On 14 Apr 2012, at 22:50, Gautam <adva...@gmail.com> wrote: > We have a set up where we use apache web server to respond to secure (https) > web pages/services on server 1. For one particular service, we need to forward > the request to another server 2 on which we have tomcat running. > We have done this in order to maintain the URL scheme. Also we want to > resolve > the ssl on server 1 since all other services get resolved there and we don't > want > to deal with ssl on the > tomcat server for that one service. So for that one service we want to setup > apache as a proxy to tomact server. > > We took guidance from this blog in setting up our servers: > http://pwu- > developer.blogspot.in/2011/04/securing-tomcat-with-apache-web-server.html
It's not entirely accurate. Not sure why the author would refer to 5.5, either. > Here is our set up: > > On server 1 with Apache: > > The following directives have been enabled in the httpd.conf file. > > LoadModule proxy_module modules/mod_proxy.so > LoadModule proxy_http_module modules/mod_proxy_http.so > LoadModule proxy_connect_module modules/mod_proxy_connect.so Why add proxy_connect? > Further, the following two lines added in httpd conf file > > ProxyRequests Off > ProxyPreserveHost on > > Next, have the following lines in ssl.conf > > Listen 443 > <VirtualHost _default_:443> > SSLEngine on > SSLProxyEngine on > SSLCertificateFile /etc/pki/tls/certs/your_company_certificate.pem > SSLCertificateKeyFile /etc/pki/tls/certs/your_company_private_key.pem > ServerName my_company_domain_name > ProxyPass /app http://tomcat_server_ip:8443/app > ProxyPassReverse /app http://tomcat_server_ip:8443/app > </VirtualHost> > > Now in tomcat on server 2, we specified the following inside server.xml: > > <Connector port="8080" maxHttpHeaderSize="8192" maxThreads="150" > minSpareThreads="25" > maxSpareThreads="75" enableLookups="true" redirectPort="443" acceptCount="100" > connectionTimeout="20000" disableUploadTimeout="true"/> > > <Connector port="8443" maxHttpHeaderSize="8192" maxThreads="150" > minSpareThreads="25" > maxSpareThreads="75" enableLookups="true" acceptCount="100" > connectionTimeout="20000" > disableUploadTimeout="true" > scheme="https" > secure="false" > SSLEnabled="true" > proxyPort="443" > proxyName="my_company_domain_name" > /> You want SSLEnabled="false", I think. http://tomcat.apache.org/tomcat-7.0-doc/config/http.html p > All the pages/services on server 1 are working fine. Only one service which > is > supposed to run on server 2 is giving a 503 error. We think the https > handling > between the two server could be an issue. We repeated the configuration with > unsecure (port 80 on apache and corresponding 8080 on tomcat) setup but that > did not work either. Can someone throw a light on what we need to do on > tomcat > in order for it work seamlessly? > > Thanks, > > Gautam > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
