Hi Chris,
>
> On 6/8/12 11:12 AM, Assaf Urieli wrote:
> > Ok, this is strange. I created a test.jsp page that prints
> > request.getLocalName(), request.getServerName(), and
> > request.getLocalAddr(). I tried various scenarios in the browser:
> > http://domain1.com, http://www.domain1.com, http:/1.2.3.4,
> > http://domain2.com, http://www.domain2.com, http://5.6.7.8, as well
> > as all of the above with https.
>
> What /real/ URLs are you using to hit your server? I dont see a port
> number anywhere.
>
Sorry, I was trying to keep it generic up to now to see if I was simply
doing something stupid, but I'll go ahead and publish my real domains/IPs.
So, my test page code is:
<p>Java Version:<%= System.getProperty( "java.version" ) %>
<p>Local name:<%= request.getLocalName() %>
<p>Server name:<%= request.getServerName() %>
<p>Local IP:<%= request.getLocalAddr() %>
So, the addresses to test are:
http://www.joli-ciel.com/test.jsp
http://www.moyshele.com/test.jsp
http://178.79.152.69/test.jsp
http://176.58.107.88/test.jsp
And exactly the same four, but with HTTPS:
https://www.joli-ciel.com/test.jsp
https://www.moyshele.com/test.jsp
https://178.79.152.69/test.jsp
https://176.58.107.88/test.jsp
Now, every single one of these gives the exact same values for
request.getLocalName() and request.getLocalAddr().
request.getLocalName(): www.joli-ciel.com
request.getLocalAddr(): 178.79.152.69
And this is why, even when useIPVHosts=true, I always get the HTTPS
Connector corresponding to 178.79.152.69, which gives the wrong SSL
certificate for https://www.moyshele.com
For info, my /etc/network/interfaces file:
************************************************
auto lo
iface lo inet loopback
auto eth0 eth0:0
iface eth0 inet static
address 178.79.152.69
netmask 255.255.255.0
gateway 178.79.152.1
pre-up iptables-restore < /etc/iptables.conf
iface eth0:0 inet static
address 176.58.107.88
netmask 255.255.255.0
pre-up iptables-restore < /etc/iptables.conf
************************************************
Note (in case it's relevent) that /etc/iptables.conf is mapping port 8080
to port 80 and port 8443 to port 443 - relevent portions below:
************************************************
*nat
:PREROUTING ACCEPT [11:3512]
:POSTROUTING ACCEPT [13:844]
:OUTPUT ACCEPT [13:844]
-A PREROUTING -p tcp -m tcp --dport 443 -j REDIRECT --to-ports 8443
-A PREROUTING -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 8080
-A OUTPUT -p tcp -m tcp --dport 443 -j REDIRECT --to-ports 8443
-A OUTPUT -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 8080
COMMIT
************************************************
My /etc/hosts file:
************************************************
127.0.0.1 localhost.localdomain localhost
178.79.152.69 www.joli-ciel.com bilbo.joli-ciel.com bilbo.aplikaterm.com
www.aplikaterm.com joli-ciel.com bilbo
176.58.107.88 www.moyshele.com www.flyingpencil.com moyshele.com
flyingpencil.com moyshele
::1 ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
ff02::3 ip6-allhosts
************************************************
The relevent portions of my server.xml file:
************************************************
<Service name="Catalina">
<Connector port="8080" protocol="HTTP/1.1"
connectionTimeout="20000"
URIEncoding="UTF-8"
redirectPort="8443" />
<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
address="178.79.152.69"
keystoreFile="/home/tomcat6/.keystore1" keystorePass="********"
maxThreads="150" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS" URIEncoding="UTF-8" />
<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
address="176.58.107.88"
keystoreFile="/home/tomcat6/.keystore2" keystorePass="********"
maxThreads="150" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS" URIEncoding="UTF-8" />
<Engine name="Catalina" defaultHost="localhost">
<Realm className="org.apache.catalina.realm.UserDatabaseRealm"
resourceName="UserDatabase"/>
<Host name="localhost" appBase="webapps"
unpackWARs="true" autoDeploy="true"
xmlValidation="false" xmlNamespaceAware="false">
<Alias>178.79.152.69</Alias>
<Alias>aplikaterm.com</Alias>
<Alias>www.aplikaterm.com</Alias>
<Alias>joli-ciel.com</Alias>
<Alias>www.joli-ciel.com</Alias>
<Valve className="org.apache.catalina.valves.AccessLogValve"
directory="/home/tomcat6/logs/joliciel"
prefix="joliciel_access_log." suffix=".log" pattern="%A %h
%l %u %t '%r' %s %b" resolveHosts="false"/>
</Host>
<Host name="moyshele.com" appBase="/usr/share/moyshele"
unpackWARs="true" autoDeploy="true"
xmlValidation="false" xmlNamespaceAware="false">
<Alias>176.58.107.88</Alias>
<Alias>moyshele.com</Alias>
<Alias>www.moyshele.com</Alias>
<Context path="" docBase="."/>
<Valve className="org.apache.catalina.valves.AccessLogValve"
directory="/home/tomcat6/logs/moyshele"
prefix="moyshele_access_log." suffix=".log" pattern="%A %h
%l %u %t '%r' %s %b" resolveHosts="false"/>
</Host>
</Engine>
</Service>
************************************************
By the way, if I run netstat (with or without useIPVHosts=true), I get:
************************************************
sudo netstat -ntlp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address
State PID/Program name
tcp 0 0 0.0.0.0:22 0.0.0.0:*
LISTEN 1967/sshd
tcp 0 0 127.0.0.1:5432 0.0.0.0:*
LISTEN 2082/postgres
tcp6 0 0 127.0.0.1:8005 :::*
LISTEN 16815/java
tcp6 0 0 :::8080 :::*
LISTEN 16815/java
tcp6 0 0 :::22 :::*
LISTEN 1967/sshd
tcp6 0 0 176.58.107.88:8443 :::*
LISTEN 16815/java
tcp6 0 0 178.79.152.69:8443 :::*
LISTEN 16815/java
************************************************
|