Hi,
Thanks for the response.
apache is listening on standard port 80. Tomcat is listening on standard
port 8080 with a redirect to 8443 for SSL connections. So the request
http://www.app2.com comes in on port 80 (apache) and then the mod_jk
connector forwards this request to 8080 (which is then redirected to
8443). The web.xml file of app2 specifies the security-constraint to
ensure all pages are SSL encrypted.
Snippets from all the relevant files are shown below (with tags to
indicate start and end of each file).
<!--START Apache Virtual Hosting Snippet-->
<VirtualHost *:80>
ServerName www.app2.net
DocumentRoot /var/www/www.app2.net/html
ServerAdmin [EMAIL PROTECTED]
ErrorLog /var/log/httpd/www.app2.net-error_log
CustomLog /var/log/httpd/www.app2.net-access_log common
JkMount / worker1
JkMount /* worker1
</VirtualHost>
<VirtualHost *:80>
ServerName www.app1.ca
DocumentRoot /var/www/www.app1.ca/html
ServerAdmin [EMAIL PROTECTED]
ErrorLog /var/log/httpd/www.app1.ca-error_log
CustomLog /var/log/httpd/www.app1.ca-access_log common
JkMount / worker1
JkMount /* worker1
</VirtualHost>
<!--END Apache Virtual Hosting Snippet-->
<!--START Tomcat Connector/Virtual Hosting Snippet-->
<Connector port="8080" maxHttpHeaderSize="8192"
maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
enableLookups="false" redirectPort="8443" acceptCount="100"
connectionTimeout="20000" disableUploadTimeout="true" />
<!-- Note : To disable connection timeouts, set connectionTimeout value
to 0 -->
<!-- Define a SSL HTTP/1.1 Connector on port 8443 -->
<Connector port="8443" maxHttpHeaderSize="8192"
maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
enableLookups="false" disableUploadTimeout="true"
acceptCount="100" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS"
keystoreFile="/home/rmerchant/cww.keystore" keystorePass="abcdef" />
<!-- Define an AJP 1.3 Connector on port 8009 -->
<Connector port="8009"
enableLookups="false" redirectPort="8443"
protocol="AJP/1.3" />
<Host name="www.app2.net" appBase="/home/app2/webapp"
unpackWARs="true" autoDeploy="true"
xmlValidation="false" xmlNamespaceAware="false">
</Host>
<Host name="www.app1.ca" appBase="/home/app1/webapp"
unpackWARs="true" autoDeploy="true"
xmlValidation="false" xmlNamespaceAware="false">
</Host>
<Listener className="org.apache.jk.config.ApacheConfig"
modJk="/usr/lib/httpd/modules/mod_jk.so"
workersConfig="/etc/httpd/conf/workers.properties"/>
<!--END Tomcat Connector/Virtual Hosting Snippet-->
<!--START WORKERS.PROPERTIES FILE-->
workers.tomcat_home=/usr/local/tomcat
workers.java_home=/usr/local/java
ps=/
worker.list=worker1
worker.worker1.port=8009
worker.worker1.host=localhost
worker.worker1.type=ajp13
worker.worker1.lbfactor=1
worker.loadbalancer.type=lb
worker.loadbalancer.balanced_workers=worker1
worker.inprocess.type=jni
worker.inprocess.class_path=$(workers.tomcat_home)$(ps)lib$(ps)tomcat.jar
worker.inprocess.cmd_line=start
worker.inprocess.jvm_lib=$(workers.java_home)$(ps)jre$(ps)lib$(ps)i386$(ps)classic$(ps)libjvm.so
worker.inprocess.stdout=$(workers.tomcat_home)$(ps)logs$(ps)inprocess.stdout
worker.inprocess.stderr=$(workers.tomcat_home)$(ps)logs$(ps)inprocess.stderr
<!--END WORKERS.PROPERTIES FILE-->
<!--WEB.XML SNIPPET FOR APP2-->
<security-constraint>
<web-resource-collection>
<web-resource-name>app2</web-resource-name>
<url-pattern>/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
Wade Chandler wrote:
--- Rizwan Merchant <[EMAIL PROTECTED]>
wrote:
We are running tomcat 5.5.16 on Fedora Core 4 OS. We
just installed
apache2.0 as a front to serve the pages using the
mod_jk connector.
There are 2 apps on tomcat (virtual hosting), one of
which needs to be
SSL enabled (lets say app1 and app2, app2 is the one
that needs to be
SSL enabled).
Everything seems to be working fine on FireFox, both
apps can be
accessed fine. When we access www.app1.com pages are
served as expected,
and when we access www.app2.com the browser detects
the certificate and
switches to https
But things are not well when it comes to IE.
www.app1.com works the same
as FF, and the app can be accessed. But when we try
to access
www.app2.com, IE shows the certificate and asks if
we would like to
proceed. When we click on 'Yes', the browser cannot
find the app after
that and returns "Page cannot be displayed error".
Also, directly
accessing the https site by using the URL
https://www.app2.com:8443
works fine on IE as well.
so its basically the switching from http to https
for app2 that doesnt
seem to work.
I dont understand why this works on FF but not on
IE..!
I hope someone can shed some light on this. I can
post the httpd.conf ,
server.xml and workers.properties files if that
helps..
Thanks,
-Riz.
Not sure what you mean that the browser detects the
certificate and then changes to https. Also the
standard https port is 443 and not 8443, so I'm not
sure how anything would automatically think
https://www.app2.com would be linked to
https://www.app2.com:8443 when the default would be
https://www.app2.com:443 (https://www.app2.com). I
can't tell you why it works in FF, but given what you
have provided I would not expect FF to work actually.
Are you using a redirect or javascript to reload the
page or something to redirect the http to your https
site?
Wade
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
