On Tue, Jun 16, 2015 at 2:26 PM, Felix Schumacher < felix.schumac...@internetallee.de> wrote:
> > > Am 16. Juni 2015 20:10:52 MESZ, schrieb "Cohen, Laurence" < > lco...@novetta.com>: > >Yeah, I'm going to have to figure this out. If I paste the text in the > >email it will be very long. > > Maybe you could look for the changes yourself (diff might be your friend) > and just paste the things that are different. > > In the SuSE package is a perl script, which claims to do the conversion > from mod_ssl to mod_nss. You could try that on your original config files. > > By the way. It is considered bad style to top post in replies. > > Regards, > Felix > > > >On Tue, Jun 16, 2015 at 2:00 PM, Felix Schumacher < > >felix.schumac...@internetallee.de> wrote: > > > >> > >> > >> Am 16. Juni 2015 19:54:40 MESZ, schrieb "Cohen, Laurence" < > >> lco...@novetta.com>: > >> >On the old instance, represented in these files by prodweb01, > >ssl.conf > >> >and > >> >rewrite.conf were included from httpd.conf > >> > > >> >On the new instance represented by testweb01, nss.conf and > >rewrite.conf > >> >are > >> >included from httpd.conf, and ssl.conf is no longer used. You'll > >see > >> >that > >> >there was an attempt to move all of the RewriteRules from the > >ssl.conf > >> >in > >> >the old instance to ProxyPass statements in nss.conf. I'm assuming > >you > >> >are > >> >correct that something is not correct with these rules. > >> > >> Did you attach files to your mail? The mailing list strips most > >> attachments. You might be lucky attaching text files. > >> > >> Or you could strip out any comments and paste them inline. Our you > >put > >> them somewhere else and send a link to the files. > >> > >> Regards, > >> Felix > >> > >> > > >> >Thanks, > >> > > >> >Larry Cohen > >> > > >> >On Tue, Jun 16, 2015 at 1:36 PM, Cohen, Laurence > ><lco...@novetta.com> > >> >wrote: > >> > > >> >> I am most definitely confused. :-) > >> >> > >> >> I'm gathering and sanitizing configuration files now. > >> >> > >> >> Thanks, > >> >> > >> >> Larry > >> >> > >> >> On Tue, Jun 16, 2015 at 1:26 PM, Christopher Schultz < > >> >> ch...@christopherschultz.net> wrote: > >> >> > >> >>> -----BEGIN PGP SIGNED MESSAGE----- > >> >>> Hash: SHA256 > >> >>> > >> >>> Laurence, > >> >>> > >> >>> On 6/16/15 1:02 PM, Cohen, Laurence wrote: > >> >>> > Thanks for everyone's response. to Andre' Warnier, yes. There > >> >are > >> >>> > many ProxyPass statements in nss.conf on the Apache webserver. > >> >>> > They appear to have taken the place of redirect statements in > >> >>> > ssl.conf, which is no longer in use. > >> >>> > >> >>> I think you may be confused. mod_nss looks like a replacement for > >> >>> mod_ssl, which means it's only being used for connections coming > >> >>> *into* the Apache httpd process -- probably from clients. > >> >>> > >> >>> Yes, mod_ssl is also used to handle HTTPS going *out* through > >> >>> mod_proxy, but you say that's working, right? > >> >>> > >> >>> mod_ssl doesn't have any "redirect" configuration. If you had > >> >>> "Redirect [something]" then it was using mod_alias, and that has > >> >>> nothing to do with either mod_nss (nee mod_ssl) or whatever > >module > >> >you > >> >>> are using to proxy from httpd to Tomcat (probably > >mod_proxy_http). > >> >>> > >> >>> > Your configuration assumption is correct, except that the users > >> >>> > will connect to the webserver on port 80 and port 443, and it > >is > >> >>> > invisible to them where they are going on the app server. > >> >>> > >> >>> Assuming that mod_nss can service mod_proxy_http just as mod_ssl > >was > >> >>> able to in the past, then you should have to change nothing in > >your > >> >>> configuration. > >> >>> > >> >>> My guess is that your ProxyPass directives for the :80 > >VirtualHost > >> >>> were somehow damaged in the switch-over. > >> >>> > >> >>> Can you show us the :443 configuration versus the :80 > >configuration > >> >in > >> >>> terms of ProxyPass and ProxyPassReverse directives? > >> >>> > >> >>> - -chris > >> >>> -----BEGIN PGP SIGNATURE----- > >> >>> Comment: GPGTools - http://gpgtools.org > >> >>> > >> >>> iQIcBAEBCAAGBQJVgFwtAAoJEBzwKT+lPKRYuU8P/Ao9G5qfkl3b/vWgG4rP2ooW > >> >>> 4rN+I7L7p3aNGp5GXylfPh04B7R3+Lc0OS82lZvRlDP0UWCEBChA4j+JIBddIqXG > >> >>> exiOHS7lZLEpduZuWr0cK3/DpcA1KcF9xQYjji2SdxfyiYiZPY7WepXd/Fm6gs0a > >> >>> rp7f8WpGl5onhDRz0KKGmZK0YJbhMr8JwlrdeKolUlpeG8s9pmFiccQgN+QVhmJL > >> >>> yv6sGcrxoBBZAnG+1MbUzHAh2SXvjaBVXessf5L/w8ttCXWb3a6KcuZp+RJwTLZ9 > >> >>> FYO+DPlfGIP5FM9+8YL8CtF39D0SGM+4Uz93hHJr37eVVRmSxVj7zDgnT3OdGfe1 > >> >>> zjanRi4abrrMeXWQG1KsUgqS8u5iq/+FC9s6+i5iSt6cRRQQHwWH5337U85s3SPB > >> >>> +XrjXdbLpdTe6pZz2AJ9htXOwO/o0b0sO7vVls9r4F7gSPbnnETyk/jWjcVbRClb > >> >>> zPPR2rF4/XNDy3mCmid2dMoIpk2IrTxTt1tP9gPf0ZNl0JFeWSZrpY8EJhd5lyZs > >> >>> CGJDKBph3BLgfmHV5yj/lZXwqW63RTuWluVfliVnDo7LEkTMa424yTaF68XBpRWL > >> >>> mic2/HKVvrqn9CypeOhrJ9SmDer/xJ8lZWUP5DMijuYJaTbgDcCQEIcj2pVBR5O/ > >> >>> RpQ2KXVnBjLHYdoFGpSD > >> >>> =YmrV > >> >>> -----END PGP SIGNATURE----- > >> >>> > >> >>> > >> > >>--------------------------------------------------------------------- > >> >>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > >> >>> For additional commands, e-mail: users-h...@tomcat.apache.org > >> >>> > >> >>> > >> >> > >> > > >> > > >> > >>------------------------------------------------------------------------ > >> > > >> > > >> > >>--------------------------------------------------------------------- > >> >To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > >> >For additional commands, e-mail: users-h...@tomcat.apache.org > >> > >> > >> --------------------------------------------------------------------- > >> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > >> For additional commands, e-mail: users-h...@tomcat.apache.org > >> > >> > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > Sorry, I sent that last post before I sent this one. I'm assuming this is what you were meaning about top posting? I should just post after all previous posts? The problem with doing a diff is that the RewriteRules and ProxyPass rules are in a different format obviously, so I'd probably need to walk through them one by one. I will attempt to do that though. Thanks, Larry Cohen
