JAVA TimeLord wrote:
Mohol by som Vas pripadne poprosit o casti Vasich konfiguracnych suborov, ci sa mi nepodari nieco v tom vysprtat, co by som mohol pouzit aj u seba?
httpd.conf:
LoadModule jk_module libexec/mod_jk.so
#mod_jk for Tomcat - general directives
#spojeni na ajp13://localhost:8009
JkWorkerProperty worker.list=t5
JkWorkerProperty worker.t5.type=ajp13
JkWorkerProperty worker.t5.host=localhost
JkWorkerProperty worker.t5.port=8009
JkLogFile "/var/log/httpd/default/mod_jk.log"
JkLogLevel warn
JkOptions +ForwardKeySize +ForwardURICompat -ForwardDirectories
...
<VirtualHost _default_:443>
...
SSLEngine on
SSLCipherSuite ALL:!ADH:!EXP56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP
SSLCertificateFile /etc/httpd/ssl/cert.pem
SSLCertificateKeyFile /etc/httpd/ssl/key.pem
SSLCertificateChainFile /etc/httpd/ssl/cesnetca.pem
SetEnvIf User-Agent ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
...
JkMount /osobni/* t5
JkEnvVar REMOTE_USER "-"
To je vsecko podstatne. V TomCatu standardni AJP13 konektor.
Na urcitych URL chci jeste klientsky certifikat, tak mam jeste
<Location "/osobni/voce/*">
SSLRequireSSL
SSLVerifyClient optional_no_ca
SSLOptions +ExportCertData +StdEnvVars +OptRenegotiate
</Location>
ale to asi neni vas pripad. Uvadim to jenom pro ilustraci, ze
SSLOptions nejsou potreba pro isSecure().
Kdyz tak si napiste CGI programek, ktery vypise vsechny promenne
prostredi, napr.
#!/bin/sh
echo 'Content-type: text/plain'
echo
env
a podivejte se, jake promenne Apache skutecne exportuje.
Makub
--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Supercomputing Center Brno Martin Kuba
Institute of Computer Science email: [EMAIL PROTECTED]
Masaryk University http://www.ics.muni.cz/~makub/
Botanicka 68a, 60200 Brno, CZ mobil: +420-603-533775
--------------------------------------------------------------
smime.p7s
Description: S/MIME Cryptographic Signature
