tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From André Warnier>
Subject Re: Broken tomcat 6.0 config after SSL install.
Date Fri, 25 Mar 2011 15:08:54 GMT
Jimmy Mic wrote:
> We have a cloud based centOS 5.5 configuration with tomcat 6.0
> installed for the good half past year, that a previous engineer (long
> gone) setup for us.
> Last week, I asked one our guys to install svn over ssl on the server.
>  That is working great, but in the process, he broke our tomcat server
> and not quite sure where.  I'm not a big system admin guy, so I may
> not be up on the details as I need to be.
> As far as I can tell, (and each one of parts could easily be wrong) we
> had a tomcat as a stand alone web server.  (I haven't found any
> evidence of mod_jk) Then, in the process of setting up svn & ssl, he
> setup apache as the default web server.  At best, I can get JSP pages
> to load, but the actual jsp code is not processed and just echoed out.
>  Running 'apachctl stop', results now, in now pages showing up.  It
> 'seems' as if nothing was modified in $CATALINA_HOME directories.
> Any suggestions how to figure out the problem and / or solutions would
> be greatly appreciated.

Taking the whole of the message above, it would look as if the new guy wasn't too sure 
about how to set up SVN & SSL under Tomcat, and chose to set it up on a front-end Apache

instead. (Which, in the principle, is also how I would set it up, since I have no idea if

there exists an SVN-capable webapp for Tomcat).

The fact that you are seeing JSP pages "raw" probably means that he set things up so that

Apache can bypass Tomcat, and serve the JSP pages directly from the Tomcat webapps 
directories (which is not good).

The way in which this kind of setup is normally done, is ascii-graphically as follows :

browser <--(1)--> Apache + connector <--(2)--> Tomcat

and usually in such a case, you would arrange for only the connection (1) to be HTTPS (in

other words, one would "terminate SSL" at the Apache level), and have the conversation 
between Apache and Tomcat (2) remain unencrypted (particularly if they are on the same 

For the "connector" at the Apache level, there exists several possibilities :
1) mod_jk (at the Apache level), talking to a <Connector ..protocol="AJP/1.3"> on the

Tomcat side
b) mod_proxy & mod_proxy_ajp at the Apache level, also talking to a <Connector 
..protocol="AJP/1.3"> on the Tomcat side
c) mod_proxy & mod_proxy_http at the Apache level, talking to a <Connector 
..protocol="HTTP/1.1"> on the Tomcat side

Then, you have to configure Apache and its connector properly, so that it will :
- process locally what is not destined to Tomcat (such as probably the SVN bit)
- pass-through (or rather proxy) to Tomcat what belongs to Tomcat (such as requests for 
JSP pages)

The proper way to do that depends on the connector which is used.
So you would first need to find out which that is.  Any "Proxy..." statements in the 
Apache configuration ?

Also, I do not believe that both Apache and Tomcat are set to listen on the same port.  If

that was the case, one of them probably would not start.
What he probably did, was to have Apache listening on the custom port which was previously

Tomcat's, and change the Tomcat listening port. (That should be visible in the Tomcat 
<Connector> element(s).
Then he arranged (or not) for Apache's connector to pass requests to Tomcat, using that 
new Tomcat port.

Hope that helps a bit to clarify what is going on.

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message