Re: HTTPS with Apache 2.0.48 and Tomcat 5.0.16
Am Montag, 2. Februar 2004 22:40 schrieb Oscar Carrillo: The method I describe may not work w/ mod_jk2. Frankly, I don't know. But I did a search and found this site, which seems to show that you can define these things in workers2.properties http://www.pixelfreak.net/howto/apache2_jk2_tomcat/socket.html Hi Oscar, thanks for your help! I looked at this site and tried this in my workers2.properties: [ajp13:localhost:8009] channel=channel.socket:localhost:8009 [uri:/demo_02/*:443] info=Map the whole webapp worker=ajp13:localhost:8009 My intension was to map all requests to /demo_02 that come over HTTPS to the tomcat project. Unfortunately, I get an error message saying: You don't have permission to access /demo_02 on this server. Additionally, a 403 Forbidden error was encountered while trying to use an ErrorDocument to handle the request. When I remove the port specification of the mapping it works, but with both HTTP and HTTPS :-( Do you have any idea what might be the problem? Ralf. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: HTTPS with Apache 2.0.48 and Tomcat 5.0.16
Hi, I assume that's an Apache error your getting. If that's true, then that means it's not mapped to Tomcat. I don't know anything about the mod_jk2 syntax, which sounds like the problem. Do you do the proper include for the workers2.properties in httpd.conf, which I assume you need to do? Alternatively, if you've gotten it work in both HTTP and HTTPS, you can redirect HTTP to HTTPS. Then it works, but you don't have the option of having a separate webapp for HTTP. Good luck, Oscar On Wed, 4 Feb 2004, Ralf Schneider wrote: Am Montag, 2. Februar 2004 22:40 schrieb Oscar Carrillo: The method I describe may not work w/ mod_jk2. Frankly, I don't know. But I did a search and found this site, which seems to show that you can define these things in workers2.properties http://www.pixelfreak.net/howto/apache2_jk2_tomcat/socket.html Hi Oscar, thanks for your help! I looked at this site and tried this in my workers2.properties: [ajp13:localhost:8009] channel=channel.socket:localhost:8009 [uri:/demo_02/*:443] info=Map the whole webapp worker=ajp13:localhost:8009 My intension was to map all requests to /demo_02 that come over HTTPS to the tomcat project. Unfortunately, I get an error message saying: You don't have permission to access /demo_02 on this server. Additionally, a 403 Forbidden error was encountered while trying to use an ErrorDocument to handle the request. When I remove the port specification of the mapping it works, but with both HTTP and HTTPS :-( Do you have any idea what might be the problem? Ralf. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: HTTPS with Apache 2.0.48 and Tomcat 5.0.16
Try this. workers.tomcat_home=/var/tomcat4 workers.java_home=/usr/java/java ps=/ #-- Active connectors. Typically one per tomcat instance. worker.list=ajp13 #-- ajp13 WORKER PARAMETERS -- worker.ajp13.port=8009 worker.ajp13.host=localhost worker.ajp13.type=ajp13 worker.ajp13.lbfactor=1 - Original Message - From: Oscar Carrillo [EMAIL PROTECTED] To: Tomcat Users List [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Wednesday, February 04, 2004 2:21 PM Subject: Re: HTTPS with Apache 2.0.48 and Tomcat 5.0.16 Hi, I assume that's an Apache error your getting. If that's true, then that means it's not mapped to Tomcat. I don't know anything about the mod_jk2 syntax, which sounds like the problem. Do you do the proper include for the workers2.properties in httpd.conf, which I assume you need to do? Alternatively, if you've gotten it work in both HTTP and HTTPS, you can redirect HTTP to HTTPS. Then it works, but you don't have the option of having a separate webapp for HTTP. Good luck, Oscar On Wed, 4 Feb 2004, Ralf Schneider wrote: Am Montag, 2. Februar 2004 22:40 schrieb Oscar Carrillo: The method I describe may not work w/ mod_jk2. Frankly, I don't know. But I did a search and found this site, which seems to show that you can define these things in workers2.properties http://www.pixelfreak.net/howto/apache2_jk2_tomcat/socket.html Hi Oscar, thanks for your help! I looked at this site and tried this in my workers2.properties: [ajp13:localhost:8009] channel=channel.socket:localhost:8009 [uri:/demo_02/*:443] info=Map the whole webapp worker=ajp13:localhost:8009 My intension was to map all requests to /demo_02 that come over HTTPS to the tomcat project. Unfortunately, I get an error message saying: You don't have permission to access /demo_02 on this server. Additionally, a 403 Forbidden error was encountered while trying to use an ErrorDocument to handle the request. When I remove the port specification of the mapping it works, but with both HTTP and HTTPS :-( Do you have any idea what might be the problem? Ralf. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: HTTPS with Apache 2.0.48 and Tomcat 5.0.16
