tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jeff Haferman <>
Subject secure reverse proxy to my tomcat server HELP NEEDED
Date Mon, 03 Mar 2014 20:14:14 GMT

The subject says it, I need help getting a secure reverse proxy to my tomcat server working.
There is a lot of doc on the web, and it seems like I have everything configured properly,
but I can't quite get the reverse proxy to work on the https side of things.

Here is my config:
Ubuntu 12.04.2 LTS (GNU/Linux 3.2.0-24-generic x86_64)
Tomcat 7.0.33

I simply want the reverse proxy to work so that gets
(which is the secure tomcat server URL).
I have the reverse proxy working so that redirects the traffic on
port 80 to the "normal" tomcat server on port 8080, and I also seem to have the secure tomcat
server working because I can browse to

However when I bring up, I get the contents of the Apache Root document
at port 80. I'm using a self-signed cert.

My httpd.conf file basically looks like (at least these are the important lines)

Listen 80
ProxyRequests Off
ProxyPreserveHost on
<VirtualHost *:80>

    ProxyPass /
    ProxyPassReverse /app http://localhost:8080/
    AllowOverride None
    Order Deny,Allow
    Allow from all

Listen 443
<VirtualHost *:443>

    SSLEngine on
    SSLProxyEngine on
    SSLCertificateFile /path/to/server.crt
    SSLCertificateKeyFile /path/to/server.key
    ProxyPass /
    ProxyPassReverse /app http://localhost:8443/

    AllowOverride None
    Order Deny,Allow
    Allow from all

And my tomcat config (server.xml) connectors are defined like

    <Connector port="8080" protocol="org.apache.coyote.http11.Http11NioProtocol" maxHttpHeaderSize="8192"
               maxThreads="1000" minSpareThreads="25" maxSpareThreads="75"
               enableLookups="false" redirectPort="443" acceptCount="100" 
               compression="on" compressionMinSize="2048" 
               connectionTimeout="20000" disableUploadTimeout="true" URIEncoding="UTF-8"/>

    <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
               maxThreads="150" scheme="https" secure="false" proxyPort="443" proxyName=""
               keystoreType= "PKCS12" 
               keystoreFile="/path/to/server.p12" keystorePass="changeit"
               clientAuth="false" sslProtocol="TLSv1" />

I fire up tomcat and apache, I have debug loglevel set, and I don't see any real clues. The
certificate files seem to be read fine and
match my domain name. When I do the request however, I see a debug
line that says my client has obtained an HTTP 
connection to A few lines down, I see a line that says
The timeout specified has expired: [client] AH01991: SSL input filter
read failed.

But I also see the "timeout" messsage when I do a (successful) connection to
Currently no firewall rules set up, so nothing should be blocked.

I'm not sure what to try at this point. The logfiles don't seem to any info that appears helpful.
ANY suggestions would be appreciated. 

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message