tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Schultz <ch...@christopherschultz.net>
Subject Re: Proxy Apache https to Tomcat http
Date Wed, 05 Oct 2016 20:14:56 GMT
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Ted,

On 10/5/16 3:42 PM, TED SPRADLEY wrote:
> Tomcat 7.0.68 Apache 2.4.6 CentOS  7.2.1511

Thanks.

> Problem: A Tomcat application at context "/mycontext" on port 8081
> running through Apache proxy renders as expected when using 
> http://example.com/mycontext but https://example.com/mycontext call
> renders "The requested URL /mycontext/ was not found on this
> server."
> 
> Question: Do I have a Tomcat Connector configuration problem? Or an
> Apache proxy configuration problem? Or an Apache ssl.conf problem?
> 
> Note: the CA issued certificate appears to be properly installed as
> evidence by the lock icon in the url bar displaying "Verified by Š
> " when doing a mouseover.
> 
> Files: Httpd.conf - <VirtualHost *:80> ServerName www.example.com 
> ServerAlias *.example.com ProxyRequests off ProxyPass
> /mycontext  http://example.com:8081/mycontext ProxyPassReverse
> /mycontext  http://example.com:8081/mycontext </VirtualHost> 
> <VirtualHost *:443> ProxyRequests off ProxyPreserveHost on 
> SSLEngine on SSLCertificateFile /path/to/certs/ca.crt 
> SSLCertificateKeyFile /path/to/key/private/exampleDotCom.key 
> ServerName www.example.com ServerAlias *.example.com ProxyPass
> /mycontext http://example.com:8081/mycontext ProxyPassReverse
> /mycontext http://example.com:8081/mycontext </VirtualHost>

On first inspection, that looks correct.

> Tomcat's server.xml Connector <Connector port="8081"
> protocol="HTTP/1.1" connectionTimeout="20000" 
> proxyName="www.example.com" proxyPort="80" redirectPort="8443" 
> xpoweredBy="false" server="Apache TomEE" />

That also looks correct.

How have you deployed your actual application?

> Ssl.conf - SSLEngine on
> 
> SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5:!SEED:!IDEA
> 
> SSLCertificateFile /path/to/certs/ca.crt
> 
> SSLCertificateKeyFile /path/to/key/private/exampleDotCom.key
> 
> SSLCACertificateFile /path/to/bundle/ca_bundle.crt

Is ssl.conf actually included anywhere?

You will probably also want to use the RemoteIPValve and possibly the
SSLValve as well. Have a look at Tomcat's proxy support valves here:

https://tomcat.apache.org/tomcat-7.0-doc/config/valve.html#Proxies_Suppo
rt

- -chris
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBCAAGBQJX9V9AAAoJEBzwKT+lPKRYL4YP/0KGogACGY7Ul3K59sMky8mz
tKjFmBU+jLk6DgyvUv6wI5ZcCRLukZsN6vvDU2psiIpGruakQjLfDtiDyPKnBGb3
G6jmvdfCNPfp9eWRMAKvI90tEvZ10g8/Qbzfp7XZ8tAOuoFSkxyoVYRrZMCoLUYq
UPCVsJQxhu5yFqzDzAz1AJN26b25Q2+F1W8GznCWz3pjmBjI44Y+y3FwlBVeayGZ
QaXp+VCzsKw4RRlUy8uO6KH63GgLvNWFZM3gYE85231Eu9RhtQREZNQG/geufnSD
3fy6pSQ1GvP+o2giUEgS0ik3zYjzmomtGGpbDQH2wCMuXTMJbJBM4iQZnhZ6Wz1Z
oDY6BRHvq+sTiEyJ4Ln6sKFymKccg3XSkwZ5UWHR+WA9NabyyEb7Li3AFYkpsyjk
o93QgPNqbzVBEmbsQTlsb/pfPPc3KoeCDRm5SLtMmPn9zDWHg30q0MGYbz8U96r8
cojk8k634UQ+B2q36IZpcZh6Ah295bU+I73JUh6T9RF1EcN8PgqOcH4cC7S10fV+
fiFqdz8XmV372jiiY1jk2Ka6SdJiYUo/froCUHlaNIsThMZra+D6woK55PO0e1yF
0HCAMEGAH+bwhJB5UgUj/4rHdcVHO32GRuH0jKpUauhfBh6/k385C58iw4ONsxyG
Iwa3OPXi7GUSCrWJ0lxr
=m3nm
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message