RE: tomcat redirects to http instead of https

Mon, 19 Nov 2018 05:21:41 -0800 


>> I'm not using Named-Based Virtual Hosts

>> Yes, you are. :)

I didn't think I was. How do you figure?

> I do, there are two different applications in the box that use two 
> different Tomcat instances running in different ports and I use Apache 
> to proxy to each app while using one common SSL config

>> Understood. If you have two different applications on two Tomcat instances, 
>> is that why the port numbers don't match above?

Yes, sorry I posted the wrong config. So, it looks like I figured it out. 
Apparently, Apache 2.4 has a problem using a combination of both AJP and HTTP 
proxy statements in the same config (Apache 2.2 worked fine), so I ended up 
setting the following:

Tomcat Instance 1 server.xml file:

<Server port="8006" shutdown="SHUTDOWN">

<Connector port="8888" protocol="HTTP/1.1"
               connectionTimeout="20000"
               redirectPort="8443" />


<Connector port="8009" protocol="AJP/1.3" redirectPort="8443" />


Tomcat Instance 2 server.xml file:

<Server port="8005" shutdown="SHUTDOWN">

   <Connector port="8080" protocol="HTTP/1.1"
               connectionTimeout="20000"
               URIEncoding="UTF-8"
               redirectPort="8444" />

<Connector port="8010" protocol="AJP/1.3" redirectPort="8444" />

And in Apache config file I set the following:

<IfModule mod_ssl.c>
<VirtualHost _default_:443>
ProxyRequests Off

SSLEngine on
SSLCertificateFile ......cer
SSLCertificateKeyFile ......key
SSLCertificateChainFile .........chain.cer
SSLProtocol -all +TLSv1.2

SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
<Proxy *>
Order deny,allow
Allow from all
</Proxy>

#Tomcat 1
ProxyPass /admin ajp://localhost:8009/app1
ProxyPassReverse /admin ajp://localhost:8009/app1

#Tomcat 2
ProxyPass /ciphermail ajp://localhost:8010/app2
ProxyPassReverse /ciphermail ajp://localhost:8010/app2


ProxyTimeout 3600
........
</VirtualHost>
</IfModule>

This seems to work. Do you see a problem with the above?

Thanks



---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Reply via email to