Well, I've tried a few more permutations of these settings to no avail. Does anyone out there have a definitive setup for mod_jk and Tomcat 4 with the SSL part being handled by Apache? Has anyone been able to solve the "redirect" problem by using multiple connectors and schemes or using multiple VirtualHost directives??
Thanks in advance, David -----Original Message----- From: David Ethell [mailto:[EMAIL PROTECTED]] Sent: Friday, July 19, 2002 4:19 PM To: [EMAIL PROTECTED] Subject: Tomcat 4.0.4, mod_jk and invalid redirects in https mode I have spent the past two days reading the mailing list archives, reading usenet and reading all the docs I can on configuring Apache with mod_jk and Tomcat. Almost everything works, but I'm down to the same type of problem mentioned in bug 10233 (http://nagoya.apache.org/bugzilla/show_bug.cgi?id=10233). In there the last comment mentions getting the scheme correct in my Tomcat connectors and I've pulled my hair out trying to make this all work. First, I had this entire setup working fine on another server, but there is a difference in how I set up my VirtualHost directives on that machine and this one. The problem happens when I access a page through https and Tomcat sends a 302 redirect back out to the client. For me this happens when using form-based realm authentication since it redirects the user to my login form and with some of our servlets that do redirects. Looking at the HTTP headers through openssl s_client we indeed see that when I request a page that will result in a redirect it redirects me to the https protocol but on port 80 instead of port 443. My question is, do I have to have two connectors defined in my server.xml, one to handle the non-secure and one for secure? I have tried this to no avail and I don't see why I must do that since I didn't do it previously. At the end of this messages are the relevant parts from my current configuration. You'll notice the extra ajp13 connector I defined responding on port 8010. This is for the ajp13_https worker defined in my workers.properties file. My current httpd.conf doesn't make use of it, but I left it in to show what I had been playing around with. I previously tried to get all the calls under the 443 VirtualHost to use the ajp13_https connector, but it seems that 443 VirtualHost is being ignored so it never helped. In my previous installation I was able to use another IP address for my mod_jk tests and I never had to try anything with the scheme="https" in server.xml. I just left a single ajp13 connector just like in the Jakarta mod_jk docs and I had two VirtualHosts, on with no port specified one on port 443, but explicitly spelling out the IP address. On my new host I can't do that without Apache complaining about mixing * ports and non-* ports with a NameVirtualHost. Unfortunately on my new host I don't have the luxury of extra IP addresses and such. What am I missing? Do I have to set up two connectors one with scheme="https" to make this redirection stuff work? Everything besides redirection works fine. Why did it work before on my old host when I was able to have two different VirtualHost directives and now it doesn't when I only have one? Any help would be greatly appreciated. I'm sure this is not an uncommon thing to do. Thanks, David ---------------------- Apache, httpd.conf: LoadModule jk_module modules/mod_jk.so AddModule mod_jk.c JkWorkersFile "/usr/local/etc/httpd/conf/workers.properties" JkLogFile "/usr/local/etc/httpd/logs/mod_jk.log" JkLogLevel emerg <VirtualHost 161.58.172.184> ServerName www.vitalassets.com Alias /vawebsite /usr/local/java/tomcat/webapps/vawebsite Alias /vitalassets /usr/local/java/tomcat/webapps/vitalassets RewriteEngine On RewriteRule ^/$ /vawebsite/ [R] RewriteRule ^/index.jsp$ /vawebsite/index.jsp [R,L] JkMount /*.jsp ajp13 JkMount /servlet/* ajp13 JkMount /*/j_security_check ajp13 </VirtualHost> <VirtualHost _default_:443> ServerName www.vitalassets.com Alias /vawebsite /usr/local/java/tomcat/webapps/vawebsite Alias /vitalassets /usr/local/java/tomcat/webapps/vitalassets RewriteEngine On RewriteRule ^/$ /vawebsite/ [R] RewriteRule ^/index.jsp$ /vawebsite/index.jsp [R,L] JkMount /*.jsp ajp13 JkMount /servlet/* ajp13 JkMount /*/j_security_check ajp13 </VirtualHost> Tomcat, workers.properties: # Setup for Solaris system # ps=/ worker.list=ajp12, ajp13, ajp13_https # Definition for Ajp13 worker # worker.ajp13.port=8009 worker.ajp13.host=localhost worker.ajp13.type=ajp13 # Definition for Ajp13 worker https # worker.ajp13_https.port=8010 worker.ajp13_https.host=localhost worker.ajp13_https.type=ajp13 Tomcat, server.xml: <!-- Define an AJP 1.3 Connector on port 8009 --> <Connector className="org.apache.ajp.tomcat4.Ajp13Connector" port="8009" minProcessors="5" maxProcessors="75" acceptCount="10" debug="0"/> <!-- Define an AJP 1.3 Connector on port 8010 for https --> <Connector className="org.apache.ajp.tomcat4.Ajp13Connector" port="8009" minProcessors="5" maxProcessors="75" acceptCount="10" debug="0" scheme="https" secure="true"/> -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]> -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
