tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Assaf Urieli <assaf.uri...@gmail.com>
Subject Re: IP-based virtual hosting with useIPVHosts=true always goes to default host
Date Mon, 18 Jun 2012 08:46:09 GMT
Hi all,

I solved this issue following a parallel discussion on another forum:
http://forum.linode.com/viewtopic.php?f=19&t=8991

Basically, I had IPTables firewall rules rerouting port 443 traffic to port
8443, and port 80 traffic to port 8080.
This is because the tomcat6 user cannot access ports < 1024 (only root can).
However, this rerouting was always rerouting to my default IP.

To solve this, I changed my iptables.conf file from:
> -A PREROUTING -p tcp -m tcp --dport 443 -j REDIRECT --to-ports 8443
> -A PREROUTING -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 8080
> -A OUTPUT -p tcp -m tcp --dport 443 -j REDIRECT --to-ports 8443
> -A OUTPUT -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 8080

to:
-A PREROUTING -p tcp -m tcp --dst 178.79.152.69 --dport 443 -j DNAT
--to-destination 178.79.152.69:8443
-A PREROUTING -p tcp -m tcp --dst 176.58.107.88 --dport 443 -j DNAT
--to-destination 176.58.107.88:8443
-A PREROUTING -p tcp -m tcp --dst 178.79.152.69 --dport 80 -j DNAT
--to-destination 178.79.152.69:8080
-A PREROUTING -p tcp -m tcp --dst 176.58.107.88 --dport 80 -j DNAT
--to-destination 176.58.107.88:8080
-A OUTPUT -p tcp -m tcp --src 178.79.152.69 --dport 443 -j REDIRECT
--to-ports 8443
-A OUTPUT -p tcp -m tcp --src 176.58.107.88 --dport 443 -j REDIRECT
--to-ports 8443
-A OUTPUT -p tcp -m tcp --src 178.79.152.69 --dport 80 -j REDIRECT
--to-ports 8080
-A OUTPUT -p tcp -m tcp --src 176.58.107.88 --dport 80 -j REDIRECT
--to-ports 8080


> ---- Comment ----
>
> And here's your first problem. You need to specifically state
> NM_CONTROLLED=no.
>
> Also, you need to add ONPARENT=yes to the eth0:0 interface file.
>
> I've included copies of the interface files in a previous message
>
> ---- Comment ----
>

Mark - unfortunately the NM_CONTROLLED and ONPARENT options don't exist in
Ubuntu, but I've solved this by rewriting my IPTables rules (see above).
Thanks for your suggestions & time taken to answer in detail.

Anyway, I've now got each of my websites serving its own SSL certificate
correctly.
When you go to:
https://www.moyshele.com/test.jsp
https://www.joli-ciel.com/test.jsp
You can see that the local IP and local name are now correct.

Thanks all for your help!
Best regards,
Assaf

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message