Return-Path: 
 <users-return-246823-apmail-tomcat-users-archive=tomcat.apache.org@tomcat.apache.org>
X-Original-To: apmail-tomcat-users-archive@www.apache.org
Delivered-To: apmail-tomcat-users-archive@www.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id 4566610FB6
	for <apmail-tomcat-users-archive@www.apache.org>;
 Mon,  3 Mar 2014 20:28:14 +0000 (UTC)
Received: (qmail 16563 invoked by uid 500); 3 Mar 2014 20:27:55 -0000
Delivered-To: apmail-tomcat-users-archive@tomcat.apache.org
Received: (qmail 16484 invoked by uid 500); 3 Mar 2014 20:27:52 -0000
Mailing-List: contact users-help@tomcat.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:users-help@tomcat.apache.org>
List-Unsubscribe: <mailto:users-unsubscribe@tomcat.apache.org>
List-Post: <mailto:users@tomcat.apache.org>
List-Id: <users.tomcat.apache.org>
Reply-To: "Tomcat Users List" <users@tomcat.apache.org>
Delivered-To: mailing list users@tomcat.apache.org
Received: (qmail 15612 invoked by uid 99); 3 Mar 2014 20:27:27 -0000
Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136)
    by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 03 Mar 2014 20:27:27 +0000
X-ASF-Spam-Status: No, hits=1.8 required=5.0
	tests=FREEMAIL_ENVFROM_END_DIGIT,HTML_MESSAGE,RCVD_IN_DNSWL_LOW,SPF_PASS,WEIRD_PORT
X-Spam-Check-By: apache.org
Received-SPF: pass (athena.apache.org: domain of jforjava1981@gmail.com
 designates 209.85.213.44 as permitted sender)
Received: from [209.85.213.44] (HELO mail-yh0-f44.google.com) (209.85.213.44)
    by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 03 Mar 2014 20:27:23 +0000
Received: by mail-yh0-f44.google.com with SMTP id f73so4093250yha.3
        for <users@tomcat.apache.org>; Mon, 03 Mar 2014 12:27:02 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20120113;
        h=mime-version:in-reply-to:references:date:message-id:subject:from:to
         :content-type;
        bh=hT9/7cJFx2PRZXq8BKA8R0lGu3IW6r1xNh7QjBFtGKg=;
        b=LgCG/lZoTv+81AzoCbkp+BgA5BYC/B9eCkCQigxv+HtG9NJ9bNqNhn4oOEtw5wXe26
         5BNqx5t5es54YR//3ORUNFg6Rixgwo0VeI+Z7PDkbv2O91uGQ88PEaLKdQ7pxl65CGzB
         L8z2cByOm5pc/CaIfpgosKUI0rJKxu8aEh47mLNZnikvTdV9ob3sZ7UVrQvm0CykL9FS
         qQgumXHaKA4FnKZBgoc/dWLMzr7peI2mh5pb9oWdUEh/IYYTu9RBIVtljv4JkZKeHlhJ
         VWFDOaGT8x4y0RocX/J4RmWwCSP1XRHo8aUwzrZBsEfoqgGOzkhIcF93TpeKEc4nBWj5
         C03w==
MIME-Version: 1.0
X-Received: by 10.236.19.162 with SMTP id n22mr23408036yhn.23.1393878422503;
 Mon, 03 Mar 2014 12:27:02 -0800 (PST)
Received: by 10.170.176.3 with HTTP; Mon, 3 Mar 2014 12:27:02 -0800 (PST)
In-Reply-To: 
 <201403032014.s23KEE65007990@ip-173-201-187-89.ip.secureserver.net>
References: 
 <201403032014.s23KEE65007990@ip-173-201-187-89.ip.secureserver.net>
Date: Tue, 4 Mar 2014 01:57:02 +0530
Message-ID: 
 <CAHBo1G-tS7QozsbL_e7rPu5TbEyAtH=DHtSExZNPT8JEN5uQkA@mail.gmail.com>
Subject: Re: secure reverse proxy to my tomcat server HELP NEEDED
From: J Java <jforjava1981@gmail.com>
To: Tomcat Users List <users@tomcat.apache.org>
Content-Type: multipart/alternative; boundary=089e0160d0b63bc50904f3b99c68
X-Virus-Checked: Checked by ClamAV on apache.org

