File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
The moose likes Linux / UNIX and the fly likes virtual hosts Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Engineering » Linux / UNIX
Bookmark "virtual hosts" Watch "virtual hosts" New topic

virtual hosts

Alan Shiers
Ranch Hand

Joined: Sep 24, 2003
Posts: 237
Hi there,

I need to find out the details of setting up Apache and Tomcat combined to to provide me with one part of my website that is unsecure and a part that is secure using SSL. I want to set up my website so that Apache handles all the static webpages that are open to the general public and my web application under Tomcat to operate under the SSL (Secure Socket Layer). Is there an online resource that explains how to configure everything as I've just described it? Also, do I need to register two seperate domain names? One for the non-secure and another for the secure part: vs. ? Or can I get away with just the one domain name? How exactly does all this come together?


Lewin Chan
Ranch Hand

Joined: Oct 10, 2001
Posts: 214

Presumably these are the two scenarios (a completely static html site) (after uses have logged in from the public area)

So, some general nudges in the right direction

a) You don't have to buy 2 domain names, unless of course, you are infact using 2 domains e.g. (the https doesn't make it a different domain). Even then you can probably just get away with one, ala, (which is still only 1 domain name -

b) You will need a SSL certificate (either self-signed which your users will have to accept, or you can buy one from someone like verisign).

If you want tomcat to service the https requests directly, then your URL will change to In this instance, you have to setup tomcat with a keystore and the like, but for all intents and purposes they are separate processes, and apache won't need to talk to tomcat at all.

If you want your url to be then use mod_jk (available from - the docs are getting quite good now) to get Apache to be the front-man for tomcat. This means that you have to setup SSL with apache, and tomcat is configured to only talk to Apache, and doesn't service any user-requests directly.

I always try to setup applications to run with apache as the front man, my reasons :-

  • Naturalness of the URL - is nicer, and less prone to user forgetfulness (They will forget the port number).
  • Security - if you want to use the default http/https port, then you have to run as root in order to listen on ports less then 1024 (on unix/linux). Apache starts off as root, but requests are serviced by a non-privileged thread. Tomcat won't do that, requests will be serviced by a thread running as root, with all the possible problems that might bring.
  • Running > 1 website on the same box (Tomcat can do this of course, but then you're restricted to having only JSP/static websites)
  • Need to think about how things will work in production. Been a number of times when I goto deploy a webapp to be fronted by apache and it doesn't work because they've relied on some behaviour (I think an amusing one was setting up the web.xml welcome page to be html/index.html which just forwarded to ../index.jsp) that won't be tolerated by apache.

  • Alan Shiers
    Ranch Hand

    Joined: Sep 24, 2003
    Posts: 237
    Thanks for the info. That was just what I was looking for. I believe I'll go the route of using Mod_JK to have Tomcat and Apache work together. Have Apache work as the "front-man" as you put it. This means I'm sure that the URL for both the public and private sections will have to use the "https:" prefix right?

    I agree. Here's the link:
    subject: virtual hosts
    It's not a secret anymore!