And add this to your Tomcat's server.xml !-- Define an AJP 1.3 Connector on port 8009 -- Connector className=org.apache.ajp.tomcat4.Ajp13Connector port=8009 minProcessors=250 maxProcessors=400 enableLookups=false tomcatAuthentication=false acceptCount=200 debug=0/ - Original Message - From: Oscar Carrillo [EMAIL PROTECTED] To: Tomcat Users List [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Wednesday, February 04, 2004 2:21 PM Subject: Re: HTTPS with Apache 2.0.48 and Tomcat 5.0.16 Hi, I assume that's an Apache error your getting. If that's true, then that means it's not mapped to Tomcat. I don't know anything about the mod_jk2 syntax, which sounds like the problem. Do you do the proper include for the workers2.properties in httpd.conf, which I assume you need to do? Alternatively, if you've gotten it work in both HTTP and HTTPS, you can redirect HTTP to HTTPS. Then it works, but you don't have the option of having a separate webapp for HTTP. Good luck, Oscar On Wed, 4 Feb 2004, Ralf Schneider wrote: Am Montag, 2. Februar 2004 22:40 schrieb Oscar Carrillo: The method I describe may not work w/ mod_jk2. Frankly, I don't know. But I did a search and found this site, which seems to show that you can define these things in workers2.properties http://www.pixelfreak.net/howto/apache2_jk2_tomcat/socket.html Hi Oscar, thanks for your help! I looked at this site and tried this in my workers2.properties: [ajp13:localhost:8009] channel=channel.socket:localhost:8009 [uri:/demo_02/*:443] info=Map the whole webapp worker=ajp13:localhost:8009 My intension was to map all requests to /demo_02 that come over HTTPS to the tomcat project. Unfortunately, I get an error message saying: You don't have permission to access /demo_02 on this server. Additionally, a 403 Forbidden error was encountered while trying to use an ErrorDocument to handle the request. When I remove the port specification of the mapping it works, but with both HTTP and HTTPS :-( Do you have any idea what might be the problem? Ralf. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: HTTPS with Apache 2.0.48 and Tomcat 5.0.16
Am Mittwoch, 4. Februar 2004 21:53 schrieb arvind singh: Try this. workers.tomcat_home=/var/tomcat4 workers.java_home=/usr/java/java ps=/ #-- Active connectors. Typically one per tomcat instance. worker.list=ajp13 #-- ajp13 WORKER PARAMETERS -- worker.ajp13.port=8009 worker.ajp13.host=localhost worker.ajp13.type=ajp13 worker.ajp13.lbfactor=1 This seems to be a configuration for Tomcat 4.x and mod_jk, isn't it? But I have Tomcat 5.0.16 and mod_jk2. So I guess that won't help. Ralf. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: HTTPS with Apache 2.0.48 and Tomcat 5.0.16
Am Mittwoch, 4. Februar 2004 20:21 schrieb Oscar Carrillo: Alternatively, if you've gotten it work in both HTTP and HTTPS, you can redirect HTTP to HTTPS. Then it works, but you don't have the option of having a separate webapp for HTTP. I tried this with the following statement in httpd.conf (outside a VirtualHost declaration): Redirect /demo_02 https://localhost/demo_02 But that had no effect. I could access the page with both HTTP and HTTPS. Ralf. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: HTTPS with Apache 2.0.48 and Tomcat 5.0.16
You should try it in the VirtualHost declaration. That's where I would put it. Oscar On Wed, 4 Feb 2004, Ralf Schneider wrote: Am Mittwoch, 4. Februar 2004 20:21 schrieb Oscar Carrillo: Alternatively, if you've gotten it work in both HTTP and HTTPS, you can redirect HTTP to HTTPS. Then it works, but you don't have the option of having a separate webapp for HTTP. I tried this with the following statement in httpd.conf (outside a VirtualHost declaration): Redirect /demo_02 https://localhost/demo_02 But that had no effect. I could access the page with both HTTP and HTTPS. Ralf. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: HTTPS with Apache 2.0.48 and Tomcat 5.0.16
Am Mittwoch, 4. Februar 2004 21:10 schrieb Oscar Carrillo: You should try it in the VirtualHost declaration. That's where I would put it. No, it doesn't work either. I've no more ideas. Ralf. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: HTTPS with Apache 2.0.48 and Tomcat 5.0.16
