Re: Apache + Tomcat + Mod_JK + SSL How to?
Hi,
I've been following this thread for a bit and can offer some of my
painfully gained insights. I have Apache, tomcat 5.0.28, mod_jk and
SSL.
This is not a real fix, just my workarounds.
It drove me nuts forever until I figured out that Apache webserver does
not successful apply rewrite rules to the JkMount directive.
In my httpd.conf:
#tomcat worker
JkWorkersFile conf/workers.properties
JkLogFile logs/jk.log
JkLogLevel info
JkMount /*.jsp jkworker
Under my virtual host port 80 I tested a few rewrite rules(the first
was to the 'admin' directory, the second was for all requests):
RewriteRule ^/admin/(.*)$ https://server.name.com/$1 [R]
RewriteRule ^.*$ https://server.name.com%{REQUEST_URI} [R]
The rewrite would work for non JkMount items, but the behavior seemed
to show apache just handing off the transaction to tomcat via the mount
BEFORE applying the rewrite.
(please check this for yourself, if you use a rewrite rule to a non
JkMount directory Apache should redirect it successfully)
Tomcat would not bounce it to port 443 because the rewrite rule was not
in the tomcat layer.
Our java programer ended up writing a custom jsp that redirected the
transaction to a SSL port.
I then made the redirect directory forbidden under non-SSL.
I suspect there maybe a more graceful way to do this please let me know
if you find it.
-Kiarna
Apache + Tomcat + Mod_JK + SSL How to?
I know this has been asked, but the all the emails and on-line docs don't seem to make sense to me. What I have is this. Apache, Tomcat, Mod_JK all running and working on my server. The SSL on Apache is working as well. All I want to do is have certain urls use SSL on Apache. So when you go to /site it's non-ssl, which works now, but when you access /admin it redirects to SSL, this is not working now. How do I get this working? -- Justin Stanczak Stanczak Group 812-735-3600 All that is necessary for the triumph of evil is that good men do nothing. Edmund Burke .....__. ./ _/....._/..|_..... /...\../.__.\./\...__\/.._.\./._..\ \\_\..\..___/|...|..\..|.(.._.|._..) .\__../\___.._\__|../__|..\/.\/.. \/.\/.\/.. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Apache + Tomcat + Mod_JK + SSL How to?
Well, maybe I've just make a mistake somewhere. I looked at my jsp-examples/ url work with ssl and without in mod_jk. Where should I look to see why this one works but my app doesn't? Stanczak Group wrote: I know this has been asked, but the all the emails and on-line docs don't seem to make sense to me. What I have is this. Apache, Tomcat, Mod_JK all running and working on my server. The SSL on Apache is working as well. All I want to do is have certain urls use SSL on Apache. So when you go to /site it's non-ssl, which works now, but when you access /admin it redirects to SSL, this is not working now. How do I get this working? -- Justin Stanczak Stanczak Group 812-735-3600 All that is necessary for the triumph of evil is that good men do nothing. Edmund Burke .....__. ./ _/....._/..|_..... /...\../.__.\./\...__\/.._.\./._..\ \\_\..\..___/|...|..\..|.(.._.|._..) .\__../\___.._\__|../__|..\/.\/.. \/.\/.\/.. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Apache + Tomcat + Mod_JK + SSL How to?
Stanczak Group wrote: Well, maybe I've just make a mistake somewhere. I looked at my jsp-examples/ url work with ssl and without in mod_jk. Where should I look to see why this one works but my app doesn't? Stanczak Group wrote: I know this has been asked, but the all the emails and on-line docs don't seem to make sense to me. What I have is this. Apache, Tomcat, Mod_JK all running and working on my server. The SSL on Apache is working as well. All I want to do is have certain urls use SSL on Apache. So when you go to /site it's non-ssl, which works now, but when you access /admin it redirects to SSL, this is not working now. How do I get this working? Hi, Your question is a little bit unclear. If you need a redirection from http://site/admin/ to https://site/admin/ look at the mod_rewrite, or simply make a absolute link to https page. Regards, Mladen. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Apache + Tomcat + Mod_JK + SSL How to?
I'm not familiar with mod_jk, but in Tomcat when using SSL I can put in a security constraint and it will redirect to a secure connection, so that's why I'm making it sound like a redirect. But the real issue is when I access the url for example http://www.myapp.com/thisapp it works, but when I add https://www.myapp.com/thisapp it fails saying The requested URL /MemCarQue/cars was not found on this server.. But the default jsp-examples/ url works with SSL and without. Once this works then I'll want to make it so the /thisapp/secure part works like Tomcat stand alone and redirects based on the security constraint in web.xml of the app. I'm guessing this can be done by setting the Tomcat to redirect to SSL port. Mladen Turk wrote: Stanczak Group wrote: Well, maybe I've just make a mistake somewhere. I looked at my jsp-examples/ url work with ssl and without in mod_jk. Where should I look to see why this one works but my app doesn't? Stanczak Group wrote: I know this has been asked, but the all the emails and on-line docs don't seem to make sense to me. What I have is this. Apache, Tomcat, Mod_JK all running and working on my server. The SSL on Apache is working as well. All I want to do is have certain urls use SSL on Apache. So when you go to /site it's non-ssl, which works now, but when you access /admin it redirects to SSL, this is not working now. How do I get this working? Hi, Your question is a little bit unclear. If you need a redirection from http://site/admin/ to https://site/admin/ look at the mod_rewrite, or simply make a absolute link to https page. Regards, Mladen. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- Justin Stanczak Stanczak Group 812-735-3600 All that is necessary for the triumph of evil is that good men do nothing. Edmund Burke .....__. ./ _/....._/..|_..... /...\../.__.\./\...__\/.._.\./._..\ \\_\..\..___/|...|..\..|.(.._.|._..) .\__../\___.._\__|../__|..\/.\/.. \/.\/.\/.. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Apache + Tomcat + Mod_JK + SSL How to?
