Hi.
Probably nothing to do with your problem, and I am not quite sure it
really matters because I have not analysed your configuration in detail,
but in principle ...
This line
DocumentRoot /d01/tomcat/webapps/zeABC
means that you are allowing Apache to serve the files that are below
that directory, including what is below WEB-INF in that directory, for
example the web.xml of your application.
Pete Beebe wrote:
Thank you, Tony,
HTTPD was installed form the 2.2.6 source against a RHES4.0 OS.
The end-user that reported the issue simply stated "web site down" whereas when
I navigated to the default pages I was looking at the contents of the http-ssl.conf file
with no error message.
The only recent changes to the Apache install was an update to the ssl.conf
file's certificate names and adjusting the proxy_pass/rewrite commands in order
to properly pass traffic from Apache to Tomcat's webapp. I thought that
perhaps the proxy_pass/rewrite bit might have been the issue but figured if it
was configured wrong a more persistent error would be evident.
Config params for the source compile were:
"./configure" \
"-prefix=/d01/apache" \
"--enable-ssl" \
"--enable-proxy" \
"--enable-dav" \
"--enable-dav-fs" \
"--enable-dav-lock" \
"--enable-vhost-alias" \
"--enable-rewrite" \
"--enable-so" \
"--with-include-apr" \
"--with-ssl=/usr/include/openssl" \
"--with-mpm=worker" \
The Apache server listens on two NICs for two sites which both run on a Tomcat
back-end.
-----------
HTTPD.CONF:
-----------
ServerRoot "/d01/apache"
Listen 80
<IfModule !mpm_netware_module>
User daemon
Group daemon
</IfModule>
ServerAdmin [email protected] DocumentRoot "/d01/apache/htdocs"
<Directory />
Options FollowSymLinks
AllowOverride None
Order deny,allow
Deny from all
</Directory>
<Directory "/d01/apache/htdocs">
Options Indexes FollowSymLinks
AllowOverride None
Order allow,deny
Allow from all
</Directory>
<IfModule dir_module>
DirectoryIndex index.html
</IfModule>
<FilesMatch "^\.ht">
Order allow,deny
Deny from all
Satisfy All
</FilesMatch>
ErrorLog logs/error_log
LogLevel warn
LoadModule jk_module modules/mod_jk.so
Include "/d01/apache/conf/mod_jk.conf"
<IfModule log_config_module>
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\""
combined
LogFormat "%h %l %u %t \"%r\" %>s %b" common
<IfModule logio_module>
# You need to enable mod_logio.c to use %I and %O
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I
%O" combinedio
</IfModule>
CustomLog logs/access_log common
</IfModule>
<IfModule alias_module>
ScriptAlias /cgi-bin/ "/d01/apache/cgi-bin/"
</IfModule>
<IfModule cgid_module>
</IfModule>
<Directory "/d01/apache/cgi-bin">
AllowOverride None
Options None
Order allow,deny
Allow from all
</Directory>
DefaultType text/plain
<IfModule mime_module>
TypesConfig conf/mime.types
AddType application/x-compress .Z
AddType application/x-gzip .gz .tgz
</IfModule>
Include conf/extra/httpd-mpm.conf
Include conf/extra/httpd-ssl.conf
<IfModule ssl_module>
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
</IfModule>
Alias /abc /d01/tomcat/webapps/zeABC
<Directory /d01/tomcat/webapps/zeABC>
Options FollowSymLinks Includes
DirectoryIndex index.html
AddHandler server-parsed shtml
order allow,deny
allow from all
</Directory>
<VirtualHost 10.0.0.11:80>
ServerAdmin [email protected]
DocumentRoot /d01/tomcat/webapps/zeABC
ServerName www.zeABC.com
ServerAlias zeABC.com
ScriptAlias /cgi-bin/ /home/zeABC/cgi-bin/
RewriteEngine on
RewriteCond %{SERVER_PORT} !^443$
# RewriteRule ^(.*)$ https://www.zeABC.com/abc/$1 [L,R]
RewriteRule ^(.*)$ https://www.zeABC.com/zeABC$1 [L,R]
</VirtualHost>
<VirtualHost 10.0.0.12:80>
ServerAdmin [email protected]
