to http://www.resourcepoint.org
>> <http://www.resourcepoint.org/> . If I also have the port 80 virtual
>> host configured in Apache HTTPD, it simply resubmits the http request to
>> Tomcat which happily processes it (but obviously this is not what was
>> wanted since I am now running unsecured). If the Apache HTTPD port 80
>> virtual host hasn't been configured, Apache can't find a suitable
>> virtual host and tries to serve up the document from htdocs and, of
>> course, fails.
>>
>>  
>>
>> I can see in Apache HTTPD log files where it is successfully getting the
>> https request and I can see a connection accepted on port 8009 in the
>> tomcat log files (followed by a line containing Location =
>> http://www.resourcepoint.org/index.jsp). Finally, in the case where the
>> Apache HTTPD port 80 virtual host is not configured I can see entries in
>> the Apache HTTPD error file where it says the file could not be found in
>> htdocs (because that isn't where it is).
>>
>>  
>>
>> My question is: 
>>
>>  
>>
>> Why doesn't Tomcat process this https request? Why is it redirecting
>> Apache to an http URL? Am I missing some configuration parameter that
>> I'm unaware of?
>>
>>  
>>
>> I have included fragments of both my Apache and Tomcat configuration
>> files below.
>>
>>  
>>
>> Thanks in advance for any assistance you can provide.
>>
>>  
>>
>> Bill Bailey
>>
>> Senior Developer / DBA
>>
>> Northland, A Church Distributed
>>
>>  
>>
>> Apache Virtual Host Configuration Fragment
>>
>>  
>>
>> NameVirtualHost xxx.xx.xx.x:443
>>
>>  
>>
>> <VirtualHost xxx.xx.xx.x:443>
>>
>>  
>>
>>       # General setup for the virtual host
>>
>>  
>>
>>       ServerName www.resourcepoint.org:443
>>
>>       DocumentRoot E:\Apache2\vhosts\resourcepoint
>>
>>       ServerAlias www.resourcepoint.org:443
>>
>>       ErrorLog logs/resourcepoint-ssl-error_log
>>
>>       CustomLog logs/resourcepoint-ssl-access_log common
>>
>>  
>>
>>       <Directory "E:/Apache2/vhosts/resourcepoint">
>>
>>  
>>
>>             ... directory stuff in here ...
>>
>>  
>>
>>       </Directory>
>>
>>  
>>
>>       <Location / >
>>
>>  
>>
>>             ProxyPass ajp://127.0.0.1:8009/
>>
>>             ProxyPassReverse ajp://127.0.0.1:8009/
>>
>>  
>>
>>       </Location>
>>
>>  
>>
>>       ... SSL stuff here ...
>>
>> </VirtualHost>
>>
>>  
>>
>> Tomcat Virtual Host Configuration Fragment
>>
>>  
>>
>> <Service name="Catalina">
>>
>>  
>>
>>   <!-- Define a non-SSL HTTP/1.1 Connector on port 8080 -->
>>
>>  
>>
>>   <Connector port="8888"
>>
>>              address="127.0.0.1"
>>
>>              maxHttpHeaderSize="8192"
>>
>>              maxThreads="150" 
>>
>>              minSpareThreads="25" 
>>
>>  maxSpareThreads="75"
>>
>>              enableLookups="false" 
>>
>>              redirectPort="8443"
>>
>>              acceptCount="100"
>>
>>              connectionTimeout="20000" 
>>
>>              disableUploadTimeout="true" />
>>
>>  
>>
>>   <!-- Define an AJP 1.3 Connector on port 8009 -->
>>
>>          
>>
>>   <Connector port="8009" 
>>
>>              address="127.0.0.1"
>>
>>              enableLookups="false"  
>>
>>              protocol="AJP/1.3" 
>>
>>              secure="true"
>>
>>              scheme="https"
>>
>>              proxyName="www.resourcepoint.org" 
>>
>>              proxyPort="443" />
>>
>>  
>>
>>   <!-- Define the top level container in our container hierarchy -->
>>
>>  
>>
>>   <Engine name="Catalina" defaultHost="www.resourcepoint.org">
>>
>>  
>>
>>     <Realm className="org.apache.catalina.realm.UserDatabaseRealm"
>> resourceName="UserDatabase" />
>>
>>  
>>
>>     <Host name="localhost" appBase="webapps" />
>>
>>  
>>
>>     <Host name="www.resourcepoint.org" 
>>
>>           appBase="E:\webapps\resourcepoint"
>>
>>           unpackWARs="true" 
>>
>>           autoDeploy="true"
>>
>>           xmlValidation="false" 
>>
>>           xmlNamespaceAware="false">
>>
>>  
>>
>>     <Context path="" docBase="ROOT" debug="1"/>
>>
>>  
>>
>>           <Logger className="org.apache.catalina.logger.FileLogger"/>
>>
>>     </Host>
>>
>>  
>>
>>   </Engine>
>>
>>  
>>
>> </Service>
>>
>>  
>>
>>  
>>
>>
>>   

---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message