Re: Tomcat 5.5 and secure=true
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Dear Filip, Thanks for the info! This was what I was planning on doing with Tomcat 5.5. I have now gone back to use mod_proxy_ajp. (I can not migrate to Tomcat 6.0 for political reasons)... Regards Andrew On 29/03/2007, at 9:54 PM, Filip Hanik - Dev Lists wrote: With tomcat 6, you could do this: 1. For non SSL traffic Just ProxyPass to tomcat like always (set ProxyPreserveHost On) Connector protocol=org.apache.coyote.http11.Http11NioProtocol port=8080 proxyPort=80 2. For SSL traffic Proxy pass to another connector setup like this Connector protocol=org.apache.coyote.http11.Http11NioProtocol secure=true scheme=https SSLEnabled=false port=8081 proxyPort=443 SSLEnabled=false, means it is http, not https, but request.getScheme - will return https request.isSecure - will return true request.getServerPort - will return 443 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (Darwin) iD8DBQFGDP49W126qUNSzvURAogwAJ4vXzAmgsitlChwJGdkRv5FrZknEQCeK0S+ GLECaDbMWsDKc8xgFL5GmHQ= =trjH -END PGP SIGNATURE- - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Tomcat 5.5 and secure=true
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Dear List, After reading all the comments regarding mod_proxy_ajp, I am currently looking at migrating to mod_proxy_http. The application uses isSecure to check whether the request is an HTTPS connection or not. Therefore, I have created 2 virtual servers in Apache HTTPD and created proxy entries from port 80 - port 8080, and from 443 - port 8081. What I do not understand however is why does setting secure to true, require the presence of a keystore? See below Thanks Andrew Connector port=8080 maxHttpHeaderSize=8192 maxThreads=150 minSpareThreads=25 maxSpareThreads=75 enableLookups=false acceptCount=100 connectionTimeout=2 disableUploadTimeout=true / Connector port=8081 maxHttpHeaderSize=8192 secure=true maxThreads=150 minSpareThreads=25 maxSpareThreads=75 enableLookups=false acceptCount=100 connectionTimeout=2 disableUploadTimeout=true / Mar 29, 2007 4:18:56 PM org.apache.coyote.http11.Http11BaseProtocol init INFO: Initializing Coyote HTTP/1.1 on http-8080 Mar 29, 2007 4:18:56 PM org.apache.coyote.http11.Http11BaseProtocol init SEVERE: Error initializing endpoint java.io.FileNotFoundException: /home/tomcat/.keystore (No such file or directory) at java.io.FileInputStream.open(Native Method) at java.io.FileInputStream.init(FileInputStream.java:106) at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getStore (JSSESocketFactory.java:279) at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeystore (JSSESocketFactory.java:222) at org.apache.tomcat.util.net.jsse.JSSE14SocketFactory.getKeyManagers (JSSE14SocketFactory.java:141) at org.apache.tomcat.util.net.jsse.JSSE14SocketFactory.init (JSSE14SocketFactory.java:109) at org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSocket (JSSESocketFactory.java:88) at org.apache.tomcat.util.net.PoolTcpEndpoint.initEndpoint (PoolTcpEndpoint.java:292) at org.apache.coyote.http11.Http11BaseProtocol.init (Http11BaseProtocol.java:138) at org.apache.catalina.connector.Connector.initialize (Connector.java:1016) at org.apache.catalina.core.StandardService.initialize (StandardService.java:580) at org.apache.catalina.core.StandardServer.initialize (StandardServer.java:791) at org.apache.catalina.startup.Catalina.load(Catalina.java:503) at org.apache.catalina.startup.Catalina.load(Catalina.java:523) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke (NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke (DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:585) at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java: 266) at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java: 431) -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (Darwin) iD8DBQFGC8xTW126qUNSzvURAkUlAKCNQUiK337W8rYgOvvRN0Yjq56s5gCaArYa TiJ2D/rimimeGMuPB3hjQ10= =eG6k -END PGP SIGNATURE- - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat 5.5 and secure=true
Andrew Miehs wrote: After reading all the comments regarding mod_proxy_ajp, I am currently looking at migrating to mod_proxy_http. The application uses isSecure to check whether the request is an HTTPS connection or not. But you obviously didn't read all the comments. You will need to set up the whole bunch of headers in Apache and create your own Servlet filter in Tomcat to be able to use that. Regards, Mladen. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat 5.5 and secure=true
With tomcat 6, you could do this: 1. For non SSL traffic Just ProxyPass to tomcat like always (set ProxyPreserveHost On) Connector protocol=org.apache.coyote.http11.Http11NioProtocol port=8080 proxyPort=80 2. For SSL traffic Proxy pass to another connector setup like this Connector protocol=org.apache.coyote.http11.Http11NioProtocol secure=true scheme=https SSLEnabled=false port=8081 proxyPort=443 SSLEnabled=false, means it is http, not https, but request.getScheme - will return https request.isSecure - will return true request.getServerPort - will return 443 Do you need more? Filip Mladen Turk wrote: Andrew Miehs wrote: After reading all the comments regarding mod_proxy_ajp, I am currently looking at migrating to mod_proxy_http. The application uses isSecure to check whether the request is an HTTPS connection or not. But you obviously didn't read all the comments. You will need to set up the whole bunch of headers in Apache and create your own Servlet filter in Tomcat to be able to use that. Regards, Mladen. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]