Re: HTTPS with Apache 2.0.48 and Tomcat 5.0.16
Am Mittwoch, 4. Februar 2004 21:10 schrieb Oscar Carrillo: > You should try it in the VirtualHost declaration. That's where I would put > it. No, it doesn't work either. I've no more ideas. Ralf. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: HTTPS with Apache 2.0.48 and Tomcat 5.0.16
You should try it in the VirtualHost declaration. That's where I would put it. Oscar On Wed, 4 Feb 2004, Ralf Schneider wrote: > Am Mittwoch, 4. Februar 2004 20:21 schrieb Oscar Carrillo: > > Alternatively, if you've gotten it work in both HTTP and HTTPS, you can > > redirect HTTP to HTTPS. Then it works, but you don't have the option of > > having a separate webapp for HTTP. > > I tried this with the following statement in httpd.conf (outside a VirtualHost > declaration): > > Redirect /demo_02 https://localhost/demo_02 > > But that had no effect. I could access the page with both HTTP and HTTPS. > > Ralf. > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: HTTPS with Apache 2.0.48 and Tomcat 5.0.16
Am Mittwoch, 4. Februar 2004 20:21 schrieb Oscar Carrillo: > Alternatively, if you've gotten it work in both HTTP and HTTPS, you can > redirect HTTP to HTTPS. Then it works, but you don't have the option of > having a separate webapp for HTTP. I tried this with the following statement in httpd.conf (outside a VirtualHost declaration): Redirect /demo_02 https://localhost/demo_02 But that had no effect. I could access the page with both HTTP and HTTPS. Ralf. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: HTTPS with Apache 2.0.48 and Tomcat 5.0.16
Am Mittwoch, 4. Februar 2004 21:53 schrieb arvind singh: > Try this. > > workers.tomcat_home=/var/tomcat4 > workers.java_home=/usr/java/java > ps=/ > > #-- Active connectors. Typically one per tomcat instance. > worker.list=ajp13 > > #-- ajp13 WORKER PARAMETERS -- > worker.ajp13.port=8009 > worker.ajp13.host=localhost > worker.ajp13.type=ajp13 > worker.ajp13.lbfactor=1 This seems to be a configuration for Tomcat 4.x and mod_jk, isn't it? But I have Tomcat 5.0.16 and mod_jk2. So I guess that won't help. Ralf. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: HTTPS with Apache 2.0.48 and Tomcat 5.0.16
And add this to your Tomcat's server.xml - Original Message - From: "Oscar Carrillo" <[EMAIL PROTECTED]> To: "Tomcat Users List" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Sent: Wednesday, February 04, 2004 2:21 PM Subject: Re: HTTPS with Apache 2.0.48 and Tomcat 5.0.16 > Hi, > > I assume that's an Apache error your getting. If that's true, then that > means it's not mapped to Tomcat. > > I don't know anything about the mod_jk2 syntax, which sounds like the > problem. Do you do the proper include for the workers2.properties in > httpd.conf, which I assume you need to do? > > Alternatively, if you've gotten it work in both HTTP and HTTPS, you can > redirect HTTP to HTTPS. Then it works, but you don't have the option of > having a separate webapp for HTTP. > > Good luck, > Oscar > > On Wed, 4 Feb 2004, Ralf Schneider wrote: > > > Am Montag, 2. Februar 2004 22:40 schrieb Oscar Carrillo: > > > The method I describe may not work w/ mod_jk2. Frankly, I don't know. But > > > I did a search and found this site, which seems to show that you can > > > define these things in workers2.properties > > > > > > http://www.pixelfreak.net/howto/apache2_jk2_tomcat/socket.html > > > > Hi Oscar, > > > > thanks for your help! I looked at this site and tried this in my > > workers2.properties: > > > > [ajp13:localhost:8009] > > channel=channel.socket:localhost:8009 > > > > [uri:/demo_02/*:443] > > info=Map the whole webapp > > worker=ajp13:localhost:8009 > > > > My intension was to map all requests to /demo_02 that come over HTTPS to the > > tomcat project. > > > > Unfortunately, I get an error message saying: > > > > You don't have permission to access /demo_02 on this server. > > Additionally, a 403 Forbidden error was encountered while trying to use an > > ErrorDocument to handle the request. > > > > When I remove the port specification of the mapping it works, but with both > > HTTP and HTTPS :-( > > > > Do you have any idea what might be the problem? > > > > Ralf. > > > > > > - > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: HTTPS with Apache 2.0.48 and Tomcat 5.0.16