Here is part of my httpd.conf for and Apache2, Tomcat 4.1.29 and mod_jk2 setup. This is only for the Virtual host part. Assuming you have everyhting else loading correctly it should work. NameVirtualHost 127.0.0.1:443 NameVirtualHost 127.0.0.1:80 VirtualHost 127.0.0.1:80 ServerName www.domain.com ServerAlias domain.com Redirect permanent / https://www.domain.com /VirtualHost VirtualHost 127.0.0.1:443 ServerName www.domain.com ServerAlias domain.com DocumentRoot z:/tomcattest/webapps ErrorLog z:/tomcattest/logs/domain_error.log CustomLog z:/tomcattest/logs/domain_access.log common SSLEngine On SSLCertificateFile conf/ssl/domain.crt SSLCertificateKeyFile conf/ssl/domain.key.unsecure SSLCACertificateFileconf/ssl/intermediate.crt Location /rvdc SSLRequireSSL /Location Location /domain/WEB-INF/* AllowOverride None deny from all /Location Location /webapps/*.jsp JkUriSet group ajp13:localhost:8109 /Location /VirtualHost The JkMount directives only work for mod_jk. Mod_jk2 requires a whole new set of directives to work. Following is my server.xml and workers2.properties that should help. ***workers2.properties*** # only at beginnin. In production uncomment it out [logger.apache2] level=DEBUG [shm] file=z:/tomcat/logs/jk2.shm size=1048576 # Example socket channel, override port and host. [channel.socket:localhost:8109] port=8109 host=127.0.0.1 [channel.socket:localhost:8110] port=8110 host=127.0.0.1 [channel.socket:localhost:8111] port=8111 host=127.0.0.1 #[channel.jni:jni] #info=The jni channel, used if tomcat is started inprocess [status:] info=Status worker, displays runtime information #[vm:] #info=Parameters used to load a JVM in the server process #JVM=C:\jdk\jre\bin\hotspot\jvm.dll #OPT=-Djava.class.path=Z:/Tomcat/bin/tomcat-jni.jar;Z:/Tomcat/server/lib/commons-logging.jar #OPT=-Dtomcat.home=${TOMCAT_HOME} #OPT=-Dcatalina.home=${TOMCAT_HOME} #OPT=-Xmx128M #OPT=-Djava.compiler=NONE #disabled=0 #[worker1.jni:onStartup] #info=Command to be executed by the VM on startup. This one will start tomcat. #class=org/apache/jk/apr/TomcatStarter #ARG=start #disabled=0 #stdout=Z:/tomcat/logs/stdout.log #stderr=Z:/tomcat/logs/stderr.log #[worker1.jni:onShutdown] #info=Command to be executed by the VM on shutdown. This one will stop tomcat. #class=org/apache/jk/apr/TomcatStarter #ARG=stop #disabled=0 # Define the worker # First Web Application Worker [ajp13:localhost:8109] channel=channel.socket:localhost:8109 # Second Web Application Worker [ajp13:localhost:8110] channel=channel.socket:localhost:8110 # Third Web Application Worker [ajp13:localhost:8111] channel=channel.socket:localhost:8111 Uri mapping [uri:127.0.0.1/*.jsp] worker=ajp13:localhost:8109 [uri:/jkstatus/*] info=Display status information and checks the config file for changes. worker=status:status [uri:www.domain.com/*.jsp] group=ajp13:localhost:8109 ***server.xml*** ***This is the only section you need to make sure is enabled. Leave everything else alone. Note: the port designated here might be different than yours. You can use any port you want here as long as you use the same port in the httpd.conf and the workers2.properties file. !-- Define a Coyote/JK2 AJP 1.3 Connector on port 8009 -- Connector className=org.apache.coyote.tomcat4.CoyoteConnector port=8109 minProcessors=5 maxProcessors=75 enableLookups=true redirectPort=8443 acceptCount=10 debug=0 connectionTimeout=0 useURIValidationHack=false protocolHandlerClassName=org.apache.jk.server.JkCoyoteHandler/ ***I hope that this helps you out.*** Dean -Original Message- From: Oscar Carrillo [mailto:[EMAIL PROTECTED] Sent: Mon 2/2/2004 4:04 PM To: Tomcat Users List; [EMAIL PROTECTED] Subject: Re: HTTPS with Apache 2.0.48 and Tomcat 5.0.16 Hi, The JkMount directives tell Apache to pass these request thru the Connector to Tomcat. I do this very same thing for jWebMail, cause I don't want it accessible thru http, only https. Here's my ssl.conf config section for it: -- VirtualHost _default_:443 #Other stuff about your ssl host #Webmail # Static files Alias /webmail /usr/local/tomcat/webapps/webmail Directory /usr/local/tomcat/webapps/webmail Options Indexes FollowSymLinks DirectoryIndex index.jsp /Directory Location /webmail/META-INF/* AllowOverride None deny from all /Location Location /webmail/WEB-INF/* AllowOverride None deny from all /Location JkMount /webmail/do/* ajp13 JkMount /webmail/*.jsp ajp13 JkMount /webmail/WebMail ajp13 JkMount /webmail/WebMail
RE: HTTPS with Apache 2.0.48 and Tomcat 5.0.16
This is an httpd question but here goes :) Just because you declared your virtual host/port pair that doesn't mean that httpd is listening to port 443. Therefore you need to add a Listen directive to your conf: Listen your_virtual_host_name:443 and you should be set. Yiannis -Original Message- From: Ralf Schneider [mailto:[EMAIL PROTECTED] Sent: 02 February 2004 11:42 To: 'Tomcat Users List' Subject: HTTPS with Apache 2.0.48 and Tomcat 5.0.16 Hi, I try to set an Apache 2.0.48 with a connection to Tomcat 5.0.16 via mod_jk2 2.0.2. The static pages should be accessed via normal HTTP whereas the dynamic pages of my webapp should only be accessible via HTTPS for security. I installed a certificate in /usr/local/apache2/conf/ssl.cert and set up a virtual host for the SSL pages in ssl.conf: VirtualHost _default_:443 DocumentRoot /usr/local/tomcat/webapps/demo_02 ServerName www.development.home:443 ServerAdmin [EMAIL PROTECTED] ErrorLog /usr/local/apache2/logs/error_log TransferLog /usr/local/apache2/logs/access_log Alias /demo_02 /usr/local/tomcat/webapps/demo_02 Location /demo_02/WEB-INF/* AllowOverride None deny from all /Location Location /demo_02/META-INF/* AllowOverride None deny from all /Location JKMount /demo_02/*.do ajp13 JKMount /demo_02/*.jsp ajp13 JKMount /demo_02 ajp13 JKMount /demo_02/* ajp13 SSLEngine on SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL SSLCertificateFile /usr/local/apache2/conf/ssl.crt/server.crt SSLCertificateKeyFile /usr/local/apache2/conf/ssl.key/server.key Files ~ \.