Hello,
I've got a Tomcat 5 / Apache 2 / jk2 server which has been serving several different virtual hosts which share a common IP address. I now need to implement my first SSL-protected website on this machine, and I am working under the assumption that this site must have a dedicated IP address in order for SSL to work. First of all, is this assumption correct?
But I haven't gotten to the part of setting up the SSL connector yet, I'm struggling with the IP address routing at the moment. Assuming that I do indeed need to have this site on a separate IP, how do I configure Apache, jk2 and Tomcat to work with the additional IP address without interrupting the existing name-based virtual hosts? Relevant sections of my configuration are below. name-based-client1.com and name-based-client2.com are working as desired already, but IP-ssl-client.com is not responding to requests.
One thing that confuses me: I found instructions on how to setup Tomcat to work with another IP by creating another Connector in server.xml, but if I setup a new Connector, how can jk2 route the requests from Apache, rather than Tomcat handling it entirely? Do I need to modify workers2.properties instead and leave server.xml as is? It seems like this approach would lead to a standalone Tomcat intercepting requests to that IP, but I definitely need Apache to handle the requests before redirecting JSP requests to Tomcat.
TIA, Troy
server.xml:
...
<Host name="name-based-client1.com" debug="0" appBase="webapps" unpackWARs="true">
<Alias>www.name-based-client1.com</Alias>
<Logger className="org.apache.catalina.logger.FileLogger" directory="logs" prefix="name-based-client1.com." suffix=".log" timestamp="true"/>
<Context path="" docBase="name-based-client1.com" debug="0" reloadable="true"/>
</Host>
<Host name="name-based-client2.com" debug="0" appBase="webapps" unpackWARs="true">
<Alias>www.name-based-client2.com</Alias>
<Logger className="org.apache.catalina.logger.FileLogger" directory="logs" prefix="name-based-client2.com." suffix=".log" timestamp="true"/>
<Context path="" docBase="name-based-client2.com" debug="0" reloadable="true"/>
</Host>
<Host name="IP-ssl-client.com" debug="0" appBase="webapps" unpackWARs="true">
<Alias>www.IP-ssl-client.com</Alias>
<Logger className="org.apache.catalina.logger.FileLogger" directory="logs" prefix="IP-ssl-client.com." suffix=".log" timestamp="true"/>
<Context path="" docBase="IP-ssl-client.com" debug="0" reloadable="true"/>
</Host>
...
httpd.conf: ... <VirtualHost *:80> DocumentRoot /usr/local/tomcat/webapps/name-based-client1.com ServerName name-based-client1.com ServerAlias www.name-based-client1.com DirectoryIndex index.jsp index.html index.cgi index.php CustomLog logs/name-based-client1.com_access_log combined ErrorLog logs/name-based-client1.com_error_log <LocationMatch "/*.jsp"> JkUriSet worker ajp13:localhost:8009 </LocationMatch>
ScriptAlias /cgi-bin/ /usr/local/tomcat/webapps/name-based-client1.com/cgi-bin/
<Directory "/usr/local/tomcat/webapps/name-based-client1.com/cgi-bin">
AllowOverride None
Options None
Order allow,deny
Allow from all
</Directory>
<Directory /usr/local/tomcat/webapps/name-based-client1.com/logs>
AllowOverride AuthConfig
</Directory>
</VirtualHost>
<VirtualHost *:80> DocumentRoot /usr/local/tomcat/webapps/name-based-client2.com ServerName name-based-client2.com ServerAlias www.name-based-client2.com DirectoryIndex index.jsp index.html index.cgi index.php CustomLog logs/name-based-client2.com_access_log combined ErrorLog logs/name-based-client2.com_error_log <LocationMatch "/*.jsp"> JkUriSet worker ajp13:localhost:8009 </LocationMatch>
ScriptAlias /cgi-bin/ /usr/local/tomcat/webapps/name-based-client2.com/web/cgi-bin/
<Directory "/usr/local/tomcat/webapps/name-based-client2.com/web/cgi-bin">
AllowOverride None
Options None
Order allow,deny
Allow from all
</Directory>
<Directory /usr/local/tomcat/webapps/name-based-client2.com/logs>
AllowOverride AuthConfig
</Directory>
</VirtualHost>
Listen 192.168.1.2:80
<VirtualHost 192.168.1.2:80>
DocumentRoot /usr/local/tomcat/webapps/IP-ssl-client.com
ServerName IP-ssl-client.com
DirectoryIndex index.jsp index.html index.cgi index.php
CustomLog logs/IP-ssl-client.com_access_log combined
ErrorLog logs/IP-ssl-client.com_error_log
<LocationMatch "/*.jsp">
JkUriSet worker ajp13:localhost:8009
</LocationMatch>
ScriptAlias /cgi-bin/ /usr/local/tomcat/webapps/IP-ssl-client.com/cgi-bin/
<Directory "/usr/local/tomcat/webapps/IP-ssl-client.com/cgi-bin">
AllowOverride None
Options None
Order allow,deny
Allow from all
</Directory>
<Directory /usr/local/tomcat/webapps/IP-ssl-client.com/logs>
AllowOverride AuthConfig
</Directory>
</VirtualHost>
...
workers2.properties:
[shm]
info=Scoreboard. Requried for reconfiguration and status with multiprocess servers.
file=anon
# Defines a load balancer named lb. Use even if you only have one machine.
[lb:lb]
# Example socket channel, override port and host. [channel.socket:localhost:8009] port=8009 host=127.0.0.1
# define the worker [ajp13:localhost:8009] channel=channel.socket:localhost:8009 group=lb
# Map the Tomcat examples webapp to the Web server uri space [uri:/examples/*] group=lb
[status:] info=Status worker, displays runtime information
[uri:/jkstatus/*] info=The Tomcat /jkstatus handler group=status:
__________________ Troy Davis Technology Director Metaphor Studio 538 Reading Road Loft 200 Cincinnati, Ohio 45202
Tel: 513-723-0290 Fax: 513-723-0670 http://metaphorstudio.com
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]