Granny's Programming Pearls
"inside of every large program is a small program struggling to get out"
JavaRanch.com/granny.jsp
The moose likes Tomcat and the fly likes Tomcat behind Apache -- How to handle SSL? Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Android Security Essentials Live Lessons this week in the Android forum!
JavaRanch » Java Forums » Products » Tomcat
Bookmark "Tomcat behind Apache -- How to handle SSL?" Watch "Tomcat behind Apache -- How to handle SSL?" New topic
Author

Tomcat behind Apache -- How to handle SSL?

Ben Wilber
Greenhorn

Joined: Jan 25, 2010
Posts: 1

Hello,

Software/Versions:
RHEL 5.4
Tomcat 5.5
Apache 2.2.3
Railo 3.1.2
CFWebstore 6 44

I am using mod_proxy_ajp to pass requests for CFML pages to the backend Tomcat server for handling by Railo. It's all working except for SSL.

Here's my Apache VirtualHost config:

ProxyPreserveHost On

<VirtualHost *:80>
ServerName site.example.com

<Proxy *>
Order deny,allow
Allow from all
</Proxy>

ProxyPass / ajp://backend.example.com:8009/
ProxyPassReverse / ajp://backend.example.com:8009/

</VirtualHost>

<VirtualHost <ipaddr>:443>
ServerName site.example.com

SSLEngine On
SSLCertificateFile /etc/httpd/ssl/secure.site.example.com.crt
SSLCertificateKeyFile /etc/httpd/ssl/secure.site.example.com.key

<Proxy *>
Order deny,allow
Allow from all
</Proxy>

ProxyPass / ajp://backend.example.com:8010/
ProxyPassReverse / ajp://backend.example.com:8010/

</VirtualHost>

Here's my Tomcat server.xml snippets:

...
<Connector port="8009" address="0.0.0.0" proxyPort="80" protocol="AJP/1.3" enableLookups="false" />
<Connector port="8010" address="0.0.0.0" proxyPort="443" protocol="AJP/1.3" enableLookups="false" />
...
<Host name="site.example.com" appBase="webapps"
unpackWARs="true" autoDeploy="true"
xmlValidation="false" xmlNamespaceAware="false">
<Context path="" docBase="myapp" />
</Host>
...

The problem is that when CFWebstore tries to do a 301 redirect to the SSL site, something is getting lost and it just keeps throwing 301s infinitely. Either Apache isn't telling Tomcat the scheme (https) and port(443) or Tomcat isn't telling CFWebstore.

Any help is appreciated.

Thank you,

Ben
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Tomcat behind Apache -- How to handle SSL?
 
Similar Threads
Tomcat 7 digest authentication problem
After I've configured Apache+Tomcat, WEB-INF cannot be accessed from JSP
Configuring Apache Web Server with Tomcat
Problems setting up VirtualHost to access a webapp running in a Tomcat/Apache environment
Tomcat behind Apache with SSL terminated at firewall - share session between Tomcat connectors?