Tomcat + Apache + SSL
Hi, Where can I find info about configuring Tomcat 5 and Apache 2, so I can access apps thru SSL port 443. Do I need only to install a certificate in Apache and with port 443, the plugin connects directly. Thanks Lorenzo Jimenez _ Lorenzo A. Jimenez Briceno WebMaster Banco Internacional de Costa Rica ( (506) 243-1077 1 (506) 243-1075 - [EMAIL PROTECTED] BICSA ¡Un mundo de servicios financieros a su alcance! http://www.bicsa.com 7/1/2004 11:12 AM Este mensaje puede ser confidencial. Si usted no es la persona a quien se debió dirigir por favor notifíquenos de inmediato y borre el mensaje. BICSA no acepta responsabilidad legal por ningún daño causado por virus, errores u omisiones en el contenido de este mensaje. Todo uso o divulgación no autorizado está prohibido. Gracias. This message may be confidential. If you are not the intended recipient, please notify us immediately and delete this message. BICSA does not accept liability for any damage caused by virus, errors, or omissions in the contents of this message. Any unauthorized use or disclosure of its contents is prohibited. Thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Tomcat + Apache + SSL
http://jakarta.apache.org/tomcat/connectors-doc/jk2/index.html -Original Message- From: Lorenzo A. Jimenez Briceno [mailto:[EMAIL PROTECTED] Sent: Thursday, July 01, 2004 1:13 PM To: Tomcat Users List Subject: Tomcat + Apache + SSL Importance: High Hi, Where can I find info about configuring Tomcat 5 and Apache 2, so I can access apps thru SSL port 443. Do I need only to install a certificate in Apache and with port 443, the plugin connects directly. Thanks Lorenzo Jimenez _ Lorenzo A. Jimenez Briceno WebMaster Banco Internacional de Costa Rica ( (506) 243-1077 1 (506) 243-1075 - [EMAIL PROTECTED] BICSA ¡Un mundo de servicios financieros a su alcance! http://www.bicsa.com 7/1/2004 11:12 AM Este mensaje puede ser confidencial. Si usted no es la persona a quien se debió dirigir por favor notifíquenos de inmediato y borre el mensaje. BICSA no acepta responsabilidad legal por ningún daño causado por virus, errores u omisiones en el contenido de este mensaje. Todo uso o divulgación no autorizado está prohibido. Gracias. This message may be confidential. If you are not the intended recipient, please notify us immediately and delete this message. BICSA does not accept liability for any damage caused by virus, errors, or omissions in the contents of this message. Any unauthorized use or disclosure of its contents is prohibited. Thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Tomcat + Apache + SSL
Thanks. -Mensaje original- De: Lee, Paul NYC [mailto:[EMAIL PROTECTED] Enviado el: Jueves, 01 de Julio de 2004 11:30 a.m. Para: 'Tomcat Users List' Asunto: RE: Tomcat + Apache + SSL http://jakarta.apache.org/tomcat/connectors-doc/jk2/index.html -Original Message- From: Lorenzo A. Jimenez Briceno [mailto:[EMAIL PROTECTED] Sent: Thursday, July 01, 2004 1:13 PM To: Tomcat Users List Subject: Tomcat + Apache + SSL Importance: High Hi, Where can I find info about configuring Tomcat 5 and Apache 2, so I can access apps thru SSL port 443. Do I need only to install a certificate in Apache and with port 443, the plugin connects directly. Thanks Lorenzo Jimenez _ Lorenzo A. Jimenez Briceno WebMaster Banco Internacional de Costa Rica ( (506) 243-1077 1 (506) 243-1075 - [EMAIL PROTECTED] BICSA ¡Un mundo de servicios financieros a su alcance! http://www.bicsa.com 7/1/2004 11:12 AM Este mensaje puede ser confidencial. Si usted no es la persona a quien se debió dirigir por favor notifíquenos de inmediato y borre el mensaje. BICSA no acepta responsabilidad legal por ningún daño causado por virus, errores u omisiones en el contenido de este mensaje. Todo uso o divulgación no autorizado está prohibido. Gracias. This message may be confidential. If you are not the intended recipient, please notify us immediately and delete this message. BICSA does not accept liability for any damage caused by virus, errors, or omissions in the contents of this message. Any unauthorized use or disclosure of its contents is prohibited. Thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] _ Lorenzo A. Jimenez Briceno WebMaster Banco Internacional de Costa Rica ( (506) 243-1077 1 (506) 243-1075 - [EMAIL PROTECTED] BICSA ¡Un mundo de servicios financieros a su alcance! http://www.bicsa.com 7/1/2004 2:40 PM Este mensaje puede ser confidencial. Si usted no es la persona a quien se debió dirigir por favor notifíquenos de inmediato y borre el mensaje. BICSA no acepta responsabilidad legal por ningún daño causado por virus, errores u omisiones en el contenido de este mensaje. Todo uso o divulgación no autorizado está prohibido. Gracias. This message may be confidential. If you are not the intended recipient, please notify us immediately and delete this message. BICSA does not accept liability for any damage caused by virus, errors, or omissions in the contents of this message. Any unauthorized use or disclosure of its contents is prohibited. Thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Tomcat + Apache + SSL
