tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jeff Haferman <j...@haferman.com>
Subject secure reverse proxy to my tomcat server HELP NEEDED
Date Mon, 03 Mar 2014 20:14:14 GMT

The subject says it, I need help getting a secure reverse proxy to my tomcat server working.
There is a lot of doc on the web, and it seems like I have everything configured properly,
but I can't quite get the reverse proxy to work on the https side of things.

Here is my config:
Apache2.4.2
Ubuntu 12.04.2 LTS (GNU/Linux 3.2.0-24-generic x86_64)
Tomcat 7.0.33

I simply want the reverse proxy to work so that https://my.webserver.com gets https://my.webserver.com:8443
(which is the secure tomcat server URL).
I have the reverse proxy working so that http://my.webserver.com redirects the traffic on
port 80 to the "normal" tomcat server on port 8080, and I also seem to have the secure tomcat
server working because I can browse to https://my.webserver.com:8443

However when I bring up https://my.webserver.com, I get the contents of the Apache Root document
at port 80. I'm using a self-signed cert.

My httpd.conf file basically looks like (at least these are the important lines)

Listen 80
ProxyRequests Off
ProxyPreserveHost on
<VirtualHost *:80>

    ServerName my.webserver.com
    ProxyPass / http://my.webserver.com:8080/
    ProxyPassReverse /app http://localhost:8080/
  
</VirtualHost>
<proxy http://my.webserver.com:8080/>
    AllowOverride None
    Order Deny,Allow
    Allow from all
</proxy>

Listen 443
<VirtualHost *:443>

    SSLEngine on
    SSLProxyEngine on
    SSLCertificateFile /path/to/server.crt
    SSLCertificateKeyFile /path/to/server.key
    ServerName my.webserver.com
    ProxyPass / http://my.webserver.com:8443/
    ProxyPassReverse /app http://localhost:8443/

</VirtualHost>
<proxy https://my.webserver.com:8443/>
    AllowOverride None
    Order Deny,Allow
    Allow from all
</proxy>


And my tomcat config (server.xml) connectors are defined like

    <Connector port="8080" protocol="org.apache.coyote.http11.Http11NioProtocol" maxHttpHeaderSize="8192"
useBodyEncodingForURI="true"
               maxThreads="1000" minSpareThreads="25" maxSpareThreads="75"
               enableLookups="false" redirectPort="443" acceptCount="100" 
               compression="on" compressionMinSize="2048" 
               compressableMimeType="text/html,text/xml,text/javascript,text/css,text/plain"
               connectionTimeout="20000" disableUploadTimeout="true" URIEncoding="UTF-8"/>

    <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
               maxThreads="150" scheme="https" secure="false" proxyPort="443" proxyName="my.webserver.com"
               keystoreType= "PKCS12" 
               keystoreFile="/path/to/server.p12" keystorePass="changeit"
               clientAuth="false" sslProtocol="TLSv1" />


I fire up tomcat and apache, I have debug loglevel set, and I don't see any real clues. The
certificate files seem to be read fine and
match my domain name. When I do the https://my.company.com/ request however, I see a debug
line that says my client has obtained an HTTP 
connection to my.company.com. A few lines down, I see a line that says
The timeout specified has expired: [client xxx.xxx.xxx.xxx:xxx] AH01991: SSL input filter
read failed.

But I also see the "timeout" messsage when I do a (successful) connection to https://my.company.com:8443
Currently no firewall rules set up, so nothing should be blocked.

I'm not sure what to try at this point. The logfiles don't seem to any info that appears helpful.
ANY suggestions would be appreciated. 

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message