• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Liutauras Vilda
  • Jeanne Boyarsky
  • Devaka Cooray
  • Paul Clapham
Sheriffs:
  • Tim Cooke
  • Knute Snortum
  • Bear Bibeault
Saloon Keepers:
  • Ron McLeod
  • Tim Moores
  • Stephan van Hulst
  • Piet Souris
  • Ganesh Patekar
Bartenders:
  • Frits Walraven
  • Carey Brown
  • Tim Holloway

Tomcat behind Apache -- How to handle SSL?

 
Greenhorn
Posts: 1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

Hello,

Software/Versions:
RHEL 5.4
Tomcat 5.5
Apache 2.2.3
Railo 3.1.2
CFWebstore 6 44

I am using mod_proxy_ajp to pass requests for CFML pages to the backend Tomcat server for handling by Railo. It's all working except for SSL.

Here's my Apache VirtualHost config:

ProxyPreserveHost On

<VirtualHost *:80>
ServerName site.example.com

<Proxy *>
Order deny,allow
Allow from all
</Proxy>

ProxyPass / ajp://backend.example.com:8009/
ProxyPassReverse / ajp://backend.example.com:8009/

</VirtualHost>

<VirtualHost <ipaddr>:443>
ServerName site.example.com

SSLEngine On
SSLCertificateFile /etc/httpd/ssl/secure.site.example.com.crt
SSLCertificateKeyFile /etc/httpd/ssl/secure.site.example.com.key

<Proxy *>
Order deny,allow
Allow from all
</Proxy>

ProxyPass / ajp://backend.example.com:8010/
ProxyPassReverse / ajp://backend.example.com:8010/

</VirtualHost>

Here's my Tomcat server.xml snippets:

...
<Connector port="8009" address="0.0.0.0" proxyPort="80" protocol="AJP/1.3" enableLookups="false" />
<Connector port="8010" address="0.0.0.0" proxyPort="443" protocol="AJP/1.3" enableLookups="false" />
...
<Host name="site.example.com" appBase="webapps"
unpackWARs="true" autoDeploy="true"
xmlValidation="false" xmlNamespaceAware="false">
<Context path="" docBase="myapp" />
</Host>
...

The problem is that when CFWebstore tries to do a 301 redirect to the SSL site, something is getting lost and it just keeps throwing 301s infinitely. Either Apache isn't telling Tomcat the scheme (https) and port(443) or Tomcat isn't telling CFWebstore.

Any help is appreciated.

Thank you,

Ben
 
It is sorta covered in the JavaRanch Style Guide.
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!