I followed John Turner's Web page: http://johnturner.com/howto/apache2-tomcat4127-jk-rh9-how-to.html and it worked perfectly. This site is only for connecting Tomcat and apache through a connector. But not sure about the ssl. -Original Message- From: Lorenzo A. Jimenez Briceno [mailto:[EMAIL PROTECTED] Sent: Thursday, July 01, 2004 2:41 PM To: Tomcat Users List Subject: RE: Tomcat + Apache + SSL Importance: High Thanks. -Mensaje original- De: Lee, Paul NYC [mailto:[EMAIL PROTECTED] Enviado el: Jueves, 01 de Julio de 2004 11:30 a.m. Para: 'Tomcat Users List' Asunto: RE: Tomcat + Apache + SSL http://jakarta.apache.org/tomcat/connectors-doc/jk2/index.html -Original Message- From: Lorenzo A. Jimenez Briceno [mailto:[EMAIL PROTECTED] Sent: Thursday, July 01, 2004 1:13 PM To: Tomcat Users List Subject: Tomcat + Apache + SSL Importance: High Hi, Where can I find info about configuring Tomcat 5 and Apache 2, so I can access apps thru SSL port 443. Do I need only to install a certificate in Apache and with port 443, the plugin connects directly. Thanks Lorenzo Jimenez _ Lorenzo A. Jimenez Briceno WebMaster Banco Internacional de Costa Rica ( (506) 243-1077 1 (506) 243-1075 - [EMAIL PROTECTED] BICSA ¡Un mundo de servicios financieros a su alcance! http://www.bicsa.com 7/1/2004 11:12 AM Este mensaje puede ser confidencial. Si usted no es la persona a quien se debió dirigir por favor notifíquenos de inmediato y borre el mensaje. BICSA no acepta responsabilidad legal por ningún daño causado por virus, errores u omisiones en el contenido de este mensaje. Todo uso o divulgación no autorizado está prohibido. Gracias. This message may be confidential. If you are not the intended recipient, please notify us immediately and delete this message. BICSA does not accept liability for any damage caused by virus, errors, or omissions in the contents of this message. Any unauthorized use or disclosure of its contents is prohibited. Thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] _ Lorenzo A. Jimenez Briceno WebMaster Banco Internacional de Costa Rica ( (506) 243-1077 1 (506) 243-1075 - [EMAIL PROTECTED] BICSA ¡Un mundo de servicios financieros a su alcance! http://www.bicsa.com 7/1/2004 2:40 PM Este mensaje puede ser confidencial. Si usted no es la persona a quien se debió dirigir por favor notifíquenos de inmediato y borre el mensaje. BICSA no acepta responsabilidad legal por ningún daño causado por virus, errores u omisiones en el contenido de este mensaje. Todo uso o divulgación no autorizado está prohibido. Gracias. This message may be confidential. If you are not the intended recipient, please notify us immediately and delete this message. BICSA does not accept liability for any damage caused by virus, errors, or omissions in the contents of this message. Any unauthorized use or disclosure of its contents is prohibited. Thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Tomcat + Apache + SSL
Thanks Claudia, Do you know about TC5 and A2 -Mensaje original- De: Casas, Claudia [mailto:[EMAIL PROTECTED] Enviado el: Jueves, 01 de Julio de 2004 02:48 p.m. Para: Tomcat Users List Asunto: RE: Tomcat + Apache + SSL I followed John Turner's Web page: http://johnturner.com/howto/apache2-tomcat4127-jk-rh9-how-to.html and it worked perfectly. This site is only for connecting Tomcat and apache through a connector. But not sure about the ssl. -Original Message- From: Lorenzo A. Jimenez Briceno [mailto:[EMAIL PROTECTED] Sent: Thursday, July 01, 2004 2:41 PM To: Tomcat Users List Subject: RE: Tomcat + Apache + SSL Importance: High Thanks. -Mensaje original- De: Lee, Paul NYC [mailto:[EMAIL PROTECTED] Enviado el: Jueves, 01 de Julio de 2004 11:30 a.m. Para: 'Tomcat Users List' Asunto: RE: Tomcat + Apache + SSL http://jakarta.apache.org/tomcat/connectors-doc/jk2/index.html -Original Message- From: Lorenzo A. Jimenez Briceno [mailto:[EMAIL PROTECTED] Sent: Thursday, July 01, 2004 1:13 PM To: Tomcat Users List Subject: Tomcat + Apache + SSL Importance: High Hi, Where can I find info about configuring Tomcat 5 and Apache 2, so I can access apps thru SSL port 443. Do I need only to install a certificate in Apache and with port 443, the plugin connects directly. Thanks Lorenzo Jimenez _ Lorenzo A. Jimenez Briceno WebMaster Banco Internacional de Costa Rica ( (506) 243-1077 1 (506) 243-1075 - [EMAIL PROTECTED] BICSA ¡Un mundo de servicios financieros a su alcance! http://www.bicsa.com 7/1/2004 11:12 AM Este mensaje puede ser confidencial. Si usted no es la persona a quien se debió dirigir por favor notifíquenos de inmediato y borre el mensaje. BICSA no acepta responsabilidad legal por ningún daño causado por virus, errores u omisiones en el contenido de este mensaje. Todo uso o divulgación no autorizado está prohibido. Gracias. This message may be confidential. If you are not the intended recipient, please notify us immediately and delete this message. BICSA does not accept liability for any damage caused by virus, errors, or omissions in the contents of this message. Any unauthorized use or disclosure of its contents is prohibited. Thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] _ Lorenzo A. Jimenez Briceno WebMaster Banco Internacional de Costa Rica ( (506) 243-1077 1 (506) 243-1075 - [EMAIL PROTECTED] BICSA ¡Un mundo de servicios financieros a su alcance! http://www.bicsa.com 7/1/2004 2:40 PM Este mensaje puede ser confidencial. Si usted no es la persona a quien se debió dirigir por favor notifíquenos de inmediato y borre el mensaje. BICSA no acepta responsabilidad legal por ningún daño causado por virus, errores u omisiones en el contenido de este mensaje. Todo uso o divulgación no autorizado está prohibido. Gracias. This message may be confidential. If you are not the intended recipient, please notify us immediately and delete this message. BICSA does not accept liability for any damage caused by virus, errors, or omissions in the contents of this message. Any unauthorized use or disclosure of its contents is prohibited. Thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] _ Lorenzo A. Jimenez Briceno WebMaster Banco Internacional de Costa Rica ( (506) 243-1077 1 (506) 243-1075 - [EMAIL PROTECTED] BICSA ¡Un mundo de servicios financieros a su alcance! http://www.bicsa.com 7/1/2004 3:46 PM Este mensaje puede ser confidencial. Si usted no es la persona a quien se debió dirigir por favor notifíquenos de inmediato y borre el mensaje. BICSA no acepta responsabilidad legal por ningún daño causado por virus, errores u omisiones en el contenido de este mensaje. Todo uso o divulgación no autorizado está prohibido. Gracias. This message may be confidential. If you are not the intended recipient, please notify us immediately and delete this message. BICSA does not accept liability for any damage caused by virus, errors, or omissions in the contents of this message. Any unauthorized use or disclosure of its contents is prohibited. Thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Tomcat + Apache + SSL
