Try this article: http://www.javaworld.com/javaworld/jw-02-2002/jw-0215-ssl.html --- Yousef Shemisa 650-365-9704 ext 12 http://www.netunderdogs.com Menlo Park, CA
~Savin' the Web Doggie Style~ We GUARANTEE our Web Development will exceed your expectations. ----- Original Message ----- From: "David Ethell" <[EMAIL PROTECTED]> To: "'Tomcat Users List'" <[EMAIL PROTECTED]> Sent: Monday, July 22, 2002 3:57 AM Subject: RE: Tomcat 4.0.4, mod_jk and invalid redirects in https mode > Well, I've tried a few more permutations of these settings to no avail. > Does anyone out there have a definitive setup for mod_jk and Tomcat 4 > with the SSL part being handled by Apache? Has anyone been able to solve > the "redirect" problem by using multiple connectors and schemes or using > multiple VirtualHost directives?? > > Thanks in advance, > David > > -----Original Message----- > From: David Ethell [mailto:[EMAIL PROTECTED]] > Sent: Friday, July 19, 2002 4:19 PM > To: [EMAIL PROTECTED] > Subject: Tomcat 4.0.4, mod_jk and invalid redirects in https mode > > > I have spent the past two days reading the mailing list archives, > reading usenet and reading all the docs I can on configuring Apache with > mod_jk and Tomcat. Almost everything works, but I'm down to the same > type of problem mentioned in bug 10233 > (http://nagoya.apache.org/bugzilla/show_bug.cgi?id=10233). In there the > last comment mentions getting the scheme correct in my Tomcat connectors > and I've pulled my hair out trying to make this all work. > > First, I had this entire setup working fine on another server, but there > is a difference in how I set up my VirtualHost directives on that > machine and this one. > > The problem happens when I access a page through https and Tomcat sends > a 302 redirect back out to the client. For me this happens when using > form-based realm authentication since it redirects the user to my login > form and with some of our servlets that do redirects. Looking at the > HTTP headers through openssl s_client we indeed see that when I request > a page that will result in a redirect it redirects me to the https > protocol but on port 80 instead of port 443. > > My question is, do I have to have two connectors defined in my > server.xml, one to handle the non-secure and one for secure? I have > tried this to no avail and I don't see why I must do that since I didn't > do it previously. > > At the end of this messages are the relevant parts from my current > configuration. You'll notice the extra ajp13 connector I defined > responding on port 8010. This is for the ajp13_https worker defined in > my workers.properties file. My current httpd.conf doesn't make use of > it, but I left it in to show what I had been playing around with. I > previously tried to get all the calls under the 443 VirtualHost to use > the ajp13_https connector, but it seems that 443 VirtualHost is being > ignored so it never helped. > > In my previous installation I was able to use another IP address for my > mod_jk tests and I never had to try anything with the scheme="https" in > server.xml. I just left a single ajp13 connector just like in the > Jakarta mod_jk docs and I had two VirtualHosts, on with no port > specified one on port 443, but explicitly spelling out the IP address. > On my new host I can't do that without Apache complaining about mixing * > ports and non-* ports with a NameVirtualHost. Unfortunately on my new > host I don't have the luxury of extra IP addresses and such. > > What am I missing? Do I have to set up two connectors one with > scheme="https" to make this redirection stuff work? Everything besides > redirection works fine. Why did it work before on my old host when I was > able to have two different VirtualHost directives and now it doesn't > when I only have one? Any help would be greatly appreciated. I'm sure > this is not an uncommon thing to do. > > Thanks, > David > ---------------------- > Apache, httpd.conf: > LoadModule jk_module modules/mod_jk.so > AddModule mod_jk.c > > JkWorkersFile "/usr/local/etc/httpd/conf/workers.properties" > JkLogFile "/usr/local/etc/httpd/logs/mod_jk.log" > JkLogLevel emerg > > <VirtualHost 161.58.172.184> > ServerName www.vitalassets.com > Alias /vawebsite /usr/local/java/tomcat/webapps/vawebsite > Alias /vitalassets /usr/local/java/tomcat/webapps/vitalassets > > RewriteEngine On > RewriteRule ^/$ /vawebsite/ [R] > RewriteRule ^/index.jsp$ /vawebsite/index.jsp [R,L] > > JkMount /*.jsp ajp13 > JkMount /servlet/* ajp13 > JkMount /*/j_security_check ajp13 > </VirtualHost> > <VirtualHost _default_:443> > ServerName www.vitalassets.com > Alias /vawebsite /usr/local/java/tomcat/webapps/vawebsite > Alias /vitalassets /usr/local/java/tomcat/webapps/vitalassets > > RewriteEngine On > RewriteRule ^/$ /vawebsite/ [R] > RewriteRule ^/index.jsp$ /vawebsite/index.jsp [R,L] > > JkMount /*.jsp ajp13 > JkMount /servlet/* ajp13 > JkMount /*/j_security_check ajp13 > </VirtualHost> > > Tomcat, workers.properties: > # Setup for Solaris system > # > ps=/ > worker.list=ajp12, ajp13, ajp13_https > > # Definition for Ajp13 worker > # > worker.ajp13.port=8009 > worker.ajp13.host=localhost > worker.ajp13.type=ajp13 > > # Definition for Ajp13 worker https > # > worker.ajp13_https.port=8010 > worker.ajp13_https.host=localhost > worker.ajp13_https.type=ajp13 > > Tomcat, server.xml: > <!-- Define an AJP 1.3 Connector on port 8009 --> > <Connector className="org.apache.ajp.tomcat4.Ajp13Connector" > port="8009" minProcessors="5" maxProcessors="75" > acceptCount="10" debug="0"/> > <!-- Define an AJP 1.3 Connector on port 8010 for https --> > <Connector className="org.apache.ajp.tomcat4.Ajp13Connector" > port="8009" minProcessors="5" maxProcessors="75" > acceptCount="10" debug="0" scheme="https" secure="true"/> > > > -- > To unsubscribe, e-mail: > <mailto:[EMAIL PROTECTED]> > For additional commands, e-mail: > <mailto:[EMAIL PROTECTED]> > > > -- > To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> > For additional commands, e-mail: <mailto:[EMAIL PROTECTED]> > > -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
