-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Ted,
On 10/5/16 3:42 PM, TED SPRADLEY wrote: > Tomcat 7.0.68 Apache 2.4.6 CentOS 7.2.1511 Thanks. > Problem: A Tomcat application at context "/mycontext" on port 8081 > running through Apache proxy renders as expected when using > http://example.com/mycontext but https://example.com/mycontext call > renders "The requested URL /mycontext/ was not found on this > server." > > Question: Do I have a Tomcat Connector configuration problem? Or an > Apache proxy configuration problem? Or an Apache ssl.conf problem? > > Note: the CA issued certificate appears to be properly installed as > evidence by the lock icon in the url bar displaying "Verified by Š > " when doing a mouseover. > > Files: Httpd.conf - <VirtualHost *:80> ServerName www.example.com > ServerAlias *.example.com ProxyRequests off ProxyPass > /mycontext http://example.com:8081/mycontext ProxyPassReverse > /mycontext http://example.com:8081/mycontext </VirtualHost> > <VirtualHost *:443> ProxyRequests off ProxyPreserveHost on > SSLEngine on SSLCertificateFile /path/to/certs/ca.crt > SSLCertificateKeyFile /path/to/key/private/exampleDotCom.key > ServerName www.example.com ServerAlias *.example.com ProxyPass > /mycontext http://example.com:8081/mycontext ProxyPassReverse > /mycontext http://example.com:8081/mycontext </VirtualHost> On first inspection, that looks correct. > Tomcat's server.xml Connector <Connector port="8081" > protocol="HTTP/1.1" connectionTimeout="20000" > proxyName="www.example.com" proxyPort="80" redirectPort="8443" > xpoweredBy="false" server="Apache TomEE" /> That also looks correct. How have you deployed your actual application? > Ssl.conf - SSLEngine on > > SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5:!SEED:!IDEA > > SSLCertificateFile /path/to/certs/ca.crt > > SSLCertificateKeyFile /path/to/key/private/exampleDotCom.key > > SSLCACertificateFile /path/to/bundle/ca_bundle.crt Is ssl.conf actually included anywhere? You will probably also want to use the RemoteIPValve and possibly the SSLValve as well. Have a look at Tomcat's proxy support valves here: https://tomcat.apache.org/tomcat-7.0-doc/config/valve.html#Proxies_Suppo rt - -chris -----BEGIN PGP SIGNATURE----- Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJX9V9AAAoJEBzwKT+lPKRYL4YP/0KGogACGY7Ul3K59sMky8mz tKjFmBU+jLk6DgyvUv6wI5ZcCRLukZsN6vvDU2psiIpGruakQjLfDtiDyPKnBGb3 G6jmvdfCNPfp9eWRMAKvI90tEvZ10g8/Qbzfp7XZ8tAOuoFSkxyoVYRrZMCoLUYq UPCVsJQxhu5yFqzDzAz1AJN26b25Q2+F1W8GznCWz3pjmBjI44Y+y3FwlBVeayGZ QaXp+VCzsKw4RRlUy8uO6KH63GgLvNWFZM3gYE85231Eu9RhtQREZNQG/geufnSD 3fy6pSQ1GvP+o2giUEgS0ik3zYjzmomtGGpbDQH2wCMuXTMJbJBM4iQZnhZ6Wz1Z oDY6BRHvq+sTiEyJ4Ln6sKFymKccg3XSkwZ5UWHR+WA9NabyyEb7Li3AFYkpsyjk o93QgPNqbzVBEmbsQTlsb/pfPPc3KoeCDRm5SLtMmPn9zDWHg30q0MGYbz8U96r8 cojk8k634UQ+B2q36IZpcZh6Ah295bU+I73JUh6T9RF1EcN8PgqOcH4cC7S10fV+ fiFqdz8XmV372jiiY1jk2Ka6SdJiYUo/froCUHlaNIsThMZra+D6woK55PO0e1yF 0HCAMEGAH+bwhJB5UgUj/4rHdcVHO32GRuH0jKpUauhfBh6/k385C58iw4ONsxyG Iwa3OPXi7GUSCrWJ0lxr =m3nm -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