Try this. workers.tomcat_home=/var/tomcat4 workers.java_home=/usr/java/java ps=/ #-- Active connectors. Typically one per tomcat instance. worker.list=ajp13 #-- ajp13 WORKER PARAMETERS -- worker.ajp13.port=8009 worker.ajp13.host=localhost worker.ajp13.type=ajp13 worker.ajp13.lbfactor=1 - Original Message - From: "Oscar Carrillo" <[EMAIL PROTECTED]> To: "Tomcat Users List" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Sent: Wednesday, February 04, 2004 2:21 PM Subject: Re: HTTPS with Apache 2.0.48 and Tomcat 5.0.16 > Hi, > > I assume that's an Apache error your getting. If that's true, then that > means it's not mapped to Tomcat. > > I don't know anything about the mod_jk2 syntax, which sounds like the > problem. Do you do the proper include for the workers2.properties in > httpd.conf, which I assume you need to do? > > Alternatively, if you've gotten it work in both HTTP and HTTPS, you can > redirect HTTP to HTTPS. Then it works, but you don't have the option of > having a separate webapp for HTTP. > > Good luck, > Oscar > > On Wed, 4 Feb 2004, Ralf Schneider wrote: > > > Am Montag, 2. Februar 2004 22:40 schrieb Oscar Carrillo: > > > The method I describe may not work w/ mod_jk2. Frankly, I don't know. But > > > I did a search and found this site, which seems to show that you can > > > define these things in workers2.properties > > > > > > http://www.pixelfreak.net/howto/apache2_jk2_tomcat/socket.html > > > > Hi Oscar, > > > > thanks for your help! I looked at this site and tried this in my > > workers2.properties: > > > > [ajp13:localhost:8009] > > channel=channel.socket:localhost:8009 > > > > [uri:/demo_02/*:443] > > info=Map the whole webapp > > worker=ajp13:localhost:8009 > > > > My intension was to map all requests to /demo_02 that come over HTTPS to the > > tomcat project. > > > > Unfortunately, I get an error message saying: > > > > You don't have permission to access /demo_02 on this server. > > Additionally, a 403 Forbidden error was encountered while trying to use an > > ErrorDocument to handle the request. > > > > When I remove the port specification of the mapping it works, but with both > > HTTP and HTTPS :-( > > > > Do you have any idea what might be the problem? > > > > Ralf. > > > > > > - > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: HTTPS with Apache 2.0.48 and Tomcat 5.0.16
Hi, I assume that's an Apache error your getting. If that's true, then that means it's not mapped to Tomcat. I don't know anything about the mod_jk2 syntax, which sounds like the problem. Do you do the proper include for the workers2.properties in httpd.conf, which I assume you need to do? Alternatively, if you've gotten it work in both HTTP and HTTPS, you can redirect HTTP to HTTPS. Then it works, but you don't have the option of having a separate webapp for HTTP. Good luck, Oscar On Wed, 4 Feb 2004, Ralf Schneider wrote: > Am Montag, 2. Februar 2004 22:40 schrieb Oscar Carrillo: > > The method I describe may not work w/ mod_jk2. Frankly, I don't know. But > > I did a search and found this site, which seems to show that you can > > define these things in workers2.properties > > > > http://www.pixelfreak.net/howto/apache2_jk2_tomcat/socket.html > > Hi Oscar, > > thanks for your help! I looked at this site and tried this in my > workers2.properties: > > [ajp13:localhost:8009] > channel=channel.socket:localhost:8009 > > [uri:/demo_02/*:443] > info=Map the whole webapp > worker=ajp13:localhost:8009 > > My intension was to map all requests to /demo_02 that come over HTTPS to the > tomcat project. > > Unfortunately, I get an error message saying: > > You don't have permission to access /demo_02 on this server. > Additionally, a 403 Forbidden error was encountered while trying to use an > ErrorDocument to handle the request. > > When I remove the port specification of the mapping it works, but with both > HTTP and HTTPS :-( > > Do you have any idea what might be the problem? > > Ralf. > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: HTTPS with Apache 2.0.48 and Tomcat 5.0.16
Am Montag, 2. Februar 2004 22:40 schrieb Oscar Carrillo: > The method I describe may not work w/ mod_jk2. Frankly, I don't know. But > I did a search and found this site, which seems to show that you can > define these things in workers2.properties > > http://www.pixelfreak.net/howto/apache2_jk2_tomcat/socket.html Hi Oscar, thanks for your help! I looked at this site and tried this in my workers2.properties: [ajp13:localhost:8009] channel=channel.socket:localhost:8009 [uri:/demo_02/*:443] info=Map the whole webapp worker=ajp13:localhost:8009 My intension was to map all requests to /demo_02 that come over HTTPS to the tomcat project. Unfortunately, I get an error message saying: You don't have permission to access /demo_02 on this server. Additionally, a 403 Forbidden error was encountered while trying to use an ErrorDocument to handle the request. When I remove the port specification of the mapping it works, but with both HTTP and HTTPS :-( Do you have any idea what might be the problem? Ralf. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: HTTPS with Apache 2.0.48 and Tomcat 5.0.16
Here is part of my httpd.conf for and Apache2, Tomcat 4.1.29 and mod_jk2 setup. This
is only for the Virtual host part. Assuming you have everyhting else loading correctly
it should work.
NameVirtualHost 127.0.0.1:443
NameVirtualHost 127.0.0.1:80
ServerName www.domain.com
ServerAlias domain.com
Redirect permanent / https://www.domain.com
ServerName www.domain.com
ServerAlias domain.com
DocumentRoot z:/tomcattest/webapps
ErrorLog z:/tomcattest/logs/domain_error.log
CustomLog z:/tomcattest/logs/domain_access.log common
SSLEngine On
SSLCertificateFile conf/ssl/domain.crt
SSLCertificateKeyFile conf/ssl/domain.key.unsecure
SSLCACertificateFileconf/ssl/intermediate.crt
SSLRequireSSL
AllowOverride None
deny from all
JkUriSet group ajp13:localhost:8109
The JkMount directives only work for mod_jk. Mod_jk2 requires a whole new set of
directives to work. Following is my server.xml and workers2.properties that should
help.
***workers2.properties***
# only at beginnin. In production uncomment it out
[logger.apache2]
level=DEBUG
[shm]
file=z:/tomcat/logs/jk2.shm
size=1048576
# Example socket channel, override port and host.
[channel.socket:localhost:8109]
port=8109
host=127.0.0.1
[channel.socket:localhost:8110]
port=8110
host=127.0.0.1
[channel.socket:localhost:8111]
port=8111
host=127.0.0.1
#[channel.jni:jni]
#info=The jni channel, used if tomcat is started inprocess
[status:]
info=Status worker, displays runtime information
#[vm:]
#info=Parameters used to load a JVM in the server process
#JVM=C:\jdk\jre\bin\hotspot\jvm.dll
#OPT=-Djava.class.path=Z:/Tomcat/bin/tomcat-jni.jar;Z:/Tomcat/server/lib/commons-logging.jar
#OPT=-Dtomcat.home=${TOMCAT_HOME}
#OPT=-Dcatalina.home=${TOMCAT_HOME}
#OPT=-Xmx128M
#OPT=-Djava.compiler=NONE
#disabled=0
#[worker1.jni:onStartup]
#info=Command to be executed by the VM on startup. This one will start tomcat.
#class=org/apache/jk/apr/TomcatStarter
#ARG=start
#disabled=0
#stdout=Z:/tomcat/logs/stdout.log
#stderr=Z:/tomcat/logs/stderr.log
#[worker1.jni:onShutdown]
#info=Command to be executed by the VM on shutdown. This one will stop tomcat.