I tried did try to install tomcat5 and apache2 with success following the same steps. BUT, I could not get the connector working since it is recommended that you use the jk2 connector when using tomcat5 already. If you get it working, please let me know. -Original Message- From: Lorenzo A. Jimenez Briceno [mailto:[EMAIL PROTECTED] Sent: Thursday, July 01, 2004 3:46 PM To: Tomcat Users List Subject: RE: Tomcat + Apache + SSL Importance: High Thanks Claudia, Do you know about TC5 and A2 -Mensaje original- De: Casas, Claudia [mailto:[EMAIL PROTECTED] Enviado el: Jueves, 01 de Julio de 2004 02:48 p.m. Para: Tomcat Users List Asunto: RE: Tomcat + Apache + SSL I followed John Turner's Web page: http://johnturner.com/howto/apache2-tomcat4127-jk-rh9-how-to.html and it worked perfectly. This site is only for connecting Tomcat and apache through a connector. But not sure about the ssl. -Original Message- From: Lorenzo A. Jimenez Briceno [mailto:[EMAIL PROTECTED] Sent: Thursday, July 01, 2004 2:41 PM To: Tomcat Users List Subject: RE: Tomcat + Apache + SSL Importance: High Thanks. -Mensaje original- De: Lee, Paul NYC [mailto:[EMAIL PROTECTED] Enviado el: Jueves, 01 de Julio de 2004 11:30 a.m. Para: 'Tomcat Users List' Asunto: RE: Tomcat + Apache + SSL http://jakarta.apache.org/tomcat/connectors-doc/jk2/index.html -Original Message- From: Lorenzo A. Jimenez Briceno [mailto:[EMAIL PROTECTED] Sent: Thursday, July 01, 2004 1:13 PM To: Tomcat Users List Subject: Tomcat + Apache + SSL Importance: High Hi, Where can I find info about configuring Tomcat 5 and Apache 2, so I can access apps thru SSL port 443. Do I need only to install a certificate in Apache and with port 443, the plugin connects directly. Thanks Lorenzo Jimenez _ Lorenzo A. Jimenez Briceno WebMaster Banco Internacional de Costa Rica ( (506) 243-1077 1 (506) 243-1075 - [EMAIL PROTECTED] BICSA ¡Un mundo de servicios financieros a su alcance! http://www.bicsa.com 7/1/2004 11:12 AM Este mensaje puede ser confidencial. Si usted no es la persona a quien se debió dirigir por favor notifíquenos de inmediato y borre el mensaje. BICSA no acepta responsabilidad legal por ningún daño causado por virus, errores u omisiones en el contenido de este mensaje. Todo uso o divulgación no autorizado está prohibido. Gracias. This message may be confidential. If you are not the intended recipient, please notify us immediately and delete this message. BICSA does not accept liability for any damage caused by virus, errors, or omissions in the contents of this message. Any unauthorized use or disclosure of its contents is prohibited. Thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] _ Lorenzo A. Jimenez Briceno WebMaster Banco Internacional de Costa Rica ( (506) 243-1077 1 (506) 243-1075 - [EMAIL PROTECTED] BICSA ¡Un mundo de servicios financieros a su alcance! http://www.bicsa.com 7/1/2004 2:40 PM Este mensaje puede ser confidencial. Si usted no es la persona a quien se debió dirigir por favor notifíquenos de inmediato y borre el mensaje. BICSA no acepta responsabilidad legal por ningún daño causado por virus, errores u omisiones en el contenido de este mensaje. Todo uso o divulgación no autorizado está prohibido. Gracias. This message may be confidential. If you are not the intended recipient, please notify us immediately and delete this message. BICSA does not accept liability for any damage caused by virus, errors, or omissions in the contents of this message. Any unauthorized use or disclosure of its contents is prohibited. Thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] _ Lorenzo A. Jimenez Briceno WebMaster Banco Internacional de Costa Rica ( (506) 243-1077 1 (506) 243-1075 - [EMAIL PROTECTED] BICSA ¡Un mundo de servicios financieros a su alcance! http://www.bicsa.com 7/1/2004 3:46 PM Este mensaje puede ser confidencial. Si usted no es la persona a quien se debió dirigir por favor notifíquenos de inmediato y borre el mensaje. BICSA no acepta responsabilidad legal por ningún daño causado por virus, errores u omisiones en el contenido de este mensaje. Todo uso o divulgación no autorizado está prohibido. Gracias. This message may be confidential. If you are not the intended recipient, please notify us immediately
RE: Tomcat / Apache / SSl
Software: Apache - 2.0.48 Tomcat - 4.1.29 OpenSSL - 0.9.6l [engine] 04 Nov 2003 Hi, I am trying to encrypt all data being transmitted from the client pc to the webserver, and also from the webserver to tomcat. I have only been working on tomcat for a couple of months but have experience on WebSphere. I have enabled ssl on both apache and on tomcat, and both are accessible directly: apache: https://host tomcat: https://host:8443 When I try set up a connector from apache to tomcat using port 8443 i get an Internal Server Error and the follwoing errors in the mod_jk log: [jk_ajp_common.c (661)]: In jk_endpoint_t::ajp_connect_to_endpoint, connected sd = 16 [jk_ajp_common.c (693)]: sending to ajp13 #358 [jk_ajp_common.c (966)]: ajp_send_request 2: request body to send 0 - request body to resend 0 [jk_ajp_common.c (755)]: ajp_connection_tcp_get_message: Error - Wrong message format 0x1503 [jk_ajp_common.c (1137)]: Error reading reply from tomcat. Tomcat is down or network problems. [jk_ajp_common.c (1290)]: ERROR: Receiving from tomcat failed, recoverable operation. err=2 [jk_ajp_common.c (1309)]: sending request to tomcat failed in send loop. err=2 [jk_ajp_common.c (1318)]: Error connecting to tomcat. Tomcat is probably not started or is listening on the wrong port. Failed errno = 0 [jk_ajp_common.c (1529)]: Into jk_endpoint_t::done, closing connection 0 [jk_ajp_common.c (605)]: In jk_endpoint_t::ajp_close_endpoint Apache to Tomcat using the ajp13 connector over port 8009 works fine but I have a requirement to encrypt all data. Any ideas? Thanks, John Configs: --- Tomcat configs ## server.xml ... Connector className=org.apache.coyote.tomcat4.CoyoteConnector port=8443 minProcessors=5 maxProcessors=75 enableLookups=true acceptCount=100 debug=0 scheme=https secure=true useURIValidationHack=false disableUploadTimeout=true Factory className=org.apache.coyote.tomcat4.CoyoteServerSocketFactory clientAuth=true protocol=TLS / /Connector ... ## workers.properties workers.tomcat_home=/usr/jakarta-tomcat-4.1.29/ workers.java_home=/usr/java/j2sdk1.4.1_03/bin/java ps=/ worker.list=bob worker.loadbalancer.type=lb worker.loadbalancer.balanced_workers=bob worker.bob.port=8443 worker.bob.host=10.0.0.10 worker.bob.type=ajp13 worker.bob.lbfactor=1 --- Apache configs ## httpd.conf ... LoadModule jk_module modules/mod_jk.so JkWorkersFile /usr/jakarta-tomcat-4.1.29/conf/workers.properties JkLogFile /usr/httpd-2.0.48/logs/mod_jk-log JkLogLevel debug JkMount / bob JkMount /* bob ... - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Tomcat / Apache / SSl
You will use the same connector over port 8009. No additional connector needed over any other port. In your ssl.conf for apache, you will create a VirtualHost entry very much like the one that's in your httpd.conf file. In there you will do your JkMount declaratives, etc. BTW, I use 0.9.7c openssl because that one is patched for a vulnearability. Just thought I'd mention it eventhough you list yours as Nov 4, which probably means the patch was backported. Oscar http://daydream.stanford.edu/tomcat/install_web_services.html On Tue, 13 Jan 2004 [EMAIL PROTECTED] wrote: Software: Apache - 2.0.48 Tomcat - 4.1.29 OpenSSL - 0.9.6l [engine] 04 Nov 2003 Hi, I am trying to encrypt all data being transmitted from the client pc to the webserver, and also from the webserver to tomcat. I have only been working on tomcat for a couple of months but have experience on WebSphere. I have enabled ssl on both apache and on tomcat, and both are accessible directly: apache: https://host tomcat: https://host:8443 When I try set up a connector from apache to tomcat using port 8443 i get an Internal Server Error and the follwoing errors in the mod_jk log: [jk_ajp_common.c (661)]: In jk_endpoint_t::ajp_connect_to_endpoint, connected sd = 16 [jk_ajp_common.c (693)]: sending to ajp13 #358 [jk_ajp_common.c (966)]: ajp_send_request 2: request body to send 0 - request body to resend 0 [jk_ajp_common.c (755)]: ajp_connection_tcp_get_message: Error - Wrong message format 0x1503 [jk_ajp_common.c (1137)]: Error reading reply from tomcat. Tomcat is down or network problems. [jk_ajp_common.c (1290)]: ERROR: Receiving from tomcat failed, recoverable operation. err=2 [jk_ajp_common.c (1309)]: sending request to tomcat failed in send loop. err=2 [jk_ajp_common.c (1318)]: Error connecting to tomcat. Tomcat is probably not started or is listening on the wrong port. Failed errno = 0 [jk_ajp_common.c (1529)]: Into jk_endpoint_t::done, closing connection 0 [jk_ajp_common.c (605)]: In jk_endpoint_t::ajp_close_endpoint Apache to Tomcat using the ajp13 connector over port 8009 works fine but I have a requirement to encrypt all data. Any ideas? Thanks, John Configs: --- Tomcat configs ## server.xml ... Connector className=org.apache.coyote.tomcat4.CoyoteConnector port=8443 minProcessors=5 maxProcessors=75 enableLookups=true acceptCount=100 debug=0 scheme=https secure=true useURIValidationHack=false disableUploadTimeout=true Factory className=org.apache.coyote.tomcat4.CoyoteServerSocketFactory clientAuth=true protocol=TLS / /Connector ... ## workers.properties workers.tomcat_home=/usr/jakarta-tomcat-4.1.29/ workers.java_home=/usr/java/j2sdk1.4.1_03/bin/java ps=/ worker.list=bob worker.loadbalancer.type=lb worker.loadbalancer.balanced_workers=bob worker.bob.port=8443 worker.bob.host=10.0.0.10 worker.bob.type=ajp13 worker.bob.lbfactor=1 --- Apache configs ## httpd.conf ... LoadModule jk_module modules/mod_jk.so JkWorkersFile /usr/jakarta-tomcat-4.1.29/conf/workers.properties JkLogFile /usr/httpd-2.0.48/logs/mod_jk-log JkLogLevel debug JkMount / bob JkMount /* bob ... - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Tomcat + Apache + SSL
I have apache set up to redirect requests for a specific context to Tomcat. I am curious if there is a way to force all requests to that context to be redirected through SSL. http://servername/securecontext -- https://servername/sercurecontext http://servername/everythingelse -- http://servername/everythingelse Is this something I set up in workers2.properties or httpd.conf? Can anyone point me at a decent tutorial? Thanks. Rob Abernethy - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat + Apache + SSL
You can use mod_rewrite in Apache. It's been a while but I believe something such as this in your httpd.conf should do the trick: RewriteEngine On RewriteRule ^/securecontext(.*) https://servername/securecontext$1 [R] I may be off a bit, so check the docs at: http://httpd.apache.org/docs/mod/mod_rewrite.html or this helpful guide: http://www.engelschall.com/pw/apache/rewriteguide/ On Tue, 2003-09-23 at 12:04, Robert D. Abernethy IV wrote: I have apache set up to redirect requests for a specific context to Tomcat. I am curious if there is a way to force all requests to that context to be redirected through SSL. http://servername/securecontext -- https://servername/sercurecontext http://servername/everythingelse -- http://servername/everythingelse Is this something I set up in workers2.properties or httpd.conf? Can anyone point me at a decent tutorial? Thanks. Rob Abernethy - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- Sean Bruton [EMAIL PROTECTED] Senior Engineer Network Services NeoSpire, Inc.www.neospire.net - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Tomcat + Apache + SSL