Stanczak Group wrote: I'm not familiar with mod_jk, but in Tomcat when using SSL I can put in a security constraint and it will redirect to a secure connection, so that's why I'm making it sound like a redirect. Hmm. You are still unclear. Seems to me that you are saying that you can access your application with http via mod_jk but not via https, and you can access jsp-examples both with http and https? Is this correct? Also, adjust your clock. Regards, Mladen. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Apache + Tomcat + Mod_JK + SSL How to?
Mladen Turk wrote: Stanczak Group wrote: I'm not familiar with mod_jk, but in Tomcat when using SSL I can put in a security constraint and it will redirect to a secure connection, so that's why I'm making it sound like a redirect. Hmm. You are still unclear. Seems to me that you are saying that you can access your application with http via mod_jk but not via https, and you can access jsp-examples both with http and https? Is this correct? yes that is correct. Also, adjust your clock. ? What do you mean? Regards, Mladen. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- Justin Stanczak Stanczak Group 812-735-3600 All that is necessary for the triumph of evil is that good men do nothing. Edmund Burke .....__. ./ _/....._/..|_..... /...\../.__.\./\...__\/.._.\./._..\ \\_\..\..___/|...|..\..|.(.._.|._..) .\__../\___.._\__|../__|..\/.\/.. \/.\/.\/.. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Apache + Tomcat + Mod_JK + SSL How to?
test time Stanczak Group wrote: Mladen Turk wrote: Stanczak Group wrote: I'm not familiar with mod_jk, but in Tomcat when using SSL I can put in a security constraint and it will redirect to a secure connection, so that's why I'm making it sound like a redirect. Hmm. You are still unclear. Seems to me that you are saying that you can access your application with http via mod_jk but not via https, and you can access jsp-examples both with http and https? Is this correct? yes that is correct. Also, adjust your clock. ? What do you mean? Regards, Mladen. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- Justin Stanczak Stanczak Group 812-735-3600 All that is necessary for the triumph of evil is that good men do nothing. Edmund Burke .....__. ./ _/....._/..|_..... /...\../.__.\./\...__\/.._.\./._..\ \\_\..\..___/|...|..\..|.(.._.|._..) .\__../\___.._\__|../__|..\/.\/.. \/.\/.\/.. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Apache + Tomcat + Mod_JK + SSL How to?
Mladen Turk wrote: Stanczak Group wrote: I'm not familiar with mod_jk, but in Tomcat when using SSL I can put in a security constraint and it will redirect to a secure connection, so that's why I'm making it sound like a redirect. Hmm. You are still unclear. Seems to me that you are saying that you can access your application with http via mod_jk but not via https, and you can access jsp-examples both with http and https? Is this correct? Also, adjust your clock. That fix it? I didn't even see it was off. Regards, Mladen. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- Justin Stanczak Stanczak Group 812-735-3600 All that is necessary for the triumph of evil is that good men do nothing. Edmund Burke .....__. ./ _/....._/..|_..... /...\../.__.\./\...__\/.._.\./._..\ \\_\..\..___/|...|..\..|.(.._.|._..) .\__../\___.._\__|../__|..\/.\/.. \/.\/.\/.. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Apache + Tomcat + Mod_JK + SSL How to? Got it.
It was something simple. I didn't have to mod_jk directive setup on the virtual host with ssl. Stanczak Group wrote: Mladen Turk wrote: Stanczak Group wrote: I'm not familiar with mod_jk, but in Tomcat when using SSL I can put in a security constraint and it will redirect to a secure connection, so that's why I'm making it sound like a redirect. Hmm. You are still unclear. Seems to me that you are saying that you can access your application with http via mod_jk but not via https, and you can access jsp-examples both with http and https? Is this correct? Also, adjust your clock. That fix it? I didn't even see it was off. Regards, Mladen. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- Justin Stanczak Stanczak Group 812-735-3600 All that is necessary for the triumph of evil is that good men do nothing. Edmund Burke .....__. ./ _/....._/..|_..... /...\../.__.\./\...__\/.._.\./._..\ \\_\..\..___/|...|..\..|.(.._.|._..) .\__../\___.._\__|../__|..\/.\/.. \/.\/.\/.. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
