tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Assaf Urieli <assaf.uri...@gmail.com>
Subject IP-based virtual hosting with useIPVHosts=true always goes to default host
Date Fri, 08 Jun 2012 09:16:52 GMT
Hi all,

I'm attempting to set up a multi-host system with a separate SSL
certificate per host.
According to the documentation, this is problematic using name-based
virtual hosting:
http://tomcat.apache.org/tomcat-6.0-doc/ssl-howto.html#General_Tips_on_Running_SSL
"Finally, using name-based virtual hosts on a secured connection can be
problematic."

So, I'm trying to accomplish this via IP-based virtual hosting, using the
useIPVHosts="true" flag.
(Note: I've tried name-based virtual hosting with useIPVHosts="false", and
it doesn't work either)

I've gone through the full thread discussing this at:
http://mail-archives.apache.org/mod_mbox/tomcat-users/201005.mbox/%3C4BFB9C17.20302@cox.net%3E

However, I'm still not managing to access the domain2.com host via SSL (4th
connector on list below).

* Tomcat version: 6.0.24 (standalone)
* OS: Ubuntu 10.0.4LTS
* JVM: java 1.6.0_22 (Sun distribution)

I've setup my server.xml as follows:
<Service name="Catalina">
    <Connector port="8080" protocol="HTTP/1.1" address="1.2.3.4"
useIPVHosts="false"
               connectionTimeout="20000"
               URIEncoding="UTF-8"
               redirectPort="8443" />

    <Connector port="8080" protocol="HTTP/1.1"  address="5.6.7.8"
useIPVHosts="false"
               connectionTimeout="20000"
               URIEncoding="UTF-8"
               redirectPort="8443" />

    <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
address="1.2.3.4"
           keystoreFile="/home/tomcat6/.keystore1" keystorePass="xxxxxx"
           maxThreads="150" scheme="https" secure="true"
           clientAuth="false" sslProtocol="TLS" URIEncoding="UTF-8"
useIPVHosts="true" />

    <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
address="5.6.7.8"
           keystoreFile="/home/tomcat6/.keystore2" keystorePass="xxxxxx"
           maxThreads="150" scheme="https" secure="true"
           clientAuth="false" sslProtocol="TLS" URIEncoding="UTF-8"
useIPVHosts="true" />

    <Engine name="Catalina" defaultHost="localhost">
        <Realm className="org.apache.catalina.realm.UserDatabaseRealm"
             resourceName="UserDatabase"/>

        <Host name="localhost"  appBase="webapps"
            unpackWARs="true" autoDeploy="true"
            xmlValidation="false" xmlNamespaceAware="false">
            <Alias>1.2.3.4</Alias>
            <Alias>domain1.com</Alias>
            <Alias>www.domain1.com</Alias>
            <Valve className="org.apache.catalina.valves.AccessLogValve"
directory="/home/tomcat6/logs/domain1"
               prefix="domain1_access_log." suffix=".log" pattern="%A %h %l
%u %t '%r' %s %b" resolveHosts="false"/>
        </Host>

        <Host name="domain2.com"  appBase="/usr/share/domain2"
            unpackWARs="true" autoDeploy="true"
            xmlValidation="false" xmlNamespaceAware="false">
            <Alias>5.6.7.8</Alias>
            <Alias>domain2.com</Alias>
            <Alias>www.domain2.com</Alias>
            <Context path="" docBase="."/>
            <Valve className="org.apache.catalina.valves.AccessLogValve"
directory="/home/tomcat6/logs/domain2"
               prefix="domain2_access_log." suffix=".log" pattern="%A %h %l
%u %t '%r' %s %b" resolveHosts="false"/>
        </Host>
    </Engine>
</Service>

On the Ubuntu OS, I've configured my /etc/hosts file as follows:
127.0.0.1        localhost.localdomain  localhost
1.2.3.4    www.domain1.com domain1.com domain1
5.6.7.8    www.domain2.com domain2.com domain2

My DNS settings contain the following A records:
for domain1.com
[blank]   1.2.3.4
www      1.2.3.4

for domain2.com
[blank] 5.6.7.8
www    5.6.7.8

When I use HTTP (without SSL), it works fine, as it's using the name-based
virtual hosting.
When I use HTTPS (with SSL and useIPVHosts="true"), I'm always sent to the
default host.

When I look at the log files generated by the AccessLogValve, I'm always
getting IP address 1.2.3.4 for the Local IP address (%A), regardless of how
I access the websites on the browser - via HTTP or HTTPs, and via IP
address or domain name.
Even if I enter the IP address http://5.6.7.8 or https://5.6.7.8 in the
browser, the access logs list 1.2.3.4 as the local IP.

Any suggestions on how to troubleshoot?

Thanks in advance,
Assaf

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message