I tried that with mixed results. I was able to use mod_rewrite to redirect non-Tomcat contexts, but was unable to redirect what I wanted. Does apache process the mod_jk stuff first? It looks like it is seeing securecontext and passing it to Tomcat before it gets to the rewrite rules. Here's my results using mod_rewrite (foo is a directory in the web server root, while secure context is a Tomcat webapp). http://servername/* - http://servername/* http://servername/foo - https://servername/foo http://servername/securecontext - http://servername/securecontext Rob Abernethy -Original Message- From: Sean Bruton [mailto:[EMAIL PROTECTED] Sent: Tuesday, September 23, 2003 2:07 PM To: Tomcat Users List Subject: Re: Tomcat + Apache + SSL You can use mod_rewrite in Apache. It's been a while but I believe something such as this in your httpd.conf should do the trick: RewriteEngine On RewriteRule ^/securecontext(.*) https://servername/securecontext$1 [R] I may be off a bit, so check the docs at: http://httpd.apache.org/docs/mod/mod_rewrite.html or this helpful guide: http://www.engelschall.com/pw/apache/rewriteguide/ On Tue, 2003-09-23 at 12:04, Robert D. Abernethy IV wrote: I have apache set up to redirect requests for a specific context to Tomcat. I am curious if there is a way to force all requests to that context to be redirected through SSL. http://servername/securecontext -- https://servername/sercurecontext http://servername/everythingelse -- http://servername/everythingelse Is this something I set up in workers2.properties or httpd.conf? Can anyone point me at a decent tutorial? Thanks. Rob Abernethy - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- Sean Bruton [EMAIL PROTECTED] Senior Engineer Network Services NeoSpire, Inc.www.neospire.net - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat + Apache + SSL
Where is Tim when you need him ;-). http://jakarta.apache.org/tomcat/faq/security.html#https Robert D. Abernethy IV [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] I have apache set up to redirect requests for a specific context to Tomcat. I am curious if there is a way to force all requests to that context to be redirected through SSL. http://servername/securecontext -- https://servername/sercurecontext http://servername/everythingelse -- http://servername/everythingelse Is this something I set up in workers2.properties or httpd.conf? Can anyone point me at a decent tutorial? Thanks. Rob Abernethy - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
tomcat apache SSL
Hi All, I use apache web server and for jsp files I configureted tomcat. I try to make SSL connection with client authentication. I configureted apache and did nothing with tomcat (should I do??), it works, asks me for client certificate and verifys it. Everything looks fine but when I try to get client certificate from servlet it returns null, anybody knows ? Please Help Elif _ The new MSN 8: smart spam protection and 2 months FREE* http://join.msn.com/?page=features/junkmail - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: tomcat apache SSL
My first guess is that you are running a version 4.1.27. If so, you should see all sorts of errors in your Tomcat logs telling you what didn't work. If you want to know why earlier version don't work, search the archives or bugzilla. Elif Akten [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Hi All, I use apache web server and for jsp files I configureted tomcat. I try to make SSL connection with client authentication. I configureted apache and did nothing with tomcat (should I do??), it works, asks me for client certificate and verifys it. Everything looks fine but when I try to get client certificate from servlet it returns null, anybody knows ? Please Help Elif _ The new MSN 8: smart spam protection and 2 months FREE* http://join.msn.com/?page=features/junkmail - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Tomcat-Apache SSL
After reading the installing SSL doc for tomcat it says you don't need it on Tomcat, just have it on apache and you are ok. I have an apache SSL port (443) and this is working ok. I have my tomcat application on 8080, also works ok. What I don't understand is the link between these 2. Do I have to set the apache SSL port to be 8080? If so, will it not ignore the tomcat conf and use the apche stuff instead (as it seemed to when I tried it) The information contained in this communication is intended solely for the use of the individual or entity to whom it is addressed and others authorized to receive it. It may contain confidential or legally privileged information. If you are not the intended recipient you are hereby notified that any disclosure, copying, distribution or taking any action in reliance on the contents of this information is strictly prohibited and may be unlawful. If you received this communication in error, please notify us immediately by responding to this email and then delete it from your system. Appleyard Finance Holdings Ltd or its subsidiaries are neither liable for the proper and complete transmission of the information contained in this communication nor for any delay in its receipt. -- To unsubscribe, e-mail: mailto:tomcat-user-unsubscribe;jakarta.apache.org For additional commands, e-mail: mailto:tomcat-user-help;jakarta.apache.org
RE: Tomcat-Apache SSL
Nope. The communication between Apache and Tomcat happens on a connector, like JK or JK2. The default JK port is 8009. The communication between Apache and Tomcat via JK or JK2 is not encrypted. John -Original Message- From: Richard Johnstone [mailto:Richard.Johnstone;appleyard-contracts.co.uk] Sent: Thursday, November 07, 2002 10:10 AM To: [EMAIL PROTECTED] Subject: Tomcat-Apache SSL After reading the installing SSL doc for tomcat it says you don't need it on Tomcat, just have it on apache and you are ok. I have an apache SSL port (443) and this is working ok. I have my tomcat application on 8080, also works ok. What I don't understand is the link between these 2. Do I have to set the apache SSL port to be 8080? If so, will it not ignore the tomcat conf and use the apche stuff instead (as it seemed to when I tried it) -- To unsubscribe, e-mail: mailto:tomcat-user-unsubscribe;jakarta.apache.org For additional commands, e-mail: mailto:tomcat-user-help;jakarta.apache.org
Re: Tomcat-Apache SSL
On Thu, 7 Nov 2002, Richard Johnstone wrote: After reading the installing SSL doc for tomcat it says you don't need it on Tomcat, just have it on apache and you are ok. I have an apache SSL port (443) and this is working ok. I have my tomcat application on 8080, also works ok. What I don't understand is the link between these 2. Do I have to set the apache SSL port to be 8080? If so, will it not ignore the tomcat conf and use the apche stuff instead (as it seemed to when I tried it) You need to understand the difference between running Tomcat standalone and integrated with a web server (such as Apache). In the former case, Tomcat standalone, Tomcat handles everything, including fielding the request and returning the response (including any SSL processing -- e.g. decryption or encryption -- if enabled). 8080 is the default port for Tomcat standalone, but without SSL. Tomcat standalone can do SSL, you just need to enable it in server.xml (you may have to install some additional libraries). The default port for that is 8443. Tomcat standalone is totally independent from any other web server. In the latter case, Tomcat integrated with a web server, the web server handles fielding the request and returning the response, but inbetween it passes the request to Tomcat for processing. This is done via a connector such as JK or JK2. You can enable/disable these connectors in server.xml. If you do it this way, you set up SSL on the web server only, not on Tomcat -- the internal communication between the web server and Tomcat is not encrypted. So you have to decide how you want things set up. If you don't want Tomcat standalone, disable the relevant connector(s) in server.xml. Then you need to set up one of the web server connectors; this is done partly in server.xml, but you also need to get the appropriate connector module binary and configure that for your web server. If you do want Tomcat standalone, but with SSL, enable the relevant connector in server.xml. (Also, would that be SSL only, or both non-SSL and SSL.) Milt Epstein Research Programmer Integration and Software Engineering (ISE) Campus Information Technologies and Educational Services (CITES) University of Illinois at Urbana-Champaign (UIUC) [EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:tomcat-user-unsubscribe;jakarta.apache.org For additional commands, e-mail: mailto:tomcat-user-help;jakarta.apache.org
Re: Tomcat-Apache SSL - Extension Question
[reply] You need to understand the difference between running Tomcat standalone and integrated with a web server (such as Apache). .. [snip] [/reply] Knowing all this, is there a way for a servlet to reliably know whether Apache is currently replying to http or https? The Apache connector portion works perfectly using two different IP addresses and IP#1 being non-secure, while IP#2 is secure. I'm having a bit of difficulty with 'response.sendRedirect([relativeURL])' where one application contains both secure and non-secure content. I've seen this question asked in several threads, but haven't seen a definitive answer. - 'servletRequest.isSecure()' (okay, an extension of...) doesn't work because the traffic between Apache and Tomcat isn't encrypted. 'isSecure()' _always_ returns false, since the traffic it's receiving isn't encrypted. - I've tried using 'request.getRequestURL()' to dynamically decide whether the traffic is secure: i.e. http://server/directory/referringpage.jsp == not secure so a relativeURL to newpage.jsp will work; http://server:443/directory/referringpage.jsp == secure so I parse out the server name, append 'https', and use an initial parameter for the port (in this case an empty string - but it could be ':8443'). The problem is that 'getRequestURL' indicates where the request came _from_, so a redirect from a secure page to a non-secure page fails. - Currently I put the fully qualified URL for both http and https in an initial parameter in web.xml, then I just append that to my URL in a redirect. At least I can move code to a new server without recompiling the whole mess. The problem is that I don't want to depend on the code knowing whether it is forwarding to a secure page. Has anyone found a better way to do this? === Chris Parker Programmer/Analyst Health Care Services Division California Youth Authority -- To unsubscribe, e-mail: mailto:tomcat-user-unsubscribe;jakarta.apache.org For additional commands, e-mail: mailto:tomcat-user-help;jakarta.apache.org
RE: Tomcat-Apache SSL - Extension Question
