Re: AJP Connector - Problems Proxying HTTPS Connections

[Rainer Jung]

It should be OK, it's not named based virtual hosts in his case.
You should be posting this to the httpd user list, since you are using 
mod_proxy_* and not mod_jk. You might get help here too, but it's more a 
question concerning an httpd standard module.

From general experience: the answer might depend on which component is 
actually producing the redirect: tomcat, you application or some 
framework used. In general the ajp protocol transports knowledge about 
using https on the apache side to your servelt container, such that it 
is able to produce correct self-referring URLs. If the redirect comes 
from some other component, this could produce wrong redirects.

Regards,

Rainer

David Delbecq wrote:
Not speaking of tomcat, as far as i know https and virtual hosting do
not mix very well unless the same certificate is used for all hosts.

En l'instant précis du 02/05/07 15:53, Bill Bailey s'exprimait en ces
termes:
Hi,

 

I am trying to run Tomcat 5.5.20 behind Win32 Apache HTTPD 2.2.4 with
SSL (downloaded from apachelounge.com) using the AJP connector. 

 

I have a virtual host configured on both Tomcat and Apache HTTPD.

 

Everything works fine if I configure my Apache HTTPD virtual host to run
unsecured on port 80, but if I set it up to run secured on port 443, it
appears that when it forwards an https request to Tomcat, Tomcat is
redirecting Apache to http://www.resourcepoint.org
<http://www.resourcepoint.org/> . If I also have the port 80 virtual
host configured in Apache HTTPD, it simply resubmits the http request to
Tomcat which happily processes it (but obviously this is not what was
wanted since I am now running unsecured). If the Apache HTTPD port 80
virtual host hasn't been configured, Apache can't find a suitable
virtual host and tries to serve up the document from htdocs and, of
course, fails.

 

I can see in Apache HTTPD log files where it is successfully getting the
https request and I can see a connection accepted on port 8009 in the
tomcat log files (followed by a line containing Location =
http://www.resourcepoint.org/index.jsp). Finally, in the case where the
Apache HTTPD port 80 virtual host is not configured I can see entries in
the Apache HTTPD error file where it says the file could not be found in
htdocs (because that isn't where it is).

 

My question is: 

 

Why doesn't Tomcat process this https request? Why is it redirecting
Apache to an http URL? Am I missing some configuration parameter that
I'm unaware of?

 

I have included fragments of both my Apache and Tomcat configuration
files below.

 

Thanks in advance for any assistance you can provide.

 

Bill Bailey

Senior Developer / DBA

Northland, A Church Distributed

 

Apache Virtual Host Configuration Fragment

 

NameVirtualHost xxx.xx.xx.x:443

 

<VirtualHost xxx.xx.xx.x:443>

 

      # General setup for the virtual host

 

      ServerName www.resourcepoint.org:443

      DocumentRoot E:\Apache2\vhosts\resourcepoint

      ServerAlias www.resourcepoint.org:443

      ErrorLog logs/resourcepoint-ssl-error_log

      CustomLog logs/resourcepoint-ssl-access_log common

 

      <Directory "E:/Apache2/vhosts/resourcepoint">

 

            ... directory stuff in here ...

 

      </Directory>

 

      <Location / >

 

            ProxyPass ajp://127.0.0.1:8009/

            ProxyPassReverse ajp://127.0.0.1:8009/

 

      </Location>

 

      ... SSL stuff here ...

</VirtualHost>

 

Tomcat Virtual Host Configuration Fragment

 

<Service name="Catalina">

 

  <!-- Define a non-SSL HTTP/1.1 Connector on port 8080 -->

 

  <Connector port="8888"

             address="127.0.0.1"

             maxHttpHeaderSize="8192"

             maxThreads="150" 

             minSpareThreads="25" 

 maxSpareThreads="75"

             enableLookups="false" 

             redirectPort="8443"

             acceptCount="100"

             connectionTimeout="20000" 

             disableUploadTimeout="true" />

 

  <!-- Define an AJP 1.3 Connector on port 8009 -->

         

  <Connector port="8009" 

             address="127.0.0.1"

             enableLookups="false"  

             protocol="AJP/1.3" 

             secure="true"

             scheme="https"

             proxyName="www.resourcepoint.org" 

             proxyPort="443" />

 

  <!-- Define the top level container in our container hierarchy -->

 

  <Engine name="Catalina" defaultHost="www.resourcepoint.org">

 

    <Realm className="org.apache.catalina.realm.UserDatabaseRealm"
resourceName="UserDatabase" />

 

    <Host name="localhost" appBase="webapps" />

 

    <Host name="www.resourcepoint.org" 

          appBase="E:\webapps\resourcepoint"

          unpackWARs="true" 

          autoDeploy="true"

          xmlValidation="false" 

          xmlNamespaceAware="false">

 

    <Context path="" docBase="ROOT" debug="1"/>

 

          <Logger className="org.apache.catalina.logger.FileLogger"/>

    </Host>

 

  </Engine>

 

</Service>

 

 


  

---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]