Return-Path: X-Original-To: apmail-tomcat-users-archive@www.apache.org Delivered-To: apmail-tomcat-users-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 62E0291BA for ; Sun, 15 Apr 2012 00:07:14 +0000 (UTC) Received: (qmail 96018 invoked by uid 500); 15 Apr 2012 00:07:11 -0000 Delivered-To: apmail-tomcat-users-archive@tomcat.apache.org Received: (qmail 95940 invoked by uid 500); 15 Apr 2012 00:07:11 -0000 Mailing-List: contact users-help@tomcat.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "Tomcat Users List" Delivered-To: mailing list users@tomcat.apache.org Received: (qmail 95922 invoked by uid 99); 15 Apr 2012 00:07:11 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Sun, 15 Apr 2012 00:07:11 +0000 X-ASF-Spam-Status: No, hits=-0.7 required=5.0 tests=RCVD_IN_DNSWL_LOW,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (nike.apache.org: domain of pid@pidster.com designates 209.85.210.44 as permitted sender) Received: from [209.85.210.44] (HELO mail-pz0-f44.google.com) (209.85.210.44) by apache.org (qpsmtpd/0.29) with ESMTP; Sun, 15 Apr 2012 00:07:04 +0000 Received: by dadz14 with SMTP id z14so5194174dad.3 for ; Sat, 14 Apr 2012 17:06:43 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=pidster.com; s=google; h=references:from:in-reply-to:mime-version:date:message-id:subject:to :content-type; bh=zZC9WP8jJsNFweosD6rOajJTt0J1JNbctOOgLQ0lYKY=; b=qmTgJDJrEbzggSKFa5XTluAeMhK1exUN96Kibf9k0JElCKCKfxtx9rTZBPRU3l8LCd CapWP9B274+6df6a7bg8dvMkFcb9ALg+wwLs+248S+TFHIpXl85x8uT/f40lUOKpnvUB 0LrYQ/TF4MGy4VBIRZcRPi+1Bpid797E6NenQ= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=references:from:in-reply-to:mime-version:date:message-id:subject:to :content-type:x-gm-message-state; bh=zZC9WP8jJsNFweosD6rOajJTt0J1JNbctOOgLQ0lYKY=; b=iR4/EaVAibs9kx9rL1lLFDZDHzrsE4RFEJYdaZzIDs/5u2YIuAEOaamKXWp8LLIfLm 9Jhi6c/ubshZCvculxPW0muljyLPn1a96xl/azWQFOnEnlNEMTQlH+nBHjTwHjIV0NWc 4bUpXwpWW9GEsiTgWAwsFSxUmlpB8Ve6unx7u9uyjssWCIPHset3B+5fJ80tgfM4p58w peTpcN55hjZoaao9bfeAEwa/xFOfvs1F1yvckNnNXQgm3aC9S5U/zNLXT+u9lhKJleQZ uB8Peqn841I5eiIk+a9vNwaZ6Yg2RIbx68PbktJx8C9tgLvVMS2abMDYsmNftAyjdSj5 qjDw== Received: by 10.68.231.233 with SMTP id tj9mr16458943pbc.49.1334448403486; Sat, 14 Apr 2012 17:06:43 -0700 (PDT) References: From: "Pid *" In-Reply-To: Mime-Version: 1.0 (1.0) Date: Sun, 15 Apr 2012 01:07:12 +0100 Message-ID: <4503286909546027074@unknownmsgid> Subject: Re: Cannot connect to tomcat through apache (proxy) To: Tomcat Users List Content-Type: text/plain; charset=UTF-8 X-Gm-Message-State: ALoCoQlvD5LJfsM5zIQ2cSFLoMA3mf4ndjQlg3rf5ZAw79c9TDJyOGC7/TBoscjCLWvwfqZvA7Xw On 14 Apr 2012, at 22:50, Gautam wrote: > We have a set up where we use apache web server to respond to secure (https) > web pages/services on server 1. For one particular service, we need to forward > the request to another server 2 on which we have tomcat running. > We have done this in order to maintain the URL scheme. Also we want to resolve > the ssl on server 1 since all other services get resolved there and we don't want > to deal with ssl on the > tomcat server for that one service. So for that one service we want to setup > apache as a proxy to tomact server. > > We took guidance from this blog in setting up our servers: > http://pwu- > developer.blogspot.in/2011/04/securing-tomcat-with-apache-web-server.html It's not entirely accurate. Not sure why the author would refer to 5.5, either. > Here is our set up: > > On server 1 with Apache: > > The following directives have been enabled in the httpd.conf file. > > LoadModule proxy_module modules/mod_proxy.so > LoadModule proxy_http_module modules/mod_proxy_http.so > LoadModule proxy_connect_module modules/mod_proxy_connect.so Why add proxy_connect? > Further, the following two lines added in httpd conf file > > ProxyRequests Off > ProxyPreserveHost on > > Next, have the following lines in ssl.conf > > Listen 443 > > SSLEngine on > SSLProxyEngine on > SSLCertificateFile /etc/pki/tls/certs/your_company_certificate.pem > SSLCertificateKeyFile /etc/pki/tls/certs/your_company_private_key.pem > ServerName my_company_domain_name > ProxyPass /app http://tomcat_server_ip:8443/app > ProxyPassReverse /app http://tomcat_server_ip:8443/app > > > Now in tomcat on server 2, we specified the following inside server.xml: > > minSpareThreads="25" > maxSpareThreads="75" enableLookups="true" redirectPort="443" acceptCount="100" > connectionTimeout="20000" disableUploadTimeout="true"/> > > minSpareThreads="25" > maxSpareThreads="75" enableLookups="true" acceptCount="100" > connectionTimeout="20000" > disableUploadTimeout="true" > scheme="https" > secure="false" > SSLEnabled="true" > proxyPort="443" > proxyName="my_company_domain_name" > /> You want SSLEnabled="false", I think. http://tomcat.apache.org/tomcat-7.0-doc/config/http.html p > All the pages/services on server 1 are working fine. Only one service which is > supposed to run on server 2 is giving a 503 error. We think the https handling > between the two server could be an issue. We repeated the configuration with > unsecure (port 80 on apache and corresponding 8080 on tomcat) setup but that > did not work either. Can someone throw a light on what we need to do on tomcat > in order for it work seamlessly? > > Thanks, > > Gautam > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org > For additional commands, e-mail: users-help@tomcat.apache.org > --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org For additional commands, e-mail: users-help@tomcat.apache.org