#class=org/apache/jk/apr/TomcatStarter
#ARG=stop
#disabled=0
# Define the worker
# First Web Application Worker
[ajp13:localhost:8109]
channel=channel.socket:localhost:8109
# Second Web Application Worker
[ajp13:localhost:8110]
channel=channel.socket:localhost:8110
# Third Web Application Worker
[ajp13:localhost:8111]
channel=channel.socket:localhost:8111
Uri mapping
[uri:127.0.0.1/*.jsp]
worker=ajp13:localhost:8109
[uri:/jkstatus/*]
info=Display status information and checks the config file for changes.
worker=status:status
[uri:www.domain.com/*.jsp]
group=ajp13:localhost:8109
***server.xml***
***This is the only section you need to make sure is enabled. Leave everything else
alone. Note: the port designated here might be different than yours. You can use any
port you want here as long as you use the same port in the httpd.conf and the
workers2.properties file.
***I hope that this helps you out.***
Dean
-Original Message-
From: Oscar Carrillo [mailto:[EMAIL PROTECTED]
Sent: Mon 2/2/2004 4:04 PM
To: Tomcat Users List; [EMAIL PROTECTED]
Subject: Re: HTTPS with Apache 2.0.48 and Tomcat 5.0.16
Hi,
The JkMount directives tell Apache to pass these request thru the
Connector to Tomcat.
I do this very same thing for jWebMail, cause I don't want it accessible
thru http, only https. Here's my ssl.conf config section for it:
--
#Other stuff about your ssl host
#Webmail
# Static files
Alias /webmail "/usr/local/tomcat/webapps/webmail"
Options Indexes FollowSymLinks
DirectoryIndex index.jsp
AllowOverride None
deny from all
AllowOverride None
deny from all
JkMount /webmail/do/* ajp13
JkMount /webmail/*.jsp ajp13
JkMount /webmail/WebMail ajp13
JkMount /webmail/WebMail/* ajp13
---
Does that help? BTW, this is all on my site but there's quite a bit of stuff there
that you can miss it.
Oscar
http://www.linuxjava.net/howto/webapp/
On Mon, 2 Feb 2004, Ralf Schneider wrote:
> Am Montag, 2. Februar 2004 21:26 schrieb Oscar Carrillo:
> > I believe you need to setup a VirtualHost section in httpd.conf even if
> > you don't really need Virtual Hosting.
>
> I did that.
>
> > Also try Redirecting the whole site. I'm not sure if I've tried just the
> > webapp. I'm not sure if you need to compile the rewrite module for the
> > redirect, but I don'
Re: HTTPS with Apache 2.0.48 and Tomcat 5.0.16
The method I describe may not work w/ mod_jk2. Frankly, I don't know. But I did a search and found this site, which seems to show that you can define these things in workers2.properties http://www.pixelfreak.net/howto/apache2_jk2_tomcat/socket.html Oscar http://www.linuxjava.net/howto/webapp/ On Mon, 2 Feb 2004, Oscar Carrillo wrote: > Hi, > > The JkMount directives tell Apache to pass these request thru the > Connector to Tomcat. > > I do this very same thing for jWebMail, cause I don't want it accessible > thru http, only https. Here's my ssl.conf config section for it: > -- > > #Other stuff about your ssl host > > #Webmail > # Static files > Alias /webmail "/usr/local/tomcat/webapps/webmail" > > > Options Indexes FollowSymLinks > DirectoryIndex index.jsp > > > > AllowOverride None > deny from all > > > > AllowOverride None > deny from all > > > JkMount /webmail/do/* ajp13 > JkMount /webmail/*.jsp ajp13 > JkMount /webmail/WebMail ajp13 > JkMount /webmail/WebMail/* ajp13 > --- > > Does that help? BTW, this is all on my site but there's quite a bit of stuff there > that you can miss it. > > Oscar > http://www.linuxjava.net/howto/webapp/ > > > > On Mon, 2 Feb 2004, Ralf Schneider wrote: > > > Am Montag, 2. Februar 2004 21:26 schrieb Oscar Carrillo: > > > I believe you need to setup a VirtualHost section in httpd.conf even if > > > you don't really need Virtual Hosting. > > > > I did that. > > > > > Also try Redirecting the whole site. I'm not sure if I've tried just the > > > webapp. I'm not sure if you need to compile the rewrite module for the > > > redirect, but I don't think so. > > > > > > #httpd.conf VirtualHost section of myhost.mydomain > > > Redirect / https://myhost.mydomain/mywebapp > > > > But I don't want to do this with the whole site, because there are parts that > > should be accessible with normal