This came up a week or so ago. Check here for a very comprehensive reply from Milt Epstein. In short, isSecure is exactly the method you should use, and it does know if the original request is SSL or not. If it is always returning 'false', something else is going on. http://marc.theaimsgroup.com/?l=tomcat-userm=103608496529118w=2 John -Original Message- From: Chris Parker [mailto:cparker;cya.ca.gov] Sent: Thursday, November 07, 2002 12:21 PM To: Tomcat Users List Subject: Re: Tomcat-Apache SSL - Extension Question [reply] You need to understand the difference between running Tomcat standalone and integrated with a web server (such as Apache). .. [snip] [/reply] Knowing all this, is there a way for a servlet to reliably know whether Apache is currently replying to http or https? The Apache connector portion works perfectly using two different IP addresses and IP#1 being non-secure, while IP#2 is secure. I'm having a bit of difficulty with 'response.sendRedirect([relativeURL])' where one application contains both secure and non-secure content. I've seen this question asked in several threads, but haven't seen a definitive answer. - 'servletRequest.isSecure()' (okay, an extension of...) doesn't work because the traffic between Apache and Tomcat isn't encrypted. 'isSecure()' _always_ returns false, since the traffic it's receiving isn't encrypted. - I've tried using 'request.getRequestURL()' to dynamically decide whether the traffic is secure: i.e. http://server/directory/referringpage.jsp == not secure so a relativeURL to newpage.jsp will work; http://server:443/directory/referringpage.jsp == secure so I parse out the server name, append 'https', and use an initial parameter for the port (in this case an empty string - but it could be ':8443'). The problem is that 'getRequestURL' indicates where the request came _from_, so a redirect from a secure page to a non-secure page fails. - Currently I put the fully qualified URL for both http and https in an initial parameter in web.xml, then I just append that to my URL in a redirect. At least I can move code to a new server without recompiling the whole mess. The problem is that I don't want to depend on the code knowing whether it is forwarding to a secure page. Has anyone found a better way to do this? === Chris Parker Programmer/Analyst Health Care Services Division California Youth Authority -- To unsubscribe, e-mail: mailto:tomcat-user-unsubscribe;jakarta.apache.org For additional commands, e-mail: mailto:tomcat-user-help;jakarta.apache.org -- To unsubscribe, e-mail: mailto:tomcat-user-unsubscribe;jakarta.apache.org For additional commands, e-mail: mailto:tomcat-user-help;jakarta.apache.org
Re: Tomcat-Apache SSL - Extension Question
This came up a week or so ago. Check here for a very comprehensive reply from Milt Epstein. In short, isSecure is exactly the method you should use, and it does know if the original request is SSL or not. If it is always returning 'false', something else is going on. http://marc.theaimsgroup.com/?l=tomcat-userm=103608496529118w=2 John Thanks John, somehow I missed that reply - and thanks Milt for providing it. On my server SnoopServlet replies that isSecure() = false - even though it's true. I thought this was a limitation of Apache-Tomcat, not a problem with my configuration. Now that I know I'm not looking for the impossible, I'll investigate and post when I have a solution... Thanks again. -- To unsubscribe, e-mail: mailto:tomcat-user-unsubscribe;jakarta.apache.org For additional commands, e-mail: mailto:tomcat-user-help;jakarta.apache.org
Re: Tomcat-Apache SSL - Extension Question
On Thu, 7 Nov 2002, Chris Parker wrote: This came up a week or so ago. Check here for a very comprehensive reply from Milt Epstein. In short, isSecure is exactly the method you should use, and it does know if the original request is SSL or not. If it is always returning 'false', something else is going on. http://marc.theaimsgroup.com/?l=tomcat-userm=103608496529118w=2 John Thanks John, somehow I missed that reply - and thanks Milt for providing it. On my server SnoopServlet replies that isSecure() = false - even though it's true. I thought this was a limitation of Apache-Tomcat, not a problem with my configuration. Now that I know I'm not looking for the impossible, I'll investigate and post when I have a solution... Just a couple of things to add: 1. I suspect, but don't know for sure, that isSecure() (and getScheme()) should work correctly even with forwards/redirects as well. Of course, if you found that isSecure() doesn't work with basic https, as apparently is the case above, the problem is not restricted to forwards/redirects. 2. Some other people reported this mis-behavior, and at least one person said/suggested that it's a bug with the Coyote AJP connector. Which connector are you using? If it's the Coyote AJP connector, that adds confirmation to this possibility. I don't know that it's yet been fixed, or that there's a workaround, other than using the Ajp13Connector. Milt Epstein Research Programmer Integration and Software Engineering (ISE) Campus Information Technologies and Educational Services (CITES) University of Illinois at Urbana-Champaign (UIUC) [EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:tomcat-user-unsubscribe;jakarta.apache.org For additional commands, e-mail: mailto:tomcat-user-help;jakarta.apache.org
Re: Tomcat-Apache SSL - Extension Question
Just a couple of things to add: 1. I suspect, but don't know for sure, that isSecure() (and getScheme()) should work correctly even with forwards/redirects as well. Of course, if you found that isSecure() doesn't work with basic https, as apparently is the case above, the problem is not restricted to forwards/redirects. Haven't had a chance to test this yet, only got 'isSecure()' working a few minutes ago - although I also suspect it would work just fine. I'll post more info regarding this when I have an answer though. 