• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

SSL certificates for each one of the Tomcat Instances on single machine

 
Greenhorn
Posts: 5
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hey .. can any one assist me to get info or steps to configure SSL certiifcate to each one of the Tomcat Instances on the same machine.....

Here is the description :-

Environment :- Red Hat Enterprise Linux 5 - Apache 2.2.11 [ Port 80 - SSL - assigned to www.domain-name.com ] - Tomcat Instance 1 [ 5.5.26 - 8080 ] -Tomcat Instance 2 [5.5.26 - 8081]

We have a domain www.domain-name.com , registered with apache on port 80 with SSL . Now we would liek to have 2 tomcats , with 2 different applications , with SSL enabled. So when one tomcat instance is active , apache will redirect to tomcat instance 1. For example :-

when client enters www.domain-name.com/ticker , apache redirects to Tomcat instance 1 where ticker.war file has been deployed and same with second instance of tomcat. We need these 2 with SSL configured.

So is dis setup possible, if so .. how .. ! If you guys have any better idea thna this crappy one .. please let me know..

Appreciated..

Regards,
Oracle DBA working on Tomcat setup
 
Marshal
Posts: 28177
95
Eclipse IDE Firefox Browser MySQL Database
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
"standby user", please check your private messages regarding an important administrative matter.

Thank you.
 
Ranch Hand
Posts: 254
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Krishna Reddivari wrote:
We have a domain www.domain-name.com , registered with apache on port 80 with SSL


Why do you want to set SSL on standard HTTP port 80 but not standard HTTPS port 443?


Krishna Reddivari wrote:
when client enters www.domain-name.com/ticker , apache redirects to Tomcat instance 1 where ticker.war file has been deployed and same with second instance of tomcat. We need these 2 with SSL configured.


So Apache acts as a proxy server between request clients and Tomcat instances, right? You shouldn't need SSL configured for Tomcat instances in that case especially if they are all on the same server. It will be like you and your teammate working in the same cubical and use cryptext to talk to each other.

Krishna Reddivari wrote:
So is dis setup possible, if so .. how .. ! If you guys have any better idea thna this crappy one .. please let me know..


Yes it is possible.
(1) Just follow apache tutorial to set up a HTTPS using SSL to serve the external clients.
(2) Setting up connector between apache and tomcat instances using standard setup normally should be via port 8009 though, from the tutorial as well. I haven't done it for awhile can't help much with details, but you can google with keywords: apache connector tomcat instances.

Good luck,
 
Krishna Reddivari
Greenhorn
Posts: 5
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi Duc Vo,

Thanks for the reply.

My apologizes i didnt mention mroe details here ... yes Apache's SSL has been configured to 443.

And yes , am using mod_ssl.so module to redirect from Apache to Tomcat.. When it redirects .. it changing from secure to non secure. let me explain more here :-

www.domain-name.com/ticker1 , will give an application login page with https://www.domain-name.com/ticker1 , empty fields for credentials.. .once the authentication is done .. it asks for confirmation whether to redirect to non secure or not , if answered YES, it gives me http://ipaddress:8080/ticker.

If answered no, as you can expect, we cant do anything...the page remains https://www.domain-name.com/ticker1 for login credentials again ...

so am i missing something here . .... ??? If not, please provide me any alternative.

Thanks once again for your reply.

Regards,

Krishna
 
Duc Vo
Ranch Hand
Posts: 254
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Krishna Reddivari wrote:
www.domain-name.com/ticker1 , will give an application login page with https://www.domain-name.com/ticker1 , empty fields for credentials.. .once the authentication is done .. it asks for confirmation whether to redirect to non secure or not , if answered YES, it gives me http://ipaddress:8080/ticker.


This is the part that you did wrong. It should redirect to https://www.domain-name.com/ticker instead i.e. you shouldn't have to hard code the full URL.
Anyway, have you set up the connector between apache and tomcat yet?
 
Krishna Reddivari
Greenhorn
Posts: 5
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi Duc Vo,

Thanks for the response.

Yes I did try with https://www.domain-name.com/ticker , but that never showed up the any page ..i always get 404 message or similar to that .will post exact message in couple of mins...

Yes i did configure 2 different setup with apache to redirect to Tomcat .

a. using mod_jk

b. using mod_ssl

Please let meknow.

 
Krishna Reddivari
Greenhorn
Posts: 5
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Duc Vo,

Here is the conf i did in /etc/httpd/conf.d/ssl.conf

ProxyPass /jsp-examples https://localhost:8080/jsp-examples
ProxyPassReverse /jsp-examples https://localhost:8080/jsp-examples

please have a look at the attachment for the error message.

Thank you for your support.
500-error.jpg
[Thumbnail for 500-error.jpg]
error message when i configure as mentioned
 
Duc Vo
Ranch Hand
Posts: 254
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Post the part that you've set up mod_jk here. I can't be of any help if there is no detail.
 
Duc Vo
Ranch Hand
Posts: 254
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Your information doesn't help much mate. The 500 internal server error can be anything. Have you installed mod_proxy_ajp for your apache yet? and what does it say in your httpd log file?

Anyway you'll need to do it in three steps
(1) Make both tomcat instances can core exist
(2) Make apache forward requests to tomcat instances via AJP connector
(3) Set up SSL for apache (properly you've already done this)

Make both tomcat instances can core exist
- Search for the files named "server.xml" in your tomcat instances normally it should be under directory $TOMCAT_HOME$/conf
- Edit the file and search for AJP Connector settings, it should look like below.

- Change the settings to make sure that the two instances have different ports. (i.e. 8009 for one and 8007 for another).
- Restart both tomcat instances

Make apache to forward requests to tomcat instances via AJP connector
Read here http://tomcat.apache.org/connectors-doc/generic_howto/quick.html
Note that you'll have to do it one for each tomcat instance.

Set up SSL for apache
Read here http://httpd.apache.org/docs/2.2/ssl

Hope it help,


 
Krishna Reddivari
Greenhorn
Posts: 5
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi Duc Vo,

Thanks for the information. I appreciate it.

But so unfortunate to say that , i followed same / similar setup for my current configuration.

May be am missing some vital information here ...

Let me rephrase my objective or goal ....

When apache gets redirected to Tomcat .. I do have HTTPS... when once I login into the application, the HTTPS changes to HTTP i.e. Secure communication to non secure.

So, do you think I need to change any code with in our application ...???

Kindly ... reply.

Thanks.
 
Duc Vo
Ranch Hand
Posts: 254
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Krishna Reddivari wrote:
When apache gets redirected to Tomcat .. I do have HTTPS... when once I login into the application, the HTTPS changes to HTTP i.e. Secure communication to non secure.


It seems you application do some absolution URL redirect, you may have to get that fixed first.
 
This. Exactly this. This is what my therapist has been talking about. And now with a tiny ad:
a bit of art, as a gift, that will fit in a stocking
https://gardener-gift.com
reply
    Bookmark Topic Watch Topic
  • New Topic