HTTP. > > > > > Also, you can't include the mod_jk configuration. You must put the mount > > > commands explicitly in each virtual host. If you include the modjk conf > > > file "Include mod_jk.conf", then it will be global and all hosts will get > > > access. This is likely your problem especially if you haven't put mod_jk > > > mount commands in "ssl.conf". > > > > I did not put any JKMount statements in ssl.conf. Which do I need? Something > > like this: > > > > JKMount /demo_02/* ajp13 > > > > Or anything else? I think I did not understood correctly what this JkMount > > does. > > > > Ralf. > > > > > > - > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: HTTPS with Apache 2.0.48 and Tomcat 5.0.16
Hi, The JkMount directives tell Apache to pass these request thru the Connector to Tomcat. I do this very same thing for jWebMail, cause I don't want it accessible thru http, only https. Here's my ssl.conf config section for it: -- #Other stuff about your ssl host #Webmail # Static files Alias /webmail "/usr/local/tomcat/webapps/webmail" Options Indexes FollowSymLinks DirectoryIndex index.jsp AllowOverride None deny from all AllowOverride None deny from all JkMount /webmail/do/* ajp13 JkMount /webmail/*.jsp ajp13 JkMount /webmail/WebMail ajp13 JkMount /webmail/WebMail/* ajp13 --- Does that help? BTW, this is all on my site but there's quite a bit of stuff there that you can miss it. Oscar http://www.linuxjava.net/howto/webapp/ On Mon, 2 Feb 2004, Ralf Schneider wrote: > Am Montag, 2. Februar 2004 21:26 schrieb Oscar Carrillo: > > I believe you need to setup a VirtualHost section in httpd.conf even if > > you don't really need Virtual Hosting. > > I did that. > > > Also try Redirecting the whole site. I'm not sure if I've tried just the > > webapp. I'm not sure if you need to compile the rewrite module for the > > redirect, but I don't think so. > > > > #httpd.conf VirtualHost section of myhost.mydomain > > Redirect / https://myhost.mydomain/mywebapp > > But I don't want to do this with the whole site, because there are parts that > should be accessible with normal HTTP. > > > Also, you can't include the mod_jk configuration. You must put the mount > > commands explicitly in each virtual host. If you include the modjk conf > > file "Include mod_jk.conf", then it will be global and all hosts will get > > access. This is likely your problem especially if you haven't put mod_jk > > mount commands in "ssl.conf". > > I did not put any JKMount statements in ssl.conf. Which do I need? Something > like this: > > JKMount /demo_02/* ajp13 > > Or anything else? I think I did not understood correctly what this JkMount > does. > > Ralf. > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: HTTPS with Apache 2.0.48 and Tomcat 5.0.16
Am Montag, 2. Februar 2004 21:47 schrieb Oscar Carrillo: > You must only mount (no global include mod_jk2.conf") the webapp in > "ssl.conf", and additionally you can redirect http to https in > "httpd.conf" so that ppl automatically get moved to https. I added the following three lines to ssl.conf (according to your howto): JkMount /demo_02/*.jsp ajp13 JkMount /demo_02 ajp13 JkMount /demo_02/* ajp13 But then I get an error when restarting Apache: Syntax error on line 114 of /usr/local/apache2/conf/ssl.conf: Invalid command 'JkMount', perhaps mis-spelled or defined by a module not included in the server configuration Did the syntax change from mod_jk to mod_jk2 for JkMount? Ralf. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: HTTPS with Apache 2.0.48 and Tomcat 5.0.16
You're right it's for mod_jk. But the httpd.conf would mostly be the same, which is where your problem is. You must only mount (no global include mod_jk2.conf") the webapp in "ssl.conf", and additionally you can redirect http to https in "httpd.conf" so that ppl automatically get moved to https. Oscar http://www.linuxjava.net/howto/webapp/ On Mon, 2 Feb 2004, Ralf Schneider wrote: > Am Montag, 2. Februar 2004 21:21 schrieb Oscar Carrillo: > > Please try what I describe in my earlier post, and check my web page for > > a better description: > > > > http://www.linuxjava.net/howto/webapp/ > > I took a look at it, but it seems to be a howto for mod_jk with Tomcat 4.1.x. > But I have used mod_jk2 with Tomcat 5.0.16. Does the Howto also work with > these newer versions? > > Ralf. > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: HTTPS with Apache 2.0.48 and Tomcat 5.0.16
