tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rainer Jung <rainer.j...@kippdata.de>
Subject Re: Tomcat 6.0.18/ IIS 6.0 /SSL
Date Wed, 04 Aug 2010 20:08:35 GMT
On 04.08.2010 21:50, Hansel, Jason T CTR SPAWARSYSCEN-ATLANTIC, 55E00 wrote:
> I did read your post and I changed the Port Number.
>
> "<Connector port="8009" protocol="AJP/1.3" redirectPort="8443" />
> This connector should be used depending on your redirector config which we
> haven't seen yet
>
> Here is my workers.properties:
>
> worker.list=worker1
> worker.worker1.type=ajp13
> worker.worker1.host=127.0.0.1
> worker.worker1.port=8009
>
> Here is my uriworkermap.properties:
>
> /geoportal|/*=worker1

This didn't work, since the log snippet said it tried to use a worker 
named "ajp13", not "worker1".

Regards,

Rainer

> -----Original Message-----
> From: Rainer Jung [mailto:rainer.jung@kippdata.de]
> Sent: Wednesday, August 04, 2010 3:40 PM
> To: Tomcat Users List
> Subject: Re: Tomcat 6.0.18/ IIS 6.0 /SSL
>
> On 04.08.2010 20:58, Hansel, Jason T CTR SPAWARSYSCEN-ATLANTIC, 55E00 wrote:
>> Jung,
>> I'm still getting the errors.
>
> Why shouldn't you?
> Did you actually read my post?
> Which parts didn't you understand?
>
>> <Connector port="8080" protocol="Java HTTP"   ----What protocol should I
> use
>> here (do not want to expose)
>>                  connectionTimeout="20000"
>>                  redirectPort="80" />
>
> This connector is *not* involved when using
>
> Browser ->  IIS/Redirector ->  Tomcat
>
>>       <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
>> -------------Does this look right?
>>                  maxThreads="150" scheme="https" secure="true"
>>                  clientAuth="false" sslProtocol="TLSv1"
>>      		   keystoreFile="C:\Program Files (x86)\Apache Software
>> Foundation\Tomcat 6.0\conf\cert.pfx"
>>                  keystorePass="password"
>> 		   keystoreType="pkcs12" />
>
> This one neither.
>
>> <Connector port="8009" protocol="AJP/1.3" redirectPort="8443" />
>> -----------------Is this where my actual authentication is taking place?
> This connector should be used depending on your redirector config which we
> haven't seen yet.
>
> The error message you provided doesn't have to do with authentication.
> Authentication problems might show up after you solved your worker
> configuration problem. Until now your IIS doesn't even talk to Tomcat.
>
> Regards,
>
> Rainer
>
>>
>> -----Original Message-----
>> From: Rainer Jung [mailto:rainer.jung@kippdata.de]
>> Sent: Wednesday, August 04, 2010 1:38 PM
>> To: Tomcat Users List
>> Subject: Re: Tomcat 6.0.18/ IIS 6.0 /SSL
>>
>> On 04.08.2010 18:07, Hansel, Jason T CTR SPAWARSYSCEN-ATLANTIC, 55E00
> wrote:
>>>
>>>
>>> I am trying to get Tomcat and IIS configured on my secure web server
>>> (SSL) so that I can access my deployed web application via https and
>>> NOT over http. Connection to non-SSL works, but I cannot have that
>>> connection due to security.
>>>
>>> I want to run Tomcat through IIS, and I have configured it using the
>>> isapi_redirect.dll (thanks to Electronjockey). However, when I try
>>> and hit my https://site/geoportal<https://site/geoportal>   my
>>> credentials do not carry me through to the web application, instead I
>>> receive "Internet Explorer Cannot Display Webpage". Can someone help
>>> me out on how to configure my server.xml and interpretting my log files
> please?
>>> I have even tried to export my server certificate, and call it using
>>> the keystore:"", still not working. I'm a Tomcat green horn, any help
>>> would be awesome.
>>>
>>> Isapi_redirect.log file: Looks like some sort of authentication is
>>> being passed, then the ajp13 is not found?
