tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From J Java <jforjava1...@gmail.com>
Subject Re: secure reverse proxy to my tomcat server HELP NEEDED
Date Mon, 03 Mar 2014 20:27:02 GMT
Can you change and retry below lines :
ProxyPass / http://my.webserver.com:8443/          to            ProxyPass
/ https://my.webserver.com:8443/ <http://my.webserver.com:8443/>
    ProxyPassReverse /app http://localhost:8443/  to          ProxyPassReverse
/app https://localhost:8443/ <http://localhost:8443/>

Thanks,
Shailesh


On Tue, Mar 4, 2014 at 1:44 AM, Jeff Haferman <jeff@haferman.com> wrote:

>
> The subject says it, I need help getting a secure reverse proxy to my
> tomcat server working. There is a lot of doc on the web, and it seems like
> I have everything configured properly, but I can't quite get the reverse
> proxy to work on the https side of things.
>
> Here is my config:
> Apache2.4.2
> Ubuntu 12.04.2 LTS (GNU/Linux 3.2.0-24-generic x86_64)
> Tomcat 7.0.33
>
> I simply want the reverse proxy to work so that https://my.webserver.comgets
> https://my.webserver.com:8443 (which is the secure tomcat server URL).
> I have the reverse proxy working so that http://my.webserver.comredirects the traffic
on port 80 to the "normal" tomcat server on port
> 8080, and I also seem to have the secure tomcat server working because I
> can browse to https://my.webserver.com:8443
>
> However when I bring up https://my.webserver.com, I get the contents of
> the Apache Root document at port 80. I'm using a self-signed cert.
>
> My httpd.conf file basically looks like (at least these are the important
> lines)
>
> Listen 80
> ProxyRequests Off
> ProxyPreserveHost on
> <VirtualHost *:80>
>
>     ServerName my.webserver.com
>     ProxyPass / http://my.webserver.com:8080/
>     ProxyPassReverse /app http://localhost:8080/
>
> </VirtualHost>
> <proxy http://my.webserver.com:8080/>
>     AllowOverride None
>     Order Deny,Allow
>     Allow from all
> </proxy>
>
> Listen 443
> <VirtualHost *:443>
>
>     SSLEngine on
>     SSLProxyEngine on
>     SSLCertificateFile /path/to/server.crt
>     SSLCertificateKeyFile /path/to/server.key
>     ServerName my.webserver.com
>     ProxyPass / http://my.webserver.com:8443/
>     ProxyPassReverse /app http://localhost:8443/
>
> </VirtualHost>
> <proxy https://my.webserver.com:8443/>
>     AllowOverride None
>     Order Deny,Allow
>     Allow from all
> </proxy>
>
>
> And my tomcat config (server.xml) connectors are defined like
>
>     <Connector port="8080"
> protocol="org.apache.coyote.http11.Http11NioProtocol"
> maxHttpHeaderSize="8192" useBodyEncodingForURI="true"
>                maxThreads="1000" minSpareThreads="25" maxSpareThreads="75"
>                enableLookups="false" redirectPort="443" acceptCount="100"
>                compression="on" compressionMinSize="2048"
>
>  compressableMimeType="text/html,text/xml,text/javascript,text/css,text/plain"
>                connectionTimeout="20000" disableUploadTimeout="true"
> URIEncoding="UTF-8"/>
>
>     <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
>                maxThreads="150" scheme="https" secure="false"
> proxyPort="443" proxyName="my.webserver.com"
>                keystoreType= "PKCS12"
>                keystoreFile="/path/to/server.p12" keystorePass="changeit"
>                clientAuth="false" sslProtocol="TLSv1" />
>
>
> I fire up tomcat and apache, I have debug loglevel set, and I don't see
> any real clues. The certificate files seem to be read fine and
> match my domain name. When I do the https://my.company.com/ request
> however, I see a debug line that says my client has obtained an HTTP
> connection to my.company.com. A few lines down, I see a line that says
> The timeout specified has expired: [client xxx.xxx.xxx.xxx:xxx] AH01991:
> SSL input filter read failed.
>
> But I also see the "timeout" messsage when I do a (successful) connection
> to https://my.company.com:8443
> Currently no firewall rules set up, so nothing should be blocked.
>
> I'm not sure what to try at this point. The logfiles don't seem to any
> info that appears helpful. ANY suggestions would be appreciated.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message