Return-Path: Delivered-To: apmail-tomcat-users-archive@www.apache.org Received: (qmail 39292 invoked from network); 5 Feb 2007 17:03:01 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 5 Feb 2007 17:03:01 -0000 Received: (qmail 43293 invoked by uid 500); 5 Feb 2007 17:02:53 -0000 Delivered-To: apmail-tomcat-users-archive@tomcat.apache.org Received: (qmail 43271 invoked by uid 500); 5 Feb 2007 17:02:53 -0000 Mailing-List: contact users-help@tomcat.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "Tomcat Users List" Delivered-To: mailing list users@tomcat.apache.org Received: (qmail 43260 invoked by uid 99); 5 Feb 2007 17:02:53 -0000 Received: from herse.apache.org (HELO herse.apache.org) (140.211.11.133) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 05 Feb 2007 09:02:53 -0800 X-ASF-Spam-Status: No, hits=0.0 required=10.0 tests= X-Spam-Check-By: apache.org Received-SPF: pass (herse.apache.org: local policy) Received: from [195.227.30.246] (HELO datura.kippdata.de) (195.227.30.246) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 05 Feb 2007 09:02:43 -0800 Received: from [195.227.30.148] (larix [195.227.30.148]) by datura.kippdata.de (8.13.5/8.13.5) with ESMTP id l15H2L4F000493 for ; Mon, 5 Feb 2007 18:02:22 +0100 (CET) Message-ID: <45C7631D.5050203@kippdata.de> Date: Mon, 05 Feb 2007 18:02:21 +0100 From: Rainer Jung User-Agent: Thunderbird 1.5.0.8 (X11/20061110) MIME-Version: 1.0 To: Tomcat Users List Subject: Re: AJP Connector - Problems Proxying HTTPS Connections References: <690BA3B35A2861419CBF6833BD537AD22433F3@nacdmail.NORTHLANDCC.NET> <45C747AB.6080300@oma.be> In-Reply-To: <45C747AB.6080300@oma.be> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 8bit X-Virus-Checked: Checked by ClamAV on apache.org It should be OK, it's not named based virtual hosts in his case. You should be posting this to the httpd user list, since you are using mod_proxy_* and not mod_jk. You might get help here too, but it's more a question concerning an httpd standard module. From general experience: the answer might depend on which component is actually producing the redirect: tomcat, you application or some framework used. In general the ajp protocol transports knowledge about using https on the apache side to your servelt container, such that it is able to produce correct self-referring URLs. If the redirect comes from some other component, this could produce wrong redirects. Regards, Rainer David Delbecq wrote: > Not speaking of tomcat, as far as i know https and virtual hosting do > not mix very well unless the same certificate is used for all hosts. > > En l'instant pr�cis du 02/05/07 15:53, Bill Bailey s'exprimait en ces > termes: >> Hi, >> >> >> >> I am trying to run Tomcat 5.5.20 behind Win32 Apache HTTPD 2.2.4 with >> SSL (downloaded from apachelounge.com) using the AJP connector. >> >> >> >> I have a virtual host configured on both Tomcat and Apache HTTPD. >> >> >> >> Everything works fine if I configure my Apache HTTPD virtual host to run >> unsecured on port 80, but if I set it up to run secured on port 443, it >> appears that when it forwards an https request to Tomcat, Tomcat is >> redirecting Apache to http://www.resourcepoint.org >> . If I also have the port 80 virtual >> host configured in Apache HTTPD, it simply resubmits the http request to >> Tomcat which happily processes it (but obviously this is not what was >> wanted since I am now running unsecured). If the Apache HTTPD port 80 >> virtual host hasn't been configured, Apache can't find a suitable >> virtual host and tries to serve up the document from htdocs and, of >> course, fails. >> >> >> >> I can see in Apache HTTPD log files where it is successfully getting the >> https request and I can see a connection accepted on port 8009 in the >> tomcat log files (followed by a line containing Location = >> http://www.resourcepoint.org/index.jsp). Finally, in the case where the >> Apache HTTPD port 80 virtual host is not configured I can see entries in >> the Apache HTTPD error file where it says the file could not be found in >> htdocs (because that isn't where it is). >> >> >> >> My question is: >> >> >> >> Why doesn't Tomcat process this https request? Why is it redirecting >> Apache to an http URL? Am I missing some configuration parameter that >> I'm unaware of? >> >> >> >> I have included fragments of both my Apache and Tomcat configuration >> files below. >> >> >> >> Thanks in advance for any assistance you can provide. >> >> >> >> Bill Bailey >> >> Senior Developer / DBA >> >> Northland, A Church Distributed >> >> >> >> Apache Virtual Host Configuration Fragment >> >> >> >> NameVirtualHost xxx.xx.xx.x:443 >> >> >> >> >> >> >> >> # General setup for the virtual host >> >> >> >> ServerName www.resourcepoint.org:443 >> >> DocumentRoot E:\Apache2\vhosts\resourcepoint >> >> ServerAlias www.resourcepoint.org:443 >> >> ErrorLog logs/resourcepoint-ssl-error_log >> >> CustomLog logs/resourcepoint-ssl-access_log common >> >> >> >> >> >> >> >> ... directory stuff in here ... >> >> >> >> >> >> >> >> >> >> >> >> ProxyPass ajp://127.0.0.1:8009/ >> >> ProxyPassReverse ajp://127.0.0.1:8009/ >> >> >> >> >> >> >> >> ... SSL stuff here ... >> >> >> >> >> >> Tomcat Virtual Host Configuration Fragment >> >> >> >> >> >> >> >> >> >> >> >> > >> address="127.0.0.1" >> >> maxHttpHeaderSize="8192" >> >> maxThreads="150" >> >> minSpareThreads="25" >> >> maxSpareThreads="75" >> >> enableLookups="false" >> >> redirectPort="8443" >> >> acceptCount="100" >> >> connectionTimeout="20000" >> >> disableUploadTimeout="true" /> >> >> >> >> >> >> >> >> > >> address="127.0.0.1" >> >> enableLookups="false" >> >> protocol="AJP/1.3" >> >> secure="true" >> >> scheme="https" >> >> proxyName="www.resourcepoint.org" >> >> proxyPort="443" /> >> >> >> >> >> >> >> >> >> >> >> >> > resourceName="UserDatabase" /> >> >> >> >> >> >> >> >> > >> appBase="E:\webapps\resourcepoint" >> >> unpackWARs="true" >> >> autoDeploy="true" >> >> xmlValidation="false" >> >> xmlNamespaceAware="false"> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org For additional commands, e-mail: users-help@tomcat.apache.org