Am Montag, 2. Februar 2004 21:26 schrieb Oscar Carrillo: > I believe you need to setup a VirtualHost section in httpd.conf even if > you don't really need Virtual Hosting. I did that. > Also try Redirecting the whole site. I'm not sure if I've tried just the > webapp. I'm not sure if you need to compile the rewrite module for the > redirect, but I don't think so. > > #httpd.conf VirtualHost section of myhost.mydomain > Redirect / https://myhost.mydomain/mywebapp But I don't want to do this with the whole site, because there are parts that should be accessible with normal HTTP. > Also, you can't include the mod_jk configuration. You must put the mount > commands explicitly in each virtual host. If you include the modjk conf > file "Include mod_jk.conf", then it will be global and all hosts will get > access. This is likely your problem especially if you haven't put mod_jk > mount commands in "ssl.conf". I did not put any JKMount statements in ssl.conf. Which do I need? Something like this: JKMount /demo_02/* ajp13 Or anything else? I think I did not understood correctly what this JkMount does. Ralf. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: HTTPS with Apache 2.0.48 and Tomcat 5.0.16
Am Montag, 2. Februar 2004 21:21 schrieb Oscar Carrillo: > Please try what I describe in my earlier post, and check my web page for > a better description: > > http://www.linuxjava.net/howto/webapp/ I took a look at it, but it seems to be a howto for mod_jk with Tomcat 4.1.x. But I have used mod_jk2 with Tomcat 5.0.16. Does the Howto also work with these newer versions? Ralf. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: HTTPS with Apache 2.0.48 and Tomcat 5.0.16
I believe you need to setup a VirtualHost section in httpd.conf even if you don't really need Virtual Hosting. Also try Redirecting the whole site. I'm not sure if I've tried just the webapp. I'm not sure if you need to compile the rewrite module for the redirect, but I don't think so. #httpd.conf VirtualHost section of myhost.mydomain Redirect / https://myhost.mydomain/mywebapp Also, you can't include the mod_jk configuration. You must put the mount commands explicitly in each virtual host. If you include the modjk conf file "Include mod_jk.conf", then it will be global and all hosts will get access. This is likely your problem especially if you haven't put mod_jk mount commands in "ssl.conf". Oscar http://www.linuxjava.net/howto/webapp/ On Mon, 2 Feb 2004, Ralf Schneider wrote: > Am Montag, 2. Februar 2004 21:01 schrieb Oscar Carrillo: > > I think what the user is looking for is this in httpd.conf for your > > virtual host: > > > > #httpd.conf VirtualHost section of myhost.mydomain > > Redirect /mywebapp https://myhost.mydomain/mywebapp > > I tried this, but it doesn't seem to work. I added this line to the virtual > host block for the Non-SSL part of the website in httpd.conf: > > Redirect /demo_02 https://localhost/demo_02 > > But I still can access the webapp with both http://localhost/demo_02 and > https://localhost/demo_02. > > Ralf. > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: HTTPS with Apache 2.0.48 and Tomcat 5.0.16
Please try what I describe in my earlier post, and check my web page for a better description: http://www.linuxjava.net/howto/webapp/ Oscar On Mon, 2 Feb 2004, Ralf Schneider wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > Am Montag, 2. Februar 2004 17:30 schrieb Yiannis Mavroukakis: > > Use the Location directive and stick SSLRequireSSL in it. > > > > > > SSLRequireSSL > > > > I tried this, but it doesn't seem to work. I actually have three location > sections in the virtual host section for SSL in my ssl.conf: > > > SSLRequireSSL > Order Allow,Deny > Allow from All > > > > AllowOverride None > deny from all > > > > AllowOverride None > deny from all > > > But I still can access the webapp with both http://localhost/demo_02 and > https://localhost/demo_02. > > Ralf. > -BEGIN PGP SIGNATURE- > Version: GnuPG v1.2.1 (GNU/Linux) > > iD8DBQFAHsJC7YyyfykA0YkRAl5SAJ94hC0SroJZOBZsCwykdNJS885sHwCghuqD > aR4aGgAWV+oEpv1QO8huIpA= > =ye1K > -END PGP SIGNATURE- > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: HTTPS with Apache 2.0.48 and Tomcat 5.0.16
