Hi Rainer, and thanks for trying to help me.
I had been trying most of what you wrote, and it still looked like it
was tomcat, but there was one thing that struck me while doing all
these tests/changes
mod_jk transfers the knowledge of the hostname and port used in Apache
htpd to the AJP connector, so that self referring URLs can be produced
correctly.
Comparing my virtualhost definition
VirtualHost *:443
ServerName demo.mydomain
JkMount /* worker1
/VirtualHost
with one provided with the installation for squirrelmail (php based)
I did some changes to my virtualhost
IfModule mod_ssl.c
VirtualHost *:443
ServerName demo.mydomain
JkMount /* worker1
SSLEngine on
SSLProtocol all -SSLv2
SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW
SSLCertificateFile /etc/pki/tls/certs/localhost.crt
SSLCertificateKeyFile /etc/pki/tls/private/localhost.key
/VirtualHost
/IfModule
and Voila, now it works...
apparently https WAS working without all of this SSL parameters, but
mod_jk sent the wrong information to the server.
so even if your suggestions on what to check did not leave me to an
answer, your message still helped :-)
Rainer Jung wrote:
Hi Christian,
with the combination of mod_jk and AJP connector, this should not
happen. mod_jk transfers the knowledge of the hostname and port used
in Apache htpd to the AJP connector, so that self referring URLs can
be produced correctly. Even the attributes redirectPort and scheme
should not be necessary. I would also remove the secure attribute.
As far as I can remember, that one also gets set by mod_jk/AJP (true,
if communication against apache httpd was encrypted). There is an
attribute called proxyPort, but for the AJP connector this normally
works automatically.
So I would expect, that if the redirect is really what comes back,
this gets produced by some other component:
- proxy
- Apache httpd itself
- Some web framework used by your app
I would:
- check what is really coming back. You canuse a comandline client
like e.g. curl, that exists in an ssl enabled version and is able to
showyou the raw response
- check whether the requests was really handled by Tomcat, e.e. by
adding an access log to Tomcat and checking if the request gets logged
there
- check, whether the http to https redirect works for a simple hello
world webapp.
HTH.
Regards,
Rainer
Christian Andersson wrote:
Hi there I have a problem with tomcat, but first version information for
some of the applications used.
Apache/2.2.3 (Mandriva Linux/PREFORK-1.1.20060mlcs4)
Apache Tomcat/6.0.13
java version 1.6.0_01
Java(TM) SE Runtime Environment (build 1.6.0_01-b06)
Java HotSpot(TM) 64-Bit Server VM (build 1.6.0_01-b06, mixed mode)
I have setup apache httpd to only answer on port 443 using https
and I have several virtual hosts.
one of them I have setup to use mod_jk to connect to tomcat using this
configuration
VirtualHost *:443
ServerName demo.mydomain
JkMount /* worker1
/VirtualHost
in tomcat I have only configured this single connector
Connector port=8009 protocol=AJP/1.3 secure=true scheme=https
redirectPort=443/
now, everything works allright, I can surf to the server using the
following url..
https://demo.mydomain/mywebapp/
and everything works.
HOWEVER, I have 2 problems with this setup and that is, IF I surf to the
same address but forgets to add that last /
(https://demo.mydomain/mywebapp) tomcat redirects the browser to surf to
the correct url (add the ending /) BUT the url it sends to the browser
is WRONG!!! it is not sending https://demo.mydomain/mywebapp/ as one
could suppose, it is sending https://demo.mydomain:80/mywebapp/
(atleast that is what I suppose is happening.. sicne I cannot check what
is being sent on the Ethernet, since that is encrypted, however firefox
tries to connect to that url.)
I also got the same problem in my forms based login
when the browser is sending the login form, it gets a redirect from the
server with the port 80 instead of no port
if I remove the :80 in the url I get the real page, and I am logged in..
so somewhere (I think it is tomcat) the browser is told to go to port 80
can anyone help me with this?
-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