(cgi|shtml|phtml|php3?)$ SSLOptions +StdEnvVars /Files Directory /usr/local/apache2/cgi-bin SSLOptions +StdEnvVars /Directory SetEnvIf User-Agent .*MSIE.* \ nokeepalive ssl-unclean-shutdown \ downgrade-1.0 force-response-1.0 CustomLog /usr/local/apache2/logs/ssl_request_log \ %t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \%r\ %b /VirtualHost When I call the webapp over http://localhost/demo_02 everything works fine. The request to my webapp is forwarded to Tomcat. But when I switch to https I get Connection refused from the browser. I do not see anything in any log file. Did I miss a configuration step? Or did I misconfigure something? Ralf. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] This e-mail has been scanned for all viruses by Star Internet. The service is powered by MessageLabs. Note:__ This message is for the named person's use only. It may contain confidential, proprietary or legally privileged information. No confidentiality or privilege is waived or lost by any mistransmission. If you receive this message in error, please immediately delete it and all copies of it from your system, destroy any hard copies of it and notify the sender. You must not, directly or indirectly, use, disclose, distribute, print, or copy any part of this message if you are not the intended recipient. Jaguar Freight Services and any of its subsidiaries each reserve the right to monitor all e-mail communications through its networks. Any views expressed in this message are those of the individual sender, except where the message states otherwise and the sender is authorized to state them to be the views of any such entity. This e-mail has been scanned for all viruses by Star Internet. The service is powered by MessageLabs.
Re: HTTPS with Apache 2.0.48 and Tomcat 5.0.16
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Am Montag, 2. Februar 2004 13:00 schrieb Yiannis Mavroukakis: This is an httpd question but here goes :) Just because you declared your virtual host/port pair that doesn't mean that httpd is listening to port 443. Therefore you need to add a Listen directive to your conf: Listen your_virtual_host_name:443 My ssl.conf contains the following line: Listen 443 Do I have to insert the hostname here? Ralf. -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQFAHj+I7YyyfykA0YkRAp5JAJ4wGvqjJVDfAhIg+m0IANHNbsZfxgCffWMW vc/N/KOQWHH/iWKbRPk1IQ4= =iwMU -END PGP SIGNATURE- - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: HTTPS with Apache 2.0.48 and Tomcat 5.0.16
Best remove that line, stick it in your httpd.conf instead along with the hostname. -Original Message- From: Ralf Schneider [mailto:[EMAIL PROTECTED] Sent: 02 February 2004 12:16 To: Tomcat Users List Subject: Re: HTTPS with Apache 2.0.48 and Tomcat 5.0.16 -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Am Montag, 2. Februar 2004 13:00 schrieb Yiannis Mavroukakis: This is an httpd question but here goes :) Just because you declared your virtual host/port pair that doesn't mean that httpd is listening to port 443. Therefore you need to add a Listen directive to your conf: Listen your_virtual_host_name:443 My ssl.conf contains the following line: Listen 443 Do I have to insert the hostname here? Ralf. -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQFAHj+I7YyyfykA0YkRAp5JAJ4wGvqjJVDfAhIg+m0IANHNbsZfxgCffWMW vc/N/KOQWHH/iWKbRPk1IQ4= =iwMU -END PGP SIGNATURE- - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] This e-mail has been scanned for all viruses by Star Internet. The service is powered by MessageLabs. Note:__ This message is for the named person's use only. It may contain confidential, proprietary or legally privileged information. No confidentiality or privilege is waived or lost by any mistransmission. If you receive this message in error, please immediately delete it and all copies of it from your system, destroy any hard copies of it and notify the sender. You must not, directly or indirectly, use, disclose, distribute, print, or copy any part of this message if you are not the intended recipient. Jaguar Freight Services and any of its subsidiaries each reserve the right to monitor all e-mail communications through its networks. Any views expressed in this message are those of the individual sender, except where the message states otherwise and the sender is authorized to state them to be the views of any such entity. This e-mail has been scanned for all viruses by Star Internet. The service is powered by MessageLabs.
