• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Tomcat behind Apache -- How to handle SSL?

 
Ben Wilber
Greenhorn
Posts: 1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

Hello,

Software/Versions:
RHEL 5.4
Tomcat 5.5
Apache 2.2.3
Railo 3.1.2
CFWebstore 6 44

I am using mod_proxy_ajp to pass requests for CFML pages to the backend Tomcat server for handling by Railo. It's all working except for SSL.

Here's my Apache VirtualHost config:

ProxyPreserveHost On

<VirtualHost *:80>
ServerName site.example.com

<Proxy *>
Order deny,allow
Allow from all
</Proxy>

ProxyPass / ajp://backend.example.com:8009/
ProxyPassReverse / ajp://backend.example.com:8009/

</VirtualHost>

<VirtualHost <ipaddr>:443>
ServerName site.example.com

SSLEngine On
SSLCertificateFile /etc/httpd/ssl/secure.site.example.com.crt
SSLCertificateKeyFile /etc/httpd/ssl/secure.site.example.com.key

<Proxy *>
Order deny,allow
Allow from all
</Proxy>

ProxyPass / ajp://backend.example.com:8010/
ProxyPassReverse / ajp://backend.example.com:8010/

</VirtualHost>

Here's my Tomcat server.xml snippets:

...
<Connector port="8009" address="0.0.0.0" proxyPort="80" protocol="AJP/1.3" enableLookups="false" />
<Connector port="8010" address="0.0.0.0" proxyPort="443" protocol="AJP/1.3" enableLookups="false" />
...
<Host name="site.example.com" appBase="webapps"
unpackWARs="true" autoDeploy="true"
xmlValidation="false" xmlNamespaceAware="false">
<Context path="" docBase="myapp" />
</Host>
...

The problem is that when CFWebstore tries to do a 301 redirect to the SSL site, something is getting lost and it just keeps throwing 301s infinitely. Either Apache isn't telling Tomcat the scheme (https) and port(443) or Tomcat isn't telling CFWebstore.

Any help is appreciated.

Thank you,

Ben
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic