Return-Path: X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183]) by cust-asf2.ponee.io (Postfix) with ESMTP id E4C45200BA3 for ; Thu, 6 Oct 2016 00:11:04 +0200 (CEST) Received: by cust-asf.ponee.io (Postfix) id E1B53160AEA; Wed, 5 Oct 2016 22:11:04 +0000 (UTC) Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by cust-asf.ponee.io (Postfix) with SMTP id F211F160ADE for ; Thu, 6 Oct 2016 00:11:03 +0200 (CEST) Received: (qmail 79637 invoked by uid 500); 5 Oct 2016 22:11:02 -0000 Mailing-List: contact users-help@tomcat.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "Tomcat Users List" Delivered-To: mailing list users@tomcat.apache.org Received: (qmail 79626 invoked by uid 99); 5 Oct 2016 22:11:02 -0000 Received: from pnap-us-west-generic-nat.apache.org (HELO spamd3-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 05 Oct 2016 22:11:02 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd3-us-west.apache.org (ASF Mail Server at spamd3-us-west.apache.org) with ESMTP id B51D5180286 for ; Wed, 5 Oct 2016 22:11:01 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd3-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: 2.399 X-Spam-Level: ** X-Spam-Status: No, score=2.399 tagged_above=-999 required=6.31 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=2, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_SORBS_SPAM=0.5, SPF_PASS=-0.001, WEIRD_PORT=0.001] autolearn=disabled Authentication-Results: spamd3-us-west.apache.org (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mx2-lw-us.apache.org ([10.40.0.8]) by localhost (spamd3-us-west.apache.org [10.40.0.10]) (amavisd-new, port 10024) with ESMTP id 1xg8JxnDDnyB for ; Wed, 5 Oct 2016 22:10:59 +0000 (UTC) Received: from mail-qk0-f176.google.com (mail-qk0-f176.google.com [209.85.220.176]) by mx2-lw-us.apache.org (ASF Mail Server at mx2-lw-us.apache.org) with ESMTPS id 8BC7A5F399 for ; Wed, 5 Oct 2016 22:10:59 +0000 (UTC) Received: by mail-qk0-f176.google.com with SMTP id o68so1264288qkf.3 for ; Wed, 05 Oct 2016 15:10:59 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to; bh=F0PLZSL8Lrlhjf2Gvo9/OWlBDhSa984Lss4Z4rIaFio=; b=MHoOLF+9togdeEpgAOKiYfagpgb5iSeATvpJ8bXFCeVyBnBuQ1cjFvKPeHal9xTkB+ OxPsqPNhdf8Tz71A03/yf2zTtrA+vTZlJVn8MHNc1Wic4zHd9sxf3MuyK/2cu7BEnGZm py30X/cI48RS9qydeOfLZpOr9nEGN0RwxCsUPMPGatPKrV3RS/2mZQUEpwcO0cEZAEmS 1VjzSnT05BsDPbV/YudVvSg/INl2J6W7Mxhi2r7U9nbRgHgMuMe5DpRwekih9MFECC+G frQ0z7Fnv9P+g/z6EP2vSikjv3nx4aiO7G7ZSGHyGLGsR5c+3wwh3BGfbJMaQcykNvZa htQQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to; bh=F0PLZSL8Lrlhjf2Gvo9/OWlBDhSa984Lss4Z4rIaFio=; b=IjyJQGhkq4HYhOOpsq4r/lYoC6wyyvqCEefu3vw7quEQZJ+vv9P/pQB5sZeMK+a1gM 2FXUL3jJGbVjgXI1gEtxDMyqvWqmNnDrD11vhygf7nJtx2+irvrx5GTrIWGxngLC46lr +38+hVkznQZ+XZve8svf68uMGsTITCq+iLx6tuvdoq05RGzyPNM0biC/ZvP8bskyM0vE LEt7evQPg0VPFj1CJ+ddZfv9ObbZXXPaxHQeeiEeq0jS/csPUWO0l9TtbTfS+8ueDQ7T eDGTKxxhK6adYIumzpaAZF/kbMOMnlA2NHxdqyasOItouTj+MWzGuI+eaP1gJKtYl7Ci o/IA== X-Gm-Message-State: AA6/9RmotxpKXOGKuQ92UmdhuyfJdR99d2Om4nOwk4HbgHrQG/O5MAP8RWmr+ZgjfXAWNPPB6Jgn1xndF2uz0g== X-Received: by 10.55.212.85 with SMTP id l82mr5242778qki.214.1475705453053; Wed, 05 Oct 2016 15:10:53 -0700 (PDT) MIME-Version: 1.0 Received: by 10.200.35.26 with HTTP; Wed, 5 Oct 2016 15:10:52 -0700 (PDT) In-Reply-To: References: From: Ted Spradley Date: Wed, 5 Oct 2016 17:10:52 -0500 Message-ID: Subject: Re: Proxy Apache https to Tomcat http To: Tomcat Users List Content-Type: multipart/alternative; boundary=001a11498d96528f04053e257338 archived-at: Wed, 05 Oct 2016 22:11:05 -0000 --001a11498d96528f04053e257338 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Chris, Thanks for your response. On Wed, Oct 5, 2016 at 3:14 PM, Christopher