Re: HTTPS with Apache 2.0.48 and Tomcat 5.0.16
Am Montag, 2. Februar 2004 13:55 schrieb Yiannis Mavroukakis: Best remove that line, stick it in your httpd.conf instead along with the hostname. This wasn't the problem. I did not notice that mod_ssl was not compiled into httpd :-( After a rebuild of Apache (now with SSL support :-) and works now. My last problem to solve (I hope :-) is how can I prevent user from accessing the webapp with the normal HTTP protocol instead of HTTPS? At the moment both works, but I only want it to work with HTTPS. Ralf. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: HTTPS with Apache 2.0.48 and Tomcat 5.0.16
D'oh! :) You would still need the listen directive for it to work btw;) As far as that is concerned, a fellow list member had the same requirements some time ago this is what I suggested and it worked for him. Use the Location directive and stick SSLRequireSSL in it. Location /path/to/root/of/webapp SSLRequireSSL /Location Yiannis. -Original Message- From: Ralf Schneider [mailto:[EMAIL PROTECTED] Sent: 02 February 2004 16:13 To: Tomcat Users List Subject: Re: HTTPS with Apache 2.0.48 and Tomcat 5.0.16 Am Montag, 2. Februar 2004 13:55 schrieb Yiannis Mavroukakis: Best remove that line, stick it in your httpd.conf instead along with the hostname. This wasn't the problem. I did not notice that mod_ssl was not compiled into httpd :-( After a rebuild of Apache (now with SSL support :-) and works now. My last problem to solve (I hope :-) is how can I prevent user from accessing the webapp with the normal HTTP protocol instead of HTTPS? At the moment both works, but I only want it to work with HTTPS. Ralf. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] This e-mail has been scanned for all viruses by Star Internet. The service is powered by MessageLabs. Note:__ This message is for the named person's use only. It may contain confidential, proprietary or legally privileged information. No confidentiality or privilege is waived or lost by any mistransmission. If you receive this message in error, please immediately delete it and all copies of it from your system, destroy any hard copies of it and notify the sender. You must not, directly or indirectly, use, disclose, distribute, print, or copy any part of this message if you are not the intended recipient. Jaguar Freight Services and any of its subsidiaries each reserve the right to monitor all e-mail communications through its networks. Any views expressed in this message are those of the individual sender, except where the message states otherwise and the sender is authorized to state them to be the views of any such entity. This e-mail has been scanned for all viruses by Star Internet. The service is powered by MessageLabs.
Re: HTTPS with Apache 2.0.48 and Tomcat 5.0.16
I describe this in my HOWTO. http://www.linuxjava.net/howto/webapp/ You either redirect traffic from http to https for that virtual host, or you only mount the webapp in the http virtual host and not for the https. Oscar Carrillo On Mon, 2 Feb 2004, Ralf Schneider wrote: Am Montag, 2. Februar 2004 13:55 schrieb Yiannis Mavroukakis: Best remove that line, stick it in your httpd.conf instead along with the hostname. This wasn't the problem. I did not notice that mod_ssl was not compiled into httpd :-( After a rebuild of Apache (now with SSL support :-) and works now. My last problem to solve (I hope :-) is how can I prevent user from accessing the webapp with the normal HTTP protocol instead of HTTPS? At the moment both works, but I only want it to work with HTTPS. Ralf. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: HTTPS with Apache 2.0.48 and Tomcat 5.0.16
BTW, there's sample http.conf, ssl.conf, and server.xml files there. In the config files, I denote your host that resolves to an IP as myhost.mydomain, and your virtual host as host1.domain. http://www.linuxjava.net/howto/webapp/install_files/ Oscar On Mon, 2 Feb 2004, Oscar Carrillo wrote: I describe this in my HOWTO. http://www.linuxjava.net/howto/webapp/ You either redirect traffic from http to https for that virtual host, or you only mount the webapp in the http virtual host and not for the https. Oscar Carrillo On Mon, 2 Feb 2004, Ralf Schneider wrote: Am Montag, 2. Februar 2004 13:55 schrieb Yiannis Mavroukakis: Best remove that line, stick it in your httpd.conf instead along with the hostname. This wasn't the problem. I did not notice that mod_ssl was not compiled into httpd :-( After a rebuild of Apache (now with SSL support :-) and works now. My last problem to solve (I hope :-) is how can I prevent user from accessing the webapp with the normal HTTP protocol instead of HTTPS? At the moment both works, but I only want it to work with HTTPS. Ralf. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: HTTPS with Apache 2.0.48 and Tomcat 5.0.16
You can also put a transport guarantee of CONFIDENTIAL in web.xml When you do make sure that your redirect ports on the Apache connector in server.xml are correct (default is 8443, needs to be 443 if you are using Apache for SSL). [EMAIL PROTECTED] 2/2/04 10:32:51 AM I describe this in my HOWTO. http://www.linuxjava.net/howto/webapp/ You either redirect traffic from http to https for that virtual host, or you only mount the webapp in the http virtual host and not for the https. Oscar Carrillo On Mon, 2 Feb 2004, Ralf Schneider wrote: Am Montag, 2. Februar 2004 13:55 schrieb Yiannis Mavroukakis: Best remove that line, stick it in your httpd.conf instead along with the hostname. This wasn't the problem. I did not notice that mod_ssl was not compiled into httpd :-( After a rebuild of Apache (now with SSL support :-) and works now. My last problem to solve (I hope :-) is how can I prevent user from accessing the webapp with the normal HTTP protocol instead of HTTPS? At the moment both works, but I only want it to work with HTTPS. Ralf. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Jeff Tulley ([EMAIL PROTECTED]) (801)861-5322 Novell, Inc., The Leading Provider of Net Business Solutions http://www.novell.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: HTTPS with Apache 2.0.48 and Tomcat 5.0.16
Hi, It sounds like you're talking about configuring Tomcat to do SSL, but I assume the user is using Apache for SSL. In the normal scenario the connector would ONLY communicate on port 8009. Port 8443 is generally for Tomcat to serve pages directly using SSL. I think what the user is looking for is this in httpd.conf for your virtual host: #httpd.conf VirtualHost section of myhost.mydomain Redirect /mywebapp https://myhost.mydomain/mywebapp Oscar http://www.linuxjava.net/howto/webapp/ On Mon, 2 Feb 2004, Jeff Tulley wrote: You can also put a transport guarantee of CONFIDENTIAL in web.xml When you do make sure that your redirect ports on the Apache connector in server.xml are correct (default is 8443, needs to be 443 if you are using Apache for SSL). [EMAIL PROTECTED] 2/2/04 10:32:51 AM I describe this in my HOWTO. http://www.linuxjava.net/howto/webapp/ You either redirect traffic from http to https for that virtual host, or you only mount the webapp in the http virtual host and not for the https. Oscar Carrillo On Mon, 2 Feb 2004, Ralf Schneider wrote: Am Montag, 2. Februar 2004 13:55 schrieb Yiannis Mavroukakis: Best remove that line, stick it in your httpd.conf instead along with the hostname. This wasn't the problem. I did not notice that mod_ssl was not compiled into httpd :-( After a rebuild of Apache (now with SSL support :-) and works now. My last problem to solve (I hope :-) is how can I prevent user from accessing the webapp with the normal HTTP protocol instead of HTTPS? At the moment both works, but I only want it to work with HTTPS. Ralf. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Jeff Tulley ([EMAIL PROTECTED]) (801)861-5322 Novell, Inc., The Leading Provider of Net Business Solutions http://www.novell.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: HTTPS with Apache 2.0.48 and Tomcat 5.0.16
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Am Montag, 2. Februar 2004 17:30 schrieb Yiannis Mavroukakis: Use the Location directive and stick SSLRequireSSL in it. Location /path/to/root/of/webapp SSLRequireSSL /Location I tried this, but it doesn't seem to work. I actually have three location sections in the virtual host section for SSL in my ssl.conf: Location /demo_02/* SSLRequireSSL Order Allow,Deny Allow from All /Location Location /demo_02/WEB-INF/* AllowOverride None deny from all /Location Location /demo_02/META-INF/* AllowOverride None deny from all /Location But I still can access the webapp with both http://localhost/demo_02 and https://localhost/demo_02. Ralf. -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQFAHsJC7YyyfykA0YkRAl5SAJ94hC0SroJZOBZsCwykdNJS885sHwCghuqD aR4aGgAWV+oEpv1QO8huIpA= =ye1K -END PGP SIGNATURE- - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: HTTPS with Apache 2.0.48 and Tomcat 5.0.16
Am Montag, 2. Februar 2004 21:01 schrieb Oscar Carrillo: I think what the user is looking for is this in httpd.conf for your virtual host: #httpd.conf VirtualHost section of myhost.mydomain Redirect /mywebapp https://myhost.mydomain/mywebapp I tried this, but it doesn't seem to work. I added this line to the virtual host block for the Non-SSL part of the website in httpd.conf: Redirect /demo_02 https://localhost/demo_02 But I still can access the webapp with both http://localhost/demo_02 and https://localhost/demo_02. Ralf. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: HTTPS with Apache 2.0.48 and Tomcat 5.0.16
Please try what I describe in my earlier post, and check my web page for a better description: http://www.linuxjava.net/howto/webapp/ Oscar On Mon, 2 Feb 2004, Ralf Schneider wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Am Montag, 2. Februar 2004 17:30 schrieb Yiannis Mavroukakis: Use the Location directive and stick SSLRequireSSL in it. Location /path/to/root/of/webapp SSLRequireSSL /Location I tried this, but it doesn't seem to work. I actually have three location sections in the virtual host section for SSL in my ssl.conf: Location /demo_02/* SSLRequireSSL Order Allow,Deny Allow from All /Location Location /demo_02/WEB-INF/* AllowOverride None deny from all /Location Location /demo_02/META-INF/* AllowOverride None deny from all /Location But I still can access the webapp with both http://localhost/demo_02 and https://localhost/demo_02. Ralf. -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQFAHsJC7YyyfykA0YkRAl5SAJ94hC0SroJZOBZsCwykdNJS885sHwCghuqD aR4aGgAWV+oEpv1QO8huIpA= =ye1K -END PGP SIGNATURE- - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: HTTPS with Apache 2.0.48 and Tomcat 5.0.16
I believe you need to setup a VirtualHost section in httpd.conf even if you don't really need Virtual Hosting. Also try Redirecting the whole site. I'm not sure if I've tried just the webapp. I'm not sure if you need to compile the rewrite module for the redirect, but I don't think so. #httpd.conf VirtualHost section of myhost.mydomain Redirect / https://myhost.mydomain/mywebapp Also, you can't include the mod_jk configuration. You must put the mount commands explicitly in each virtual host. If you include the modjk conf file Include mod_jk.conf, then it will be global and all hosts will get access. This is likely your problem especially if you haven't put mod_jk mount commands in ssl.conf. Oscar http://www.linuxjava.net/howto/webapp/ On Mon, 2 Feb 2004, Ralf Schneider wrote: Am Montag, 2. Februar 2004 21:01 schrieb Oscar Carrillo: I think what the user is looking for is this in httpd.conf for your virtual host: #httpd.conf VirtualHost section of myhost.mydomain Redirect /mywebapp https://myhost.mydomain/mywebapp I tried this, but it doesn't seem to work. I added this line to the virtual host block for the Non-SSL part of the website in httpd.conf: Redirect /demo_02 https://localhost/demo_02 But I still can access the webapp with both http://localhost/demo_02 and https://localhost/demo_02. Ralf. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: HTTPS with Apache 2.0.48 and Tomcat 5.0.16
Am Montag, 2. Februar 2004 21:21 schrieb Oscar Carrillo: Please try what I describe in my earlier post, and check my web page for a better description: http://www.linuxjava.net/howto/webapp/ I took a look at it, but it seems to be a howto for mod_jk with Tomcat 4.1.x. But I have used mod_jk2 with Tomcat 5.0.16. Does the Howto also work with these newer versions? Ralf. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: HTTPS with Apache 2.0.48 and Tomcat 5.0.16
Am Montag, 2. Februar 2004 21:26 schrieb Oscar Carrillo: I believe you need to setup a VirtualHost section in httpd.conf even if you don't really need Virtual Hosting. I did that. Also try Redirecting the whole site. I'm not sure if I've tried just the webapp. I'm not sure if you need to compile the rewrite module for the redirect, but I don't think so. #httpd.conf VirtualHost section of myhost.mydomain Redirect / https://myhost.mydomain/mywebapp But I don't want to do this with the whole site, because there are parts that should be accessible with normal HTTP. Also, you can't include the mod_jk configuration. You must put the mount commands explicitly in each virtual host. If you include the modjk conf file Include mod_jk.conf, then it will be global and all hosts will get access. This is likely your problem especially if you haven't put mod_jk mount commands in ssl.conf. I did not put any JKMount statements in ssl.conf. Which do I need? Something like this: JKMount /demo_02/* ajp13 Or anything else? I think I did not understood correctly what this JkMount does. Ralf. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: HTTPS with Apache 2.0.48 and Tomcat 5.0.16
You're right it's for mod_jk. But the httpd.conf would mostly be the same, which is where your problem is. You must only mount (no global include mod_jk2.conf) the webapp in ssl.conf, and additionally you can redirect http to https in httpd.conf so that ppl automatically get moved to https. Oscar http://www.linuxjava.net/howto/webapp/ On Mon, 2 Feb 2004, Ralf Schneider wrote: Am Montag, 2. Februar 2004 21:21 schrieb Oscar Carrillo: Please try what I describe in my earlier post, and check my web page for a better description: http://www.linuxjava.net/howto/webapp/ I took a look at it, but it seems to be a howto for mod_jk with Tomcat 4.1.x. But I have used mod_jk2 with Tomcat 5.0.16. Does the Howto also work with these newer versions? Ralf. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: HTTPS with Apache 2.0.48 and Tomcat 5.0.16
Am Montag, 2. Februar 2004 21:47 schrieb Oscar Carrillo: You must only mount (no global include mod_jk2.conf) the webapp in ssl.conf, and additionally you can redirect http to https in httpd.conf so that ppl automatically get moved to https. I added the following three lines to ssl.conf (according to your howto): JkMount /demo_02/*.jsp ajp13 JkMount /demo_02 ajp13 JkMount /demo_02/* ajp13 But then I get an error when restarting Apache: Syntax error on line 114 of /usr/local/apache2/conf/ssl.conf: Invalid command 'JkMount', perhaps mis-spelled or defined by a module not included in the server configuration Did the syntax change from mod_jk to mod_jk2 for JkMount? Ralf. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: HTTPS with Apache 2.0.48 and Tomcat 5.0.16
Hi, The JkMount directives tell Apache to pass these request thru the Connector to Tomcat. I do this very same thing for jWebMail, cause I don't want it accessible thru http, only https. Here's my ssl.conf config section for it: -- VirtualHost _default_:443 #Other stuff about your ssl host #Webmail # Static files Alias /webmail /usr/local/tomcat/webapps/webmail Directory /usr/local/tomcat/webapps/webmail Options Indexes FollowSymLinks DirectoryIndex index.jsp /Directory Location /webmail/META-INF/* AllowOverride None deny from all /Location Location /webmail/WEB-INF/* AllowOverride None deny from all /Location JkMount /webmail/do/* ajp13 JkMount /webmail/*.jsp ajp13 JkMount /webmail/WebMail ajp13 JkMount /webmail/WebMail/* ajp13 --- Does that help? BTW, this is all on my site but there's quite a bit of stuff there that you can miss it. Oscar http://www.linuxjava.net/howto/webapp/ On Mon, 2 Feb 2004, Ralf Schneider wrote: Am Montag, 2. Februar 2004 21:26 schrieb Oscar Carrillo: I believe you need to setup a VirtualHost section in httpd.conf even if you don't really need Virtual Hosting. I did that. Also try Redirecting the whole site. I'm not sure if I've tried just the webapp. I'm not sure if you need to compile the rewrite module for the redirect, but I don't think so. #httpd.conf VirtualHost section of myhost.mydomain Redirect / https://myhost.mydomain/mywebapp But I don't want to do this with the whole site, because there are parts that should be accessible with normal HTTP. Also, you can't include the mod_jk configuration. You must put the mount commands explicitly in each virtual host. If you include the modjk conf file Include mod_jk.conf, then it will be global and all hosts will get access. This is likely your problem especially if you haven't put mod_jk mount commands in ssl.conf. I did not put any JKMount statements in ssl.conf. Which do I need? Something like this: JKMount /demo_02/* ajp13 Or anything else? I think I did not understood correctly what this JkMount does. Ralf. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: HTTPS with Apache 2.0.48 and Tomcat 5.0.16
The method I describe may not work w/ mod_jk2. Frankly, I don't know. But I did a search and found this site, which seems to show that you can define these things in workers2.properties http://www.pixelfreak.net/howto/apache2_jk2_tomcat/socket.html Oscar http://www.linuxjava.net/howto/webapp/ On Mon, 2 Feb 2004, Oscar Carrillo wrote: Hi, The JkMount directives tell Apache to pass these request thru the Connector to Tomcat. I do this very same thing for jWebMail, cause I don't want it accessible thru http, only https. Here's my ssl.conf config section for it: -- VirtualHost _default_:443 #Other stuff about your ssl host #Webmail # Static files Alias /webmail /usr/local/tomcat/webapps/webmail Directory /usr/local/tomcat/webapps/webmail Options Indexes FollowSymLinks DirectoryIndex index.jsp /Directory Location /webmail/META-INF/* AllowOverride None deny from all /Location Location /webmail/WEB-INF/* AllowOverride None deny from all /Location JkMount /webmail/do/* ajp13 JkMount /webmail/*.jsp ajp13 JkMount /webmail/WebMail ajp13 JkMount /webmail/WebMail/* ajp13 --- Does that help? BTW, this is all on my site but there's quite a bit of stuff there that you can miss it. Oscar http://www.linuxjava.net/howto/webapp/ On Mon, 2 Feb 2004, Ralf Schneider wrote: Am Montag, 2. Februar 2004 21:26 schrieb Oscar Carrillo: I believe you need to setup a VirtualHost section in httpd.conf even if you don't really need Virtual Hosting. I did that. Also try Redirecting the whole site. I'm not sure if I've tried just the webapp. I'm not sure if you need to compile the rewrite module for the redirect, but I don't think so. #httpd.conf VirtualHost section of myhost.mydomain Redirect / https://myhost.mydomain/mywebapp But I don't want to do this with the whole site, because there are parts that should be accessible with normal HTTP. Also, you can't include the mod_jk configuration. You must put the mount commands explicitly in each virtual host. If you include the modjk conf file Include mod_jk.conf, then it will be global and all hosts will get access. This is likely your problem especially if you haven't put mod_jk mount commands in ssl.conf. I did not put any JKMount statements in ssl.conf. Which do I need? Something like this: JKMount /demo_02/* ajp13 Or anything else? I think I did not understood correctly what this JkMount does. Ralf. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]