hello again!
i also tried it with one service and multiple connectors with the same result ... only one of the keystore-files is taken ... as it is the one of the webservers original name i tend to think that this may be a portforward-problem (i.e. all forwardes port/ips are mapped to the one associated with the used keystore)
.. has anybody a working tomcat 4.1.x configuration with multiple ips and ssl keystores?
kind regards
randolph
At 16:00 17.01.2005, you wrote:
hello everybody!
i'm new to this list and dont have too much tomcat expericence but i've been searching for a while to solve the following problem - unfortunately up to date without success:
here is my little mind bender ;-)
i have tomcat 4.1.31 running on a linux server, to use multiple ssl keystores i built the following server.xml, i have port-forwarding on (script follows). my problem is, that i always get the same certificate, no matter what ip/domain i use.
server xml ------------------------------- <Server port="8005" shutdown="SHUTDOWN" debug="0">
<!-- Comment these entries out to disable JMX MBeans support -->
<!-- You may also configure custom components (e.g. Valves/Realms) by
including your own mbean-descriptor file(s), and setting the
"descriptors" attribute to point to a ';' seperated list of paths
(in the ClassLoader sense) of files to add to the default list.
e.g. descriptors="/com/myfirm/mypackage/mbean-descriptor.xml"
-->
<Listener className="org.apache.catalina.mbeans.ServerLifecycleListener"
debug="0"/>
<Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener"
debug="0"/>
<!-- Global JNDI resources --> <GlobalNamingResources>
<!-- Test entry for demonstration purposes --> <Environment name="simpleValue" type="java.lang.Integer" value="30"/>
<!-- Editable user database that can also be used by UserDatabaseRealm to authenticate users --> <Resource name="UserDatabase" auth="Container" type="org.apache.catalina.UserDatabase" description="User database that can be updated and saved"> </Resource> <ResourceParams name="UserDatabase"> <name>factory</name> <value>org.apache.catalina.users.MemoryUserDatabaseFactory</value> </parameter> <parameter> <name>pathname</name> <value>conf/tomcat-users.xml</value> </parameter> </ResourceParams>
</GlobalNamingResources>
<Service name="Service C">
<!-- Define a non-SSL Coyote HTTP/1.1 Connector on port 8080 -->
<Connector className="org.apache.coyote.tomcat4.CoyoteConnector"
port="8080" address="100.100.100.3" minProcessors="10" maxProcessors="100"
enableLookups="true" redirectPort="8080"
acceptCount="100" debug="0" connectionTimeout="20000"
useURIValidationHack="false" disableUploadTimeout="true" />
<!-- Note : To disable connection timeouts, set connectionTimeout value
to 0 -->
<!-- Define a SSL Coyote HTTP/1.1 Connector on port 8443 -->
<Connector className="org.apache.coyote.tomcat4.CoyoteConnector"
port="8443" minProcessors="5" maxProcessors="30"
address="100.100.100.3"
enableLookups="true"
acceptCount="30" debug="0" scheme="https" secure="true"
useURIValidationHack="false" disableUploadTimeout="true">
<Factory className="org.apache.coyote.tomcat4.CoyoteServerSocketFactory"
keystoreFile="/home/essence/essence/KEYS/c.keystore"
keystorePass="xxx"
clientAuth="false" protocol="TLS" />
</Connector>
<Engine defaultHost="www.domainc.at" debug="0"> <Logger className="org.apache.catalina.logger.FileLogger" prefix="catalina_log." suffix=".txt" timestamp="true"/>
<Realm className="org.apache.catalina.realm.UserDatabaseRealm" debug="0" resourceName="UserDatabase"/>
<!-- Define the default virtual host --> <Host name="www.domainc.at" debug="0" appBase="webapps" unpackWARs="true" autoDeploy="true">
<Logger className="org.apache.catalina.logger.FileLogger" directory="logs" prefix="domainc_log." suffix=".txt" timestamp="true"/>
<!-- Tomcat Root Context --> <Context path="" docBase="essence" debug="0"/>
</Host> </Engine> </Service>
<Service name="service b">
<!-- Define a non-SSL Coyote HTTP/1.1 Connector on port 8080 -->
