We've tried that. Unfortunately, it puts the Apache/Tomcat a looping re-direct. There's something amiss with how the Tomcat proxying port is working through Apache that I can't quite get my head around.
d. Yale CAS mailing list <[email protected]> writes: >Derek, > >Why don't you use Apache to handle the redirect (i.e. use a RewriteRule)? It >is probably easier. On the port 80 configuration just say if its /login >redirect to the https version of /login > >-Scott > >On 12/15/06, Derek Ethier <[ mailto:[EMAIL PROTECTED] >[EMAIL PROTECTED]> wrote: > >I've been struggling with this for a few days and I'm not any closer to a >solution. I am currently serving up CAS through Tomcat using mod_jk and Apache >2. > >Everything appears to be configured properly, and the re-direct will work >(with >the settings below) however, it uses the server name as the re-direct URL and >not the hostname specified in both the virtual host settings, the defaultHost >settings, or the workers.properties file. > >So, here's the setup: >Two virtual hosts, one for 80 and 443. Both have the ServerName value set to >the correct URL. The hosts themselves are set to <url>:80 and <url>:443. >Both have the following AJP settings: >JkMount /* ajp13 > >Only the port 80 host has the following: >JkAutoAlias /opt/apache-tomcat-5.5.20/webapps >Include /opt/apache-tomcat-5.5.20/conf/jk/mod_jk.conf-auto > >The workers.properties has the same host specified: >worker.list=ajp13 >worker.ajp13.port=8009 >worker.ajp13.host=<url> >worker.ajp13.type=ajp13 > >The server.xml file has the following connectors: > <!-- Define a non-SSL HTTP/1.1 Connector on port 8080 --> > <Connector port="8080" maxHttpHeaderSize="8192" > maxThreads="150" minSpareThreads="25" maxSpareThreads="75" > enableLookups="false" redirectPort="8443" acceptCount="100" > connectionTimeout="20000" disableUploadTimeout="true" /> > > <Connector port="8443" maxHttpHeaderSize="8192" > maxThreads="150" minSpareThreads="25" maxSpareThreads="75" > enableLookups="false" disableUploadTimeout="true" > acceptCount="100" scheme="https" secure="true" > clientAuth="false" sslProtocol="TLS" /> > > <!-- Define an AJP 1.3 Connector on port 8009 --> > <Connector port="8009" > enableLookups="false" redirectPort="443" protocol="AJP/1.3" /> > >In the web.xml in /cas/WEB-INF I have the following: > <security-constraint> > <web-resource-collection> > <web-resource-name>Automatic SLL >Forwarding</web-resource-name> > <url-pattern>/*</url-pattern> > </web-resource-collection> > <user-data-constraint> > <transport-guarantee> > CONFIDENTIAL > </transport-guarantee> > </user-data-constraint> > </security-constraint> > >Now, the redirect works but as I said, it doesn't use the <url> as specified >in >the workers.properties and virtual host ServerName. It uses the actual server >name which is not the proxied address to the WAN (so it doesn't work >externally). Something tells me that I may be taking a much longer route than >necessary to ensure that all traffic to the /cas/login URL is over HTTPS (I'd >prefer a re-direct than an all out block). So, anyone have any ideas or >suggestions? Sorry for the length of the email. > >d. > >_______________________________________________ >Yale CAS mailing list >[ mailto:[email protected] [EMAIL PROTECTED] >[ http://tp.its.yale.edu/mailman/listinfo/cas >]http://tp.its.yale.edu/mailman/listinfo/cas > > >_______________________________________________ >Yale CAS mailing list >[email protected] >http://tp.its.yale.edu/mailman/listinfo/cas _______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