--089e0160d0b63bc50904f3b99c68
Content-Type: text/plain; charset=ISO-8859-1

Can you change and retry below lines :
ProxyPass / http://my.webserver.com:8443/          to            ProxyPass
/ https://my.webserver.com:8443/ <http://my.webserver.com:8443/>
    ProxyPassReverse /app http://localhost:8443/  to          ProxyPassReverse
/app https://localhost:8443/ <http://localhost:8443/>

Thanks,
Shailesh


On Tue, Mar 4, 2014 at 1:44 AM, Jeff Haferman <jeff@haferman.com> wrote:

>
> The subject says it, I need help getting a secure reverse proxy to my
> tomcat server working. There is a lot of doc on the web, and it seems like
> I have everything configured properly, but I can't quite get the reverse
> proxy to work on the https side of things.
>
> Here is my config:
> Apache2.4.2
> Ubuntu 12.04.2 LTS (GNU/Linux 3.2.0-24-generic x86_64)
> Tomcat 7.0.33
>
> I simply want the reverse proxy to work so that https://my.webserver.comgets
> https://my.webserver.com:8443 (which is the secure tomcat server URL).
> I have the reverse proxy working so that http://my.webserver.comredirects the traffic on port 80 to the "normal" tomcat server on port
> 8080, and I also seem to have the secure tomcat server working because I
> can browse to https://my.webserver.com:8443
>
> However when I bring up https://my.webserver.com, I get the contents of
> the Apache Root document at port 80. I'm using a self-signed cert.
>
> My httpd.conf file basically looks like (at least these are the important
> lines)
>
> Listen 80
> ProxyRequests Off
> ProxyPreserveHost on
> <VirtualHost *:80>
>
>     ServerName my.webserver.com
>     ProxyPass / http://my.webserver.com:8080/
>     ProxyPassReverse /app http://localhost:8080/
>
> </VirtualHost>
> <proxy http://my.webserver.com:8080/>
>     AllowOverride None
>     Order Deny,Allow
>     Allow from all
> </proxy>
>
> Listen 443
> <VirtualHost *:443>
>
>     SSLEngine on
>     SSLProxyEngine on
>     SSLCertificateFile /path/to/server.crt
>     SSLCertificateKeyFile /path/to/server.key
>     ServerName my.webserver.com
>     ProxyPass / http://my.webserver.com:8443/
>     ProxyPassReverse /app http://localhost:8443/
>
> </VirtualHost>
> <proxy https://my.webserver.com:8443/>
>     AllowOverride None
>     Order Deny,Allow
>     Allow from all
> </proxy>
>
>
> And my tomcat config (server.xml) connectors are defined like
>
>     <Connector port="8080"
> protocol="org.apache.coyote.http11.Http11NioProtocol"
> maxHttpHeaderSize="8192" useBodyEncodingForURI="true"
>                maxThreads="1000" minSpareThreads="25" maxSpareThreads="75"
>                enableLookups="false" redirectPort="443" acceptCount="100"
>                compression="on" compressionMinSize="2048"
>
>  compressableMimeType="text/html,text/xml,text/javascript,text/css,text/plain"
>                connectionTimeout="20000" disableUploadTimeout="true"
> URIEncoding="UTF-8"/>
>
>     <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
>                maxThreads="150" scheme="https" secure="false"
> proxyPort="443" proxyName="my.webserver.com"
>                keystoreType= "PKCS12"
>                keystoreFile="/path/to/server.p12" keystorePass="changeit"
>                clientAuth="false" sslProtocol="TLSv1" />
>
>
> I fire up tomcat and apache, I have debug loglevel set, and I don't see
> any real clues. The certificate files seem to be read fine and
> match my domain name. When I do the https://my.company.com/ request
> however, I see a debug line that says my client has obtained an HTTP
> connection to my.company.com. A few lines down, I see a line that says
> The timeout specified has expired: [client xxx.xxx.xxx.xxx:xxx] AH01991:
> SSL input filter read failed.
>
> But I also see the "timeout" messsage when I do a (successful) connection
> to https://my.company.com:8443
> Currently no firewall rules set up, so nothing should be blocked.
>
> I'm not sure what to try at this point. The logfiles don't seem to any
> info that appears helpful. ANY suggestions would be appreciated.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>

--089e0160d0b63bc50904f3b99c68--