tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Schultz <ch...@christopherschultz.net>
Subject Re: IP-based virtual hosting with useIPVHosts=true always goes to default host
Date Mon, 18 Jun 2012 13:54:58 GMT
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Assaf,

On 6/15/12 6:33 AM, Assaf Urieli wrote:
> So, the addresses to test are: http://www.joli-ciel.com/test.jsp 
> http://www.moyshele.com/test.jsp http://178.79.152.69/test.jsp 
> http://176.58.107.88/test.jsp
> 
> And exactly the same four, but with HTTPS: 
> https://www.joli-ciel.com/test.jsp 
> https://www.moyshele.com/test.jsp https://178.79.152.69/test.jsp 
> https://176.58.107.88/test.jsp
> 
> Now, every single one of these gives the exact same values for 
> request.getLocalName() and request.getLocalAddr(). 
> request.getLocalName(): www.joli-ciel.com request.getLocalAddr():
> 178.79.152.69 And this is why, even when useIPVHosts=true, I always
> get the HTTPS Connector corresponding to 178.79.152.69, which gives
> the wrong SSL certificate for https://www.moyshele.com

> Note (in case it's relevent) that /etc/iptables.conf is mapping
> port 8080 to port 80 and port 8443 to port 443  - relevent portions
> below: ************************************************ *nat 
> :PREROUTING ACCEPT [11:3512] :POSTROUTING ACCEPT [13:844] :OUTPUT
> ACCEPT [13:844] -A PREROUTING -p tcp -m tcp --dport 443 -j REDIRECT
> --to-ports 8443 -A PREROUTING -p tcp -m tcp --dport 80 -j REDIRECT
> --to-ports 8080 -A OUTPUT -p tcp -m tcp --dport 443 -j REDIRECT
> --to-ports 8443 -A OUTPUT -p tcp -m tcp --dport 80 -j REDIRECT
> --to-ports 8080 COMMIT 
> ************************************************

You are routing *all* traffic destined to 8080/8443->80/443 without
regard for the incoming interface. I'm not sure what iptables does
with that -- it's possible that you are re-routing everything to the
same interface which is why all your addresses look the same.

- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk/fMzIACgkQ9CaO5/Lv0PAlsACgtKjLhHrCn009MPZLPXBdrvbq
wWoAoLEvyGVqw0zLJ/jRbs1PywY6hDWR
=JlkA
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message