tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ted Spradley <ted.k.sprad...@gmail.com>
Subject Re: Proxy Apache https to Tomcat http
Date Wed, 05 Oct 2016 22:10:52 GMT
Chris,

Thanks for your response.

On Wed, Oct 5, 2016 at 3:14 PM, Christopher Schultz <
chris@christopherschultz.net> wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> Ted,
>
> On 10/5/16 3:42 PM, TED SPRADLEY wrote:
> > Tomcat 7.0.68 Apache 2.4.6 CentOS  7.2.1511
>
> Thanks.
>
> > Problem: A Tomcat application at context "/mycontext" on port 8081
> > running through Apache proxy renders as expected when using
> > http://example.com/mycontext but https://example.com/mycontext call
> > renders "The requested URL /mycontext/ was not found on this
> > server."
> >
> > Question: Do I have a Tomcat Connector configuration problem? Or an
> > Apache proxy configuration problem? Or an Apache ssl.conf problem?
> >
> > Note: the CA issued certificate appears to be properly installed as
> > evidence by the lock icon in the url bar displaying "Verified by Š
> > " when doing a mouseover.
> >
> > Files: Httpd.conf - <VirtualHost *:80> ServerName www.example.com
> > ServerAlias *.example.com ProxyRequests off ProxyPass
> > /mycontext  http://example.com:8081/mycontext ProxyPassReverse
> > /mycontext  http://example.com:8081/mycontext </VirtualHost>
> > <VirtualHost *:443> ProxyRequests off ProxyPreserveHost on
> > SSLEngine on SSLCertificateFile /path/to/certs/ca.crt
> > SSLCertificateKeyFile /path/to/key/private/exampleDotCom.key
> > ServerName www.example.com ServerAlias *.example.com ProxyPass
> > /mycontext http://example.com:8081/mycontext ProxyPassReverse
> > /mycontext http://example.com:8081/mycontext </VirtualHost>
>
> On first inspection, that looks correct.
>
> > Tomcat's server.xml Connector <Connector port="8081"
> > protocol="HTTP/1.1" connectionTimeout="20000"
> > proxyName="www.example.com" proxyPort="80" redirectPort="8443"
> > xpoweredBy="false" server="Apache TomEE" />
>
> That also looks correct.
>
> How have you deployed your actual application?
>

Yes. It is deployed and responds as expected through the proxy when using
http.


> > Ssl.conf - SSLEngine on
> >
> > SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5:!SEED:!IDEA
> >
> > SSLCertificateFile /path/to/certs/ca.crt
> >
> > SSLCertificateKeyFile /path/to/key/private/exampleDotCom.key
> >
> > SSLCACertificateFile /path/to/bundle/ca_bundle.crt
>
> Is ssl.conf actually included anywhere?
>

Yes. ssl.conf full path is /etc/httpd/conf.d/ssl.conf.

>From httpd.conf

# Load config files in the "/etc/httpd/conf.d" directory, if any.
IncludeOptional conf.d/*.conf


> You will probably also want to use the RemoteIPValve and possibly the
> SSLValve as well. Have a look at Tomcat's proxy support valves here:
>
> https://tomcat.apache.org/tomcat-7.0-doc/config/valve.html#Proxies_Support
>

Thank you. I'll read the Proxies Support and implement.


>
> - -chris
> -----BEGIN PGP SIGNATURE-----
> Comment: GPGTools - http://gpgtools.org
> Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
>
> iQIcBAEBCAAGBQJX9V9AAAoJEBzwKT+lPKRYL4YP/0KGogACGY7Ul3K59sMky8mz
> tKjFmBU+jLk6DgyvUv6wI5ZcCRLukZsN6vvDU2psiIpGruakQjLfDtiDyPKnBGb3
> G6jmvdfCNPfp9eWRMAKvI90tEvZ10g8/Qbzfp7XZ8tAOuoFSkxyoVYRrZMCoLUYq
> UPCVsJQxhu5yFqzDzAz1AJN26b25Q2+F1W8GznCWz3pjmBjI44Y+y3FwlBVeayGZ
> QaXp+VCzsKw4RRlUy8uO6KH63GgLvNWFZM3gYE85231Eu9RhtQREZNQG/geufnSD
> 3fy6pSQ1GvP+o2giUEgS0ik3zYjzmomtGGpbDQH2wCMuXTMJbJBM4iQZnhZ6Wz1Z
> oDY6BRHvq+sTiEyJ4Ln6sKFymKccg3XSkwZ5UWHR+WA9NabyyEb7Li3AFYkpsyjk
> o93QgPNqbzVBEmbsQTlsb/pfPPc3KoeCDRm5SLtMmPn9zDWHg30q0MGYbz8U96r8
> cojk8k634UQ+B2q36IZpcZh6Ah295bU+I73JUh6T9RF1EcN8PgqOcH4cC7S10fV+
> fiFqdz8XmV372jiiY1jk2Ka6SdJiYUo/froCUHlaNIsThMZra+D6woK55PO0e1yF
> 0HCAMEGAH+bwhJB5UgUj/4rHdcVHO32GRuH0jKpUauhfBh6/k385C58iw4ONsxyG
> Iwa3OPXi7GUSCrWJ0lxr
> =m3nm
> -----END PGP SIGNATURE-----
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message