<Connector className="org.apache.coyote.tomcat4.CoyoteConnector"
port="8080" address="100.100.100.2" minProcessors="10" maxProcessors="100"
enableLookups="true" redirectPort="8080"
acceptCount="100" debug="0" connectionTimeout="20000"
useURIValidationHack="false" disableUploadTimeout="true" />
<!-- Note : To disable connection timeouts, set connectionTimeout value
to 0 -->
<!-- Define a SSL Coyote HTTP/1.1 Connector on port 8443 -->
<Connector className="org.apache.coyote.tomcat4.CoyoteConnector"
port="8443" minProcessors="5" maxProcessors="50"
address="100.100.100.2"
enableLookups="true"
acceptCount="50" debug="0" scheme="https" secure="true"
useURIValidationHack="false" disableUploadTimeout="true">
<Factory className="org.apache.coyote.tomcat4.CoyoteServerSocketFactory"
keystoreFile="/home/essence/essence/KEYS/b.keystore"
keystorePass="xxxx"
clientAuth="false" protocol="TLS" />
</Connector>
<Engine defaultHost="www.domainb.at" debug="0"> <Logger className="org.apache.catalina.logger.FileLogger" prefix="catalina_log." suffix=".txt" timestamp="true"/>
<Realm className="org.apache.catalina.realm.UserDatabaseRealm" debug="0" resourceName="UserDatabase"/>
<!-- Define the default virtual host --> <Host name="www.domainb.at" debug="0" appBase="webapps" unpackWARs="true" autoDeploy="true">
<Logger className="org.apache.catalina.logger.FileLogger" directory="logs" prefix="domainb_log." suffix=".txt" timestamp="true"/>
<!-- Tomcat Root Context --> <Context path="" docBase="essence" debug="0"/>
</Host> </Engine> </Service>
<Service name="ServiceA">
<!-- Define a non-SSL Coyote HTTP/1.1 Connector on port 8080 -->
<Connector className="org.apache.coyote.tomcat4.CoyoteConnector"
port="8080" address="100.100.100.1" minProcessors="10" maxProcessors="100"
enableLookups="true" redirectPort="8080"
acceptCount="100" debug="0" connectionTimeout="20000"
useURIValidationHack="false" disableUploadTimeout="true" />
<!-- Note : To disable connection timeouts, set connectionTimeout value
to 0 -->
<!-- Define a SSL Coyote HTTP/1.1 Connector on port 8443 -->
<Connector className="org.apache.coyote.tomcat4.CoyoteConnector"
port="8443" minProcessors="5" maxProcessors="30"
address="100.100.100.1"
enableLookups="true"
acceptCount="30" debug="0" scheme="https" secure="true"
useURIValidationHack="false" disableUploadTimeout="true">
<Factory className="org.apache.coyote.tomcat4.CoyoteServerSocketFactory"
keystoreFile="/home/essence/essence/KEYS/a.keystore"
keystorePass="xxxxx"
clientAuth="false" protocol="TLS" />
</Connector>
<Engine defaultHost="www.domaina.at" debug="0"> <Logger className="org.apache.catalina.logger.FileLogger" prefix="catalina_log." suffix=".txt" timestamp="true"/>
<Realm className="org.apache.catalina.realm.UserDatabaseRealm" debug="0" resourceName="UserDatabase"/>
<!-- Define the default virtual host --> <Host name="www.domaina.at" debug="0" appBase="webapps" unpackWARs="true" autoDeploy="true">
<Logger className="org.apache.catalina.logger.FileLogger" directory="logs" prefix="domaina_log." suffix=".txt" timestamp="true"/>
<!-- Tomcat Root Context --> <Context path="" docBase="essence" debug="0"/>
</Host> </Engine> </Service>
</Server>
----------------------------
the multiple ips work and my portforwarding script looks as follows:
iptables -t nat -A PREROUTING -j REDIRECT -p tcp --destination-port 80:80 --to-ports 8080
iptables -t nat -A PREROUTING -j REDIRECT -p tcp --destination-port 443:443 --to-ports 8443
does anybody have a hint what is wrong with this?
kind regards
randolph
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
----------------------------------------------------------------------- di randolph kepplinger, mba [EMAIL PROTECTED] / 0676-844899-800
metamagix - better online solutions favoritenstrasse 19 / 1040 wien / +43.1.9902804 buero: hackengasse 27 / 1150 wien / +43.1.9902804 http://www.metamagix.net
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