2. Some other people reported this mis-behavior, and at least one person said/suggested that it's a bug with the Coyote AJP connector. Which connector are you using? If it's the Coyote AJP connector, that adds confirmation to this possibility. I don't know that it's yet been fixed, or that there's a workaround, other than using the Ajp13Connector. It appears that the Coyote AJP connector _does_ have a bug. Up until a few minutes ago, I was using the connector that is enabled by default in Tomcat 4.1.12 - namely 'org.apache.coyote.tomcat4.CoyoteConnector'. I'm using pretty much the default 'server.xml' with just enough changes to make my particular environment work - it's still a development box... Just a minute ago I commented out the default connector and added a section for the 'org.apache.ajp.tomcat4.Ajp13Connector' connector, and suddenly isSecure() started reflecting reality. Note: I used the information from http://www.tek-tips.com/gfaqs.cfm/pid/877/fid/1815 as a 'HowTo'. FWIW, I don't even _have_ a 'clientAuth' section - it doesn't appear to affect this issue. One additional thing I noticed, 'JMX MBeans' pukes when Tomcat starts with the CoyoteConnector commented out, and the Ajp13Connector enabled. It seems there isn't a 'ManagedBean' in the Ajp13Connector. I don't curretnly use MBeans anyhow, so I commented this out also. I'll post more about how to do all this once I have connected all the dots. === Chris Parker Programmer/Analyst Health Care Services Division California Youth Authority -- To unsubscribe, e-mail: mailto:tomcat-user-unsubscribe;jakarta.apache.org For additional commands, e-mail: mailto:tomcat-user-help;jakarta.apache.org
Tomcat-Apache-SSL problem
Hello, I am having a problem accessing my webapps using https protocol. My server conf is: Tomcat 4.0.5 + Apache 1.3.26 + mod_jk 1.2 + mod_ssl https works if I access static pages like https://myhost/manual/index.html, but does not work with my webapp (https://myhost/mywebapp/index.jsp). However, http works with my webapp (http://myhost/mywebapp/index.jsp). I tried mod_jk.so compiled by myself and the one from jakarta website (http://jakarta.apache.org/builds/jakarta-tomcat-connectors/jk/release/v1.2.0/bin/linux/i386/mod_jk-1.3-eapi.so) with mod_ssl, neither worked. Could someone give me a hint of what's going on, and how to fix this? Thanks a lot Haixi _ Join the worlds largest e-mail service with MSN Hotmail. http://www.hotmail.com -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: Tomcat-Apache-SSL problem
Assuming you're using VirtualHost, do you specify the right JkMount paths in VirtualHost sections in your Apache that serve the secure port? d. haixi liu wrote: Hello, I am having a problem accessing my webapps using https protocol. My server conf is: Tomcat 4.0.5 + Apache 1.3.26 + mod_jk 1.2 + mod_ssl https works if I access static pages like https://myhost/manual/index.html, but does not work with my webapp (https://myhost/mywebapp/index.jsp). However, http works with my webapp (http://myhost/mywebapp/index.jsp). I tried mod_jk.so compiled by myself and the one from jakarta website (http://jakarta.apache.org/builds/jakarta-tomcat-connectors/jk/release/v1.2.0/bin/linux/i386/mod_jk-1.3-eapi.so) with mod_ssl, neither worked. Could someone give me a hint of what's going on, and how to fix this? Thanks a lot Haixi _ Join the worlds largest e-mail service with MSN Hotmail. http://www.hotmail.com -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- David Mossakowski [EMAIL PROTECTED] Instinet Corporation 212.310.7275 Disclaimer This message is intended only for the use of the Addressee and may contain information that is PRIVILEGED and/or CONFIDENTIAL or both. This email is intended only for the personal and confidential use of the recipient(s) named above. If the reader of this email is not an intended recipient, you have received this email in error and any review, dissemination, distribution or copying is strictly prohibited. If you have received this email in error, please notify the sender immediately by return mail and permanently deleting the copy you received. Thank you. -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: Tomcat-Apache-SSL problem
David, No, I did not. I am using the auto config file generated by Tomcat from $CATALINA_HOME/conf/jk/workers.properties. In my http.conf, I just have this line: Include /usr/local/tomcat/conf/auto/mod_jk.conf I think that's the reason why the http works but https doesn't work. I looked at the VirtualHost _default_:443 portion of my http.conf, but don't know how to add those paths in there. I tried to paste the content of my $CATALINA_HOME/conf/auto/mod_jk.conf into the virtualhost directory, but it did not work. Would you please give me several simple sample lines? Thanks a lot Assuming you're using VirtualHost, do you specify the right JkMount paths in VirtualHost sections in your Apache that serve the secure port? _ Send and receive Hotmail on your mobile device: http://mobile.msn.com -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: Tomcat-Apache-SSL problem
Got it to work. Thanks From: haixi liu [EMAIL PROTECTED] Reply-To: Tomcat Users List [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Re: Tomcat-Apache-SSL problem Date: Fri, 04 Oct 2002 17:25:20 + David, No, I did not. I am using the auto config file generated by Tomcat from $CATALINA_HOME/conf/jk/workers.properties. In my http.conf, I just have this line: Include /usr/local/tomcat/conf/auto/mod_jk.conf I think that's the reason why the http works but https doesn't work. I looked at the VirtualHost _default_:443 portion of my http.conf, but don't know how to add those paths in there. I tried to paste the content of my $CATALINA_HOME/conf/auto/mod_jk.conf into the virtualhost directory, but it did not work. Would you please give me several simple sample lines? Thanks a lot Assuming you're using VirtualHost, do you specify the right JkMount paths in VirtualHost sections in your Apache that serve the secure port? _ Send and receive Hotmail on your mobile device: http://mobile.msn.com -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] _ Chat with friends online, try MSN Messenger: http://messenger.msn.com -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]