I'm going to do a bit of trimming here: On 7/25/2016 7:34 AM, Paul Roubekas wrote:
>>>> # # Add this before your first ProxyPass # However, after your
>>>> aliases #
>>>>
>>>> ProxyPass "/bb" ! ProxyPass "/tt" !
>>> This works now. Thanks
>>>> # # Also this would be a good idea to prevent TomEE manager
>>>> access # ProxyPass "/manager" !
>>> I protect this page via IP address. <Valve
>>> className="org.apache.catalina.valves.RemoteAddrValve"
>>> allow="[redacted]" />
>>>> # # Finally, to protect your one servlet # ProxyPass
>>>> "/path-to-servlet" !
>>> I have done something wrong here. It is not working. See more
>>> details below.
>> Well this should block access to the servlet that you don't want to
>> be visible via HTTP (only HTTPS).
>>
>>>> # # Now add the proxypass # ProxyPass "/"
>>>> "ajp://TomEE-host:8009/"
>>> ok
>>>> In your ssl.conf, you'll need to proxy the HTTPS-protected
>>>> servlet
>>>>
>>>> # # Protected servlet # ProxyPass "/path-to-servlet"
>>>> "ajp://TomEE-host:8009/path-to-servlet"
>>> I did a find on my whole Fedora 23 server looking for ssl.conf.
>>> The file did not exist. I created one(ssl.conf) and put it in
>>> the same directory as httpd.conf. Now the https servlet returns
>>> a "Not Found The requested URL /DonateServlet was not found on
>>> this server." 1) Did I put the ssl.conf in the correct
>>> directory? 2) What else can I check?
>> If you want Apache HTTPD to serve HTTPS content (in addition to
>> HTTP content), you'll need to install the mod_ssl RPM.
>>
>> 2.4.23-3.fc23.x86_64.rpm
>>
>> is the latest release I believe. I'm not sure - my laptop died and
>> with it my Fedora install (time to get a new laptop).
>>
>> In that rpm, you'll find:
>>
>> /etc/httpd/conf.d/ssl.conf /etc/httpd/conf.modules.d/00-ssl.conf
>> /usr/lib/systemd/system/httpd.socket.d/10-listen443.conf
>> /usr/lib64/httpd/modules/mod_ssl.so
>> /usr/libexec/httpd-ssl-pass-dialog /var/cache/httpd/ssl
>>
>> If Fedora and systemd haven't hacked things up too badly, you'll
>> put proxypass statements (again, I use mod_jk, so I put in JkMount
>> statements) in /etc/httpd/conf.d/ssl.conf.
>>
>> You'll be terminating SSL on Apache HTTPD, and sending AJP (not
>> encrypted) traffic between Apache HTTPD and TomEE.
>>
>> Prevent the proxypass to your protected servlet (whatever the URL
>> is) by using the exclamation point in httpd.conf. Add the required
>> proxypass in ssl.conf, which is what Apache HTTPD uses in order to
>> configure SSL.
> Not working. I am getting
>
> Not Found
>
> The requested URL /DonateServlet was not found on this server.
>
> ==== ssl.conf =====
>
> # Protected servlet
> ProxyPass "/DonateServlet" "ajp://localhost:8009/DonateServlet"
> ErrorLog "/var/log/myDomain.com-error_log"
> TransferLog "/var/log/myDomain.com-access_log"
You're right, the simple solution does not work. :-(
At this point, the only way I know how to manage this is with ReWrite rules.
These get pretty complicated, and I strongly suggest that you read the
rewrite rule documentation before playing around with them.
This is also pretty far afield from the Apache Tomcat mailing list. You
might want to head on over to the Apache HTTPD mailing list for better
answers.
That being said, I hacked together something that works.
In your httpd.conf file before the ProxyPass "/" statement:
# Turn on the rewrite Engine
RewriteEngine on
# Make sure you're not on HTTPS
RewriteCond %{HTTPS} !=on
# Send the DonateServlet to HTTPS
RewriteRule ^/DonateServlet$ https://%{SERVER_NAME}/DonateServlet [R,L]
# Send everything else to TomEE
ProxyPass "/" "ajp://localhost:8009/Protect"
In your ssl.conf file in the VirtualHost portion:
# Make sure the engine is on
RewriteEngine on
# Make sure you're not on port 80
RewriteCond %{SERVER_PORT} !^80$
# Rewrite everything except the URL you want in HTTPS
RewriteCond %{REQUEST_URI} !^/DonateServlet$
RewriteRule ^(.*)$ http://%{SERVER_NAME}$1 [R,L]
# Send the DonateServlet to TomEE
ProxyPass "/Protect/Dressed" "ajp://localhost:8009/DonateServlet"
I'm sure people can come up with better rewrite rules, but this should work.
. . . just my two cents
/mde/
signature.asc
Description: OpenPGP digital signature