DocumentRoot /d01/tomcat/webapps/zeABC
ServerName www.XYZ.com
ServerAlias XYZ.com
ScriptAlias /cgi-bin/ /home/zeABC/cgi-bin/
RewriteEngine on
RewriteRule ^(.*) https://www.XYZ.com/abc
</VirtualHost>
ServerTokens Minimal
--------------
HTTP-SSL.CONF:
--------------
Listen 443
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl .crl
SSLPassPhraseDialog builtin
SSLSessionCache "shmcb:/d01/apache/logs/ssl_scache(512000)"
SSLSessionCacheTimeout 300
SSLMutex "file:/d01/apache/logs/ssl_mutex"
<VirtualHost 10.0.0.11:443>
DocumentRoot "/home/ABC_ssl/tmp"
ServerName www.ABC.com
ServerAdmin [email protected]
ErrorLog logs/ssl_error_log
CustomLog logs/ssl_access_log combined
<Directory "/home/ABC_ssl/tmp">
Options Indexes FollowSymLinks MultiViews
AllowOverride None
Order allow,deny
Allow from all
</Directory>
ScriptAlias /cgi-bin/ "/home/ABC_ssl/cgi-bin/"
<Directory "/home/ABC_ssl/cgi-bin">
AllowOverride None
Options None
Order allow,deny
Allow from all
SSLOptions +StdEnvVars
</Directory>
ProxyPass /ABC/ http://10.0.0.11:9001/ABC/
ProxyPassReverse /ABC/ http://10.0.0.11:9001/ABC/
SSLEngine on
SSLProtocol -ALL +SSLv3 +TLSv1
SSLCipherSuite ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM
SSLCertificateFile /d01/apache/conf/ssl.crt/www_ABC_com.2009.crt
SSLCertificateKeyFile /d01/apache/conf/ssl.key/www.ABC.com.key
SSLCACertificateFile /d01/apache/conf/ssl.prm/intermediate.crt
SSLCertificateChainFile /d01/apache/conf/ssl.crt/www_ABC_com.ca-bundle
<Location />
SSLRequire %{SSL_CIPHER_USEKEYSIZE} >= 128
ErrorDocument 403 http://www.ABC.com/error_4035.cfm
</Location>
SetEnvIf User-Agent ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown
</VirtualHost>
<VirtualHost 10.0.0.12:443>
DocumentRoot "/home/xyz"
ServerName www.XYZ.com
ServerAdmin [email protected]
<Directory "/home/xyz">
Options Indexes FollowSymLinks MultiViews
AllowOverride None
Order allow,deny
Allow from all
</Directory>
ScriptAlias /cgi-bin/ "/home/xyz/cgi-bin/"
<Directory "/home/xyz/cgi-bin">
AllowOverride None
Options None
Order allow,deny
Allow from all
SSLOptions +StdEnvVars
</Directory>
RewriteEngine on
RewriteRule ^/abc /ABC/XYZOMG/ [R]
ProxyPass /ABC/ http://10.0.0.11:9001/ABC/
ProxyPassReverse /ABC/ http://10.0.0.11:9001/ABC/
SSLEngine on
SSLProtocol -ALL +SSLv3 +TLSv1
SSLCipherSuite ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM
SSLCertificateFile /d01/apache/conf/ssl.crt/www_XYZ_com.crt
SSLCertificateKeyFile /d01/apache/conf/ssl.key/www.XYZ.com.key
SSLCACertificateFile /d01/apache/conf/ssl.prm/intermediate.crt
SSLCertificateChainFile /d01/apache/conf/ssl.crt/www_XYZ_com.ca-bundle
<Location />
SSLRequire %{SSL_CIPHER_USEKEYSIZE} >= 128
ErrorDocument 403 http://www.ABC.com/error_4035.cfm
</Location>
SetEnvIf User-Agent ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown
</VirtualHost>
From: Tony Stevenson <[email protected]>
Subject: Re: [us...@httpd] HTTP misconfiguration?
Pete,
I would suggest initially you tell us about your install of
of HTTPD, is from source, or from a vendor package?
Ca you show us your config? Either an anonomised one, or
one that covers the main httpd config, along with your ssl
config.
Is it possible that you have an overlapping config, that
exposes your config files. i.e. a misconfigured docroot, or
symlinks?
Also, what error were you getting when the "site was
down" 40x?, 50x? - Specifics can help us here.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [email protected]
" from the digest: [email protected]
For additional commands, e-mail: [email protected]
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [email protected]
" from the digest: [email protected]
For additional commands, e-mail: [email protected]
