Win a copy of Beginning Java 17 Fundamentals: Object-Oriented Programming in Java 17 this week in the Java in General forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Tim Cooke
  • Campbell Ritchie
  • Ron McLeod
  • Liutauras Vilda
  • Jeanne Boyarsky
Sheriffs:
  • Junilu Lacar
  • Rob Spoor
  • Paul Clapham
Saloon Keepers:
  • Tim Holloway
  • Tim Moores
  • Jesse Silverman
  • Stephan van Hulst
  • Carey Brown
Bartenders:
  • Al Hobbs
  • Piet Souris
  • Frits Walraven

ssl apache and tomcat issue

 
Greenhorn
Posts: 15
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
hi,
i wish to verify why my apache with ssl and my my tomcat does not access the index.html.
my file is /root/apache-tomcat-7.0.59/u/ROOT.index.html
the ssl apache is working -https://www.vucni.com:443 and tomcat also http://www.vucni.8080
i know that when using ssl with apache as front end and tomcat as back end,only apache need to be set up with ssl and tomcat no.right?



my httpd.conf file is:
Listen 80 ;i do not think i should add also Listen 443
JkWorkersFile /etc/httpd/conf/workers.properties
LoadModule ssl_module modules/mod_ssl.so
LoadModule jk_module modules/mod_jk.so
ServerName localhost
<VirtualHost *:443>
SSLEngine on
SSLCertificateFile /etc/httpd/cacert.pem
SSLCertificateKeyFile /etc/httpd/privkey.pem
JkMount /u ajp13
JkMount /u/* ajp13
DocumentRoot /root/apache-tomcat-7.0.59/u
ServerName www.vucni.com
</VirtualHost>

worker.properties
worker.list=ajp13
worker.ajp13.type=ajp13
worker.ajp13.host=localhost
worker.ajp13.port=8009


server.xml
<Connector port="8009" protocol="AJP/1.3" redirectPort="8443" />
<Connector port="8443" protocol="org.apache.coyote.http11.Http11Protocol"
maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS" />
<Host name="www.vucni.com" appBase="u"
unpackWARs="true" autoDeploy="true">
</Host>

i try https://www.vucni.com:80 and i have error.is this how i should to access the index.html content?
thanks,
marius
 
Saloon Keeper
Posts: 24867
174
Android Eclipse IDE Tomcat Server Redhat Java Linux
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

i know that when using ssl with apache as front end and tomcat as back end,only apache need to be set up with ssl and tomcat no.right?



Depends on how paranoid you are. If you are extremely paranoid and Apache isn't on the same server as Tomcat, you might want an encrypted channel between Apache and Tomcat as well. And encrypted channels between Tomcat and its database hosts.

Unfortunately, I've never seen any good documentation on such niceties. Not the encrypted databases - we helped (I hope) someone with that fairly recently. I meant the encrypted http channels.

I'm not sure that mod_jk supports any encryption beyond simply using its own private data format. In theory, at least, mod_proxy could be using Tomcat+SSL. Again, nobody ever wrote anything on this topic that I've seen.
 
marius tanislav
Greenhorn
Posts: 15
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi Tim,
i am sorry that i wrote mistakenly in server.xml.
correct is
<Connector port="8080" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="8443" />


<Host name="localhost" appBase="webapps"
unpackWARs="true" autoDeploy="true">
</Host>

even in this case when i have apache and tomcat on the same server,i am not able to retrieve my index.html file.i have ssl+apache and plain tomcat.
is https://www.vucni.com:80 correct to access index.html?

is better to use mod_proxy instead mod_jk in this case or when i use apache as loadbalancer?
thanks,
marius
 
Tim Holloway
Saloon Keeper
Posts: 24867
174
Android Eclipse IDE Tomcat Server Redhat Java Linux
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
A "https://anything:80" is a questionable URL, since port 80 is the standard port for http, not https. Https standard port is 443.

If I request a site by its base URL - say "http://www.javaranch.com", the mechanism for determining what page to return by default depends on several things.

If the Apache server's proxying (and possibly redirection) rules are set a certain way, it will be Apache that returns the default page. If the rules are set so that everything addressed to virtual host "www.javaranch.com" goes through mod_jk (or mod_proxy), then Tomcat will make the determination. In that case, Tomcat will serve up the "welcome-page" as defined in the target webapp's web.xml file. Or a "404", if none was defined. The welcome URL should ideally be an HTML or a JSP page. If it's a servlet (including the dispatcher servlet for frameworks like Struts and JSF), some versions of Tomcat may not process it properly, since requests that Tomcat itself resolves don't go through the same processing paths as "normal" URL requests (where Tomcat simply routes the request to the webapp).

On mod_proxy versus mod_jk, mod_proxy at least at one time was looked upon as the replacement for mod_jk. Then again, once there was a mod_jk3 and that one was abandoned and we had to revert to jk2. A superficial knowledge of the 2 modules makes me suspect that mod_jk might have more options for clustering backend Tomcats, but I may be just mistaking complexity for something that's easily done by standard means when you have a general proxy service.
 
marius tanislav
Greenhorn
Posts: 15
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi Tim,
Before i close this thread i like to clarify something.

i configured httpd.conf like below:
Listen 99
<VirtualHost *:99>
ServerName www.vucni.com
ProxyPass /u http://vucni66.localdomain:8000/u/sample/
ProxyPassReverse /u http://vucni66.localdomain:8000/u/sample/
ProxyPass /v http://localhost:8443
ProxyPassReverse /v http:://localhost:8443
SSLEngine on
SSLProxyEngine on
SSLCertificateFile "/etc/httpd/cacert.pem"
SSLCertificateKeyFile "/etc/httpd/privkey.pem"
</VirtualHost>


I configured server.xml with connector 8000 like below and in this case apache+ssl and tomcat is working.-https://www.vucni.com:99/u/

<Connector port="8000" protocol="HTTP/1.1"
connectionTimeout="20000" enableLookups="false" acceptCount="100" proxyPort="99" />
If i configure the connector 8000 like below,it does not works.Please why?

<Connector port="8000"
maxThreads="150" SSLEnabled="false" scheme="https" secure="false"
proxyPort="99"
proxyName="www.vucni.com"
enableLookups="true" acceptCount="100" />


<Host name="vucni66.localdomain" appBase="u"
unpackWARs="true" autoDeploy="true">
</Host>
Context file is u.xml in conf/Catalina/vucni66.localdomain/
<Context docBase="/root/apache-tomcat-7.0.61/u" />




thanks,
marius
 
With a little knowledge, a cast iron skillet is non-stick and lasts a lifetime.
reply
    Bookmark Topic Watch Topic
  • New Topic