Hello,
I have been running Tomcat 4.1.12 with Apache 1.3.23 for a while now as
a development platform. I use mod_jk to redirect various virtual hosts
(using an internal DNS server) to the appropriate tomcat Context with no
troubles. All is well in my little http world.
I would like to add new contexts to tomcat that will accessed via both
http (80) and https (443). I can get tomcat going no problem on 8080 and
8443 (by adding the jsse, jnet, and jcert jar files), but I would like
Apache (and mod_ssl) to handle the https redirects.
I seem to be encountering difficulties when configuring SSL availability
in ($APACHE_HOME)/conf/httpd.conf.
I have mod_ssl.so installed
I have the listener listening:
<IfDefine HAVE_SSL>
Listen 80
Listen 443
</IfDefine>
I have a default SSL host set (which has the default options all set to
it):
<VirtualHost _default_:443>
SSLEngine on
SSLCipherSuite
ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateFile /etc/httpd/conf/ssl.crt/server.crt
SSLCertificateKeyFile /etc/httpd/conf/ssl.key/server.key
</VirtualHost>
I have a name-based virtual host
NameVirtualHost 192.168.1.22
I have a virtual host that points to the main page
<VirtualHost 192.168.1.22>
ServerName main.MYHOST.com
ServerAlias main.MYHOST.com
ServerAlias main
ErrorLog logs/siteDevWorker-error_log
CustomLog logs/siteDevWorker-access_log common
DocumentRoot /var/www/html
</VirtualHost>
I have a Virtual host pointing to a mod_jk worker and Tomcat Webapp
which works great:
<VirtualHost 192.168.1.22>
ServerName webdev.MYHOST.com
ServerAlias webdev.MYHOST.com
ServerAlias webdev
JkMount / siteDevWorker
JkMount /* siteDevWorker
ErrorLog logs/siteDevWorker-error_log
CustomLog logs/siteDevWorker-access_log common
</VirtualHost>
If I set up a SINGLE <VirtualHost> using SSL (443) for my
webdev.MYHOST.com host, it works great with http and https:
<VirtualHost 192.168.1.22:443>
ServerName webdev.MYHOST.com
ServerAlias webdev.MYHOST.com
ServerAlias webdev
SSLEngine On
SSLCertificateFile /etc/httpd/conf/ssl.crt/server.crt
SSLCertificateKeyFile /etc/httpd/conf/ssl.key/server.key
JkMount / siteDevWorker
JkMount /* siteDevWorker
ErrorLog logs/siteDevWorker-error_log
CustomLog logs/siteDevWorker-access_log common
</VirtualHost>
Now, here's where it breaks down.
If I try and install a SECOND virtual hose using SSL, I get some odd
precedence error. I create an SSL Virtual host for my main page:
<VirtualHost 192.168.1.22>
ServerName main.MYHOST.com
ServerAlias main.MYHOST.com
ServerAlias main
SSLEngine On
SSLCertificateFile /etc/httpd/conf/ssl.crt/server.crt
SSLCertificateKeyFile /etc/httpd/conf/ssl.key/server.key
ErrorLog logs/siteDevWorker-error_log
CustomLog logs/siteDevWorker-access_log common
DocumentRoot /var/www/html
</VirtualHost>
But, when I start up apache, I get a precedence error:
[root@MYHOST conf]# /etc/init.d/httpd start
Starting httpd: [Mon Nov 18 14:29:43 2002] [warn] VirtualHost
192.168.1.22:443 overlaps with VirtualHost 192.168.1.22:443, the first
has precedence, perhaps you need a NameVirtualHost directive
Note that in both cases the only differences between the HTTP and the
HTTPS version of the virtual host are the reference to :443 and the SSL
directives.
I don't understand why such a precedence error happens for https but not
http. Has anyone else succeeded in configuring their systems as such? If
anyone has some documentation or hints as to how to proceed, it would be
very handy
Platform particulars:
Linux (redhat 7.2)
Tomcat 4.1.12
Apache 1.3.23
mod_jk.so
mod_ssl.so
...Paul
