Cliff,
Thanks for the information, however, for some reason, the httpd.conf file
scoffs at the <Location> tag giving me an Invalid Command error and also
suggesting that it is either mis-spelled or defined by a module that isn't
included in the server configuration.
I've checked, and from what I can tell, I've included all the modules
needed. Is there something I'm missing? Also, surely the SSLRequireSSL
command that comes between the <Location> tags isn't the only command needed
is it?
On another note, before I started trying things this way, yesterday I had
moderate success with putting the /examples app behind SSL, however, when I
browsed to myhost/examples in SSL, I couldn't browse to the actual examples
themselvs.. the jsp examples or the servelet examples.. what gives?
For all.. here's my current httpd.conf and tomcat.conf respectively (the
important bits only of course).
httpd.conf
(virtual host section)
<VirtualHost mydomain:443>
ServerAdmin [EMAIL PROTECTED]
DocumentRoot /usr/local/jakarta/jakarta-tomcat/webapps/ROOT (I recently
changed to the ROOT app to see if I could get to the JSP and Servlet
examples this way, but no dice.. am I going to have to mount /examples in
this document root as well? Incidentally, this seems to successfully place
most of Tomcat behind SSL)
ServerName yadda.yadda.com
ErrorLog yadda/yadda.log
TransferLog yadda/yadda.log
SSLCertificationFile /yadda/yadda/snake-oil-cert
SSLCertificationKeyFile /yadda/yadda/snake-oil-key
</VirtualHost>
Include /usr/local/jakarta/jakarta-tomcat/conf/tomcat.conf
<IfModule mod_jserv.c>
ApJServLogFile DISABLED
Include /etc/jserv/jserv.conf
</IfModule>
Now.. for the Tomcat.conf file....
LoadModule jserv_module libexec/mod_jserv.so
<IfModule mod_jserv.c>
ApJServManual on
ApJservDefaultProtocal ajpv12
ApJServSecretKey DISABLED
ApJservMountCopy on
ApJServLogLevel notice
ApJServMount default /root
AddType text/jsp .jsp
AddHandler jserv-servlet .jsp
ApJServMount ajpv12://ipaddressofmylinuxbox:443/examples
--------------
So there you all have it... there has got to be a good way to put Tomcat
exclusively behind SSL without having to hard code every servlet to use
HttpServletRequest.getAuthType()and ServletRequest.isSecure(). Perhaps
there is and I'm just missing the mark completely, I'm not sure.
Anyway - thanks in advance for all the help!
Tim Willis
IS Technician
Code Rite
[EMAIL PROTECTED]
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On
Behalf Of Cliff Woolley
Sent: Tuesday, June 06, 2000 16:08
To: [EMAIL PROTECTED]
Subject: RE: Mod_SSL+Tomcat
Cliff Woolley
Central Systems Software Administrator
Washington and Lee University
http://www.wlu.edu/~jwoolley/
Work: (540) 463-8089
Pager: (540) 462-2303>>> [EMAIL PROTECTED] 06/06/00 03:54AM >>>
>Include the mod_jserv/tomcat stuff in httpd.conf
>in the SSL block ...
>(ie between <IfDefine SSL> and </IfDefine>)
Errr... not quite. =-) Anything within <IfDefine> is executed if that -D
command line argument to apache is present. So with your method, the
jserv/tomcat stuff would be enabled if the -DSSL argument were given to
apache, and disabled otherwise, regardless of whether the individual
requestion *used* SSL or not.
The previous response had it right... put the configuration for the
servlets/jsps within the <VirtualHost> block of the VirtualHost that
requires SSL, like this: (Note: my example uses the JServ directive
"ApJServMount" to illustrate because I'm uncertain of the Tomcat syntax,
though the idea is the same.)
<VirtualHost my.secure.site.com:443>
SSLEngine on
# other SSL commands
<Location />
SSLRequireSSL
</Location>
ApJServMount /servlet ajpv12://localhost:8007/myservletzone
</VirtualHost>
By these means, the servlet is only mapped into the namespace of the
SSL-protected virtual host and no other. Now, protecting direct access to
port 8007 (ie, bypassing apache altogether) is another matter entirely. =-)
Hope this helps.
--Cliff
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
