Comments inline
On 05.08.2010 03:30, Leon Kolchinsky wrote:
Hi,
Hmm.
Interesting.
Of course I'd like to make it work with "simple configuration" or/and with
JkHTTPSIndicator.
I'm just not clear on how to make this "simple configuration".
As I've said there is no SSL handling on the server side. All SSL request
handled on the load balance level which in turn talks to Apache (configured
to talk to Tomcat via mod_jk) via http.
myserv.mydomain.com - Tomcat server's Domain name
sakai-stg.mydomain.com - Load balancer's Domain name
Clients coming to Load Balancer's URL https://sakai-stg.mydomain.com need to
use internal links (submit forms etc.) which appear as http://
sakai-stg.mydomain.com/..... on the served pages.
Submitting forms is not working in that scenario since the links should look
like this inside the pages - https://sakai-stg.mydomain.com/.....
Please see my mod_jk.conf, workers.properties, 01myserv.mydomain.com.conf
files below.
Can you come up with a solution without using mod_substitute as I do now?
[r...@myserv mod_sed]# cat /etc/httpd/conf/mod_jk.conf
LoadModule jk_module modules/mod_jk.so
# mod_jk config
# Where to find workers.properties
# Update this path to match your conf directory location (put
workers.properties next to httpd.conf)
JkWorkersFile /etc/httpd/conf/workers.properties
# Where to put jk shared memory
# Update this path to match your local state directory or logs directory
JkShmFile /var/log/httpd/mod_jk.shm
# Where to put jk logs
# Update this path to match your logs directory location (put mod_jk.log
next to access_log)
JkLogFile /var/log/httpd/mod_jk.log
Unrelated: you could use rotatelogs here, as in "CustomLog" or
"ErrorLog" to automatically rotate the files.
# Set the jk log level [debug/error/info]
JkLogLevel info
# Select the timestamp log format
JkLogStampFormat "[%a %b %d %H:%M:%S %Y] "
Unrelated: I would remove JkLogStampFormat. Since a few years mod_jk
will log sub second timestamps by default, but this format disables that.
#JkOptions indicate to send SSL KEY SIZE,
JkOptions +ForwardKeySize +ForwardURICompat -ForwardDirectories
Unrelated: You should remove "+ForwardURICompat" unless you understand
what it does and that you will definitely need it.
# JkRequestLogFormat set the request format
JkRequestLogFormat "%w %V %T"
Unrelated: Don't like the JkRequestFormat. Instead would use so called
"notes" to add the info directly to the access log.
# Globally deny access to the WEB-INF directory
<LocationMatch '.*WEB-INF.*'>
AllowOverride None
deny from all
</LocationMatch>
Unrelated: The application directory usually should not be reachable at
all by Apache.
[r...@myserv mod_sed]#
[r...@myserv mod_sed]# cat /etc/httpd/conf/workers.properties
#
# This file provides minimal jk configuration properties needed to
# connect to Tomcat.
#
# We define a workers named worker1 and worker2
workers.tomcat_home=/srv/tomcat/
workers.java_home=/srv/jdk
ps=/
Unrelated: The above three are useless.
worker.list=worker1
worker.worker1.type=ajp13
worker.worker1.host=localhost
worker.worker1.port=8009
worker.worker1.lbfactor=1
Unrelated: That's very minimal.
# Load-balancing behaviour (add when you have more than 1 worker and change
worker.workerX.host and worker.list accordingly)
# worker.loadbalancer.type=lb
Unrelated: You are not actually using mod_jk load balancing here.
# Status worker for managing load balancer (add when you have more than 1
worker)
worker.status.type=status
Suggestion: grab the default workers.properties from the mod_jk 1.2.30
source download. It contains important hints about production ready
configuration.
[r...@myserv mod_sed]#
[r...@myserv mod_sed]# cat
/etc/httpd/conf/vhosts.d/01myserv.mydomain.com.conf
LoadModule substitute_module modules/mod_substitute.so
NameVirtualHost *:80
<VirtualHost *:80>
ServerName myserv.mydomain.com
ServerAdmin leon.kolchin...@mydomain.com
ServerAlias sakai-stg
# Just in case
DocumentRoot /srv/sakai
# if not specified, the global error log is used
ErrorLog /var/log/httpd/myserv.mydomain.com-error_log
CustomLog /var/log/httpd/myserv.mydomain.com-access_log combined
# don't loose time with IP address lookups
HostnameLookups Off
# needed for named virtual hosts
UseCanonicalName Off
# Add index.jsp to DirectoryIndex files
DirectoryIndex index.php index.html index.htm index.shtml index.php4
index.php3 index.phtml index.cgi index.jsp
JkMount /* worker1
Assuming that you always want Tomcat to assume https when a request came
in via this VirtualHost:
JkHTTPSIndicator FakeHTTPS
SetEnv FakeHTTPS On
(the module mod_env needs to be loaded).
AddOutputFilterByType SUBSTITUTE text/html
Substitute "s|http://myserv|https://sakai-stg|i"
Substitute "s|http://sakai-stg|https://sakai-stg|i"
Those three should then no longer be needed (if sakai behaves well).
</VirtualHost>
Regards,
Rainer
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