Schultz < chris@christopherschultz.net> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA256 > > Ted, > > On 10/5/16 3:42 PM, TED SPRADLEY wrote: > > Tomcat 7.0.68 Apache 2.4.6 CentOS 7.2.1511 > > Thanks. > > > Problem: A Tomcat application at context "/mycontext" on port 8081 > > running through Apache proxy renders as expected when using > > http://example.com/mycontext but https://example.com/mycontext call > > renders "The requested URL /mycontext/ was not found on this > > server." > > > > Question: Do I have a Tomcat Connector configuration problem? Or an > > Apache proxy configuration problem? Or an Apache ssl.conf problem? > > > > Note: the CA issued certificate appears to be properly installed as > > evidence by the lock icon in the url bar displaying "Verified by =C5=A0 > > " when doing a mouseover. > > > > Files: Httpd.conf - ServerName www.example.com > > ServerAlias *.example.com ProxyRequests off ProxyPass > > /mycontext http://example.com:8081/mycontext ProxyPassReverse > > /mycontext http://example.com:8081/mycontext > > ProxyRequests off ProxyPreserveHost on > > SSLEngine on SSLCertificateFile /path/to/certs/ca.crt > > SSLCertificateKeyFile /path/to/key/private/exampleDotCom.key > > ServerName www.example.com ServerAlias *.example.com ProxyPass > > /mycontext http://example.com:8081/mycontext ProxyPassReverse > > /mycontext http://example.com:8081/mycontext > > On first inspection, that looks correct. > > > Tomcat's server.xml Connector > protocol=3D"HTTP/1.1" connectionTimeout=3D"20000" > > proxyName=3D"www.example.com" proxyPort=3D"80" redirectPort=3D"8443" > > xpoweredBy=3D"false" server=3D"Apache TomEE" /> > > That also looks correct. > > How have you deployed your actual application? > Yes. It is deployed and responds as expected through the proxy when using http. > > Ssl.conf - SSLEngine on > > > > SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5:!SEED:!IDEA > > > > SSLCertificateFile /path/to/certs/ca.crt > > > > SSLCertificateKeyFile /path/to/key/private/exampleDotCom.key > > > > SSLCACertificateFile /path/to/bundle/ca_bundle.crt > > Is ssl.conf actually included anywhere? > Yes. ssl.conf full path is /etc/httpd/conf.d/ssl.conf. From httpd.conf # Load config files in the "/etc/httpd/conf.d" directory, if any. IncludeOptional conf.d/*.conf > You will probably also want to use the RemoteIPValve and possibly the > SSLValve as well. Have a look at Tomcat's proxy support valves here: > > https://tomcat.apache.org/tomcat-7.0-doc/config/valve.html#Proxies_Suppor= t > Thank you. I'll read the Proxies Support and implement. > > - -chris > -----BEGIN PGP SIGNATURE----- > Comment: GPGTools - http://gpgtools.org > Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ > > iQIcBAEBCAAGBQJX9V9AAAoJEBzwKT+lPKRYL4YP/0KGogACGY7Ul3K59sMky8mz > tKjFmBU+jLk6DgyvUv6wI5ZcCRLukZsN6vvDU2psiIpGruakQjLfDtiDyPKnBGb3 > G6jmvdfCNPfp9eWRMAKvI90tEvZ10g8/Qbzfp7XZ8tAOuoFSkxyoVYRrZMCoLUYq > UPCVsJQxhu5yFqzDzAz1AJN26b25Q2+F1W8GznCWz3pjmBjI44Y+y3FwlBVeayGZ > QaXp+VCzsKw4RRlUy8uO6KH63GgLvNWFZM3gYE85231Eu9RhtQREZNQG/geufnSD > 3fy6pSQ1GvP+o2giUEgS0ik3zYjzmomtGGpbDQH2wCMuXTMJbJBM4iQZnhZ6Wz1Z > oDY6BRHvq+sTiEyJ4Ln6sKFymKccg3XSkwZ5UWHR+WA9NabyyEb7Li3AFYkpsyjk > o93QgPNqbzVBEmbsQTlsb/pfPPc3KoeCDRm5SLtMmPn9zDWHg30q0MGYbz8U96r8 > cojk8k634UQ+B2q36IZpcZh6Ah295bU+I73JUh6T9RF1EcN8PgqOcH4cC7S10fV+ > fiFqdz8XmV372jiiY1jk2Ka6SdJiYUo/froCUHlaNIsThMZra+D6woK55PO0e1yF > 0HCAMEGAH+bwhJB5UgUj/4rHdcVHO32GRuH0jKpUauhfBh6/k385C58iw4ONsxyG > Iwa3OPXi7GUSCrWJ0lxr > =3Dm3nm > -----END PGP SIGNATURE----- > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org > For additional commands, e-mail: users-help@tomcat.apache.org > > --001a11498d96528f04053e257338--