>>>
>>> [Wed Aug 04 11:51:15.901 2010] [10712:8360] [debug] jk_isapi_plugin.c
>>> (3108): Service protocol=HTTP/1.1 method=GET host=150.125.174.70
>>> addr=150.125.174.70 name=mywebsite port=443 auth=SSL/PCT
>>> user=EIMS\john.doe uri=/jakarta/isapi_redirect.dll
>>>
>>> [Wed Aug 04 11:51:15.916 2010] [10712:8360] [debug] jk_isapi_plugin.c
>>> (3120): Service request headers=5 attributes=9 chunked=no
>>> content-length=0 available=0
>>>
>>> [Wed Aug 04 11:51:15.932 2010] [10712:8360] [debug] jk_worker.c (116):
>>> did not find a worker ajp13
>>> [Wed Aug 04 11:51:15.948 2010] [10712:8360] [debug] jk_isapi_plugin.c
>>> (2162): could not get a worker for name ajp13 [Wed Aug 04
>>> 11:51:15.979 2010] [10712:8360] [error] jk_isapi_plugin.c
>>> (2210): could not get a worker for name ajp13
>>
>> Hard to tell without knowing the version of the isapi redirector, not
>> having your configuration. This looks like:
>>
>> - it is trying to use a worker named ajp13 to connect to Tomcat. Lile
>> y you have configured the redirector to use this worker within your
>> uriworkermap.properties file
>>
>> - the redirector doesn't know how to use this worker. Either you are
>> missing the workers.properties configuration file or there is no
>> definition for a worker named ajp13 in the file.
>>
>> A good starting point for a workers.properties file is the example
>> file contained in the source distribution of version 1.2.30. Please do
>> also use this version of the redirector.
>>
>> Note: from the point of view of Tomcat it doesn't really matter
>> whether you are talking http or https in the browser. This protocol is
>> only used between the browser and IIS. Between IIS and Tomcat when
>> using the isapi redirector the protocol is always AJP13 (it is just
>> coincidence, that this is the same name as the name of the worker in
>> your logs). The protocol is similar to HTTP but binary and it
>> transports the information whether the browser used http or https, so
>> Tomcat is aware of this. This protocol does not use the http or https
> connectors in server.xml, only the AJP13 connector.
>>
>>> Here is the meat of my server.xml (pretty sure it's wrong):
>>>
>>> <!-- A "Connector" represents an endpoint by which requests are
>>> received and responses are returned. Documentation at :
>>> Java HTTP Connector: /docs/config/http.html (blocking&   non-blocking)
>>> Java AJP Connector: /docs/config/ajp.html APR (HTTP/AJP) Connector:
>>> /docs/apr.html Define a non-SSL HTTP/1.1 Connector on port 8080
>>> -->
>>> <Connector port="8080" protocol="HTTP/1.1"
>>> connectionTimeout="20000"
>>> redirectPort="80" />
>>> <!-- A "Connector" using the shared thread pool-->
>>>
>>> <Connector executor="tomcatThreadPool"
>>> port="8009" protocol="HTTP/1.1"
>>> connectionTimeout="20000"
>>> redirectPort="443" />
>>>
>>> <!-- Define a SSL HTTP/1.1 Connector on port 8443 This connector uses
>>> the JSSE configuration, when using APR, the connector should be using
>>> the OpenSSL style configuration described in the APR documentation
>>> -->
>>>
>>> <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
>>> maxThreads="150" scheme="https" secure="true"
>>> clientAuth="false" sslProtocol="TLSv1"
>>> keystoreFile="C:\Program Files (x86)\Apache Software
>>> Foundation\Tomcat 6.0\conf\cert.pfx"
>>> keystorePass="mypassword"
>>> keystoreType="pkcs12" />
>>>
>>> <!-- Define an AJP 1.3 Connector on port 8009 -->   <Connector
>>> port="8009" protocol="AJP/1.3" redirectPort="8443" />
>>
>> Two connectors, both on port 8009, will not work. Use the latter one.
>>
>> Regards,
>>
>> Rainer

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message