Am Montag, 2. Februar 2004 21:01 schrieb Oscar Carrillo: > I think what the user is looking for is this in httpd.conf for your > virtual host: > > #httpd.conf VirtualHost section of myhost.mydomain > Redirect /mywebapp https://myhost.mydomain/mywebapp I tried this, but it doesn't seem to work. I added this line to the virtual host block for the Non-SSL part of the website in httpd.conf: Redirect /demo_02 https://localhost/demo_02 But I still can access the webapp with both http://localhost/demo_02 and https://localhost/demo_02. Ralf. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: HTTPS with Apache 2.0.48 and Tomcat 5.0.16
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Am Montag, 2. Februar 2004 17:30 schrieb Yiannis Mavroukakis: > Use the Location directive and stick SSLRequireSSL in it. > > > SSLRequireSSL > I tried this, but it doesn't seem to work. I actually have three location sections in the virtual host section for SSL in my ssl.conf: SSLRequireSSL Order Allow,Deny Allow from All AllowOverride None deny from all AllowOverride None deny from all But I still can access the webapp with both http://localhost/demo_02 and https://localhost/demo_02. Ralf. -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQFAHsJC7YyyfykA0YkRAl5SAJ94hC0SroJZOBZsCwykdNJS885sHwCghuqD aR4aGgAWV+oEpv1QO8huIpA= =ye1K -END PGP SIGNATURE- - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: HTTPS with Apache 2.0.48 and Tomcat 5.0.16
Hi, It sounds like you're talking about configuring Tomcat to do SSL, but I assume the user is using Apache for SSL. In the normal scenario the connector would ONLY communicate on port 8009. Port 8443 is generally for Tomcat to serve pages directly using SSL. I think what the user is looking for is this in httpd.conf for your virtual host: #httpd.conf VirtualHost section of myhost.mydomain Redirect /mywebapp https://myhost.mydomain/mywebapp Oscar http://www.linuxjava.net/howto/webapp/ On Mon, 2 Feb 2004, Jeff Tulley wrote: > You can also put a transport guarantee of "CONFIDENTIAL" in web.xml > When you do make sure that your redirect ports on the Apache connector > in server.xml are correct (default is 8443, needs to be 443 if you are > using Apache for SSL). > > > >>> [EMAIL PROTECTED] 2/2/04 10:32:51 AM >>> > I describe this in my HOWTO. > > http://www.linuxjava.net/howto/webapp/ > > You either redirect traffic from http to https for that virtual host, > or > you only mount the webapp in the http virtual host and not for the > https. > > Oscar Carrillo > > On Mon, 2 Feb 2004, Ralf Schneider wrote: > > > Am Montag, 2. Februar 2004 13:55 schrieb Yiannis Mavroukakis: > > > Best remove that line, stick it in your httpd.conf instead along > with the > > > hostname. > > > > This wasn't the problem. I did not notice that mod_ssl was not > compiled into > > httpd :-( After a rebuild of Apache (now with SSL support :-) and > works now. > > > > My last problem to solve (I hope :-) is how can I prevent user from > accessing > > the webapp with the normal HTTP protocol instead of HTTPS? At the > moment both > > works, but I only want it to work with HTTPS. > > > > Ralf. > > > > > > > - > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > > Jeff Tulley ([EMAIL PROTECTED]) > (801)861-5322 > Novell, Inc., The Leading Provider of Net Business Solutions > http://www.novell.com > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: HTTPS with Apache 2.0.48 and Tomcat 5.0.16
You can also put a transport guarantee of "CONFIDENTIAL" in web.xml When you do make sure that your redirect ports on the Apache connector in server.xml are correct (default is 8443, needs to be 443 if you are using Apache for SSL). >>> [EMAIL PROTECTED] 2/2/04 10:32:51 AM >>> I describe this in my HOWTO. http://www.linuxjava.net/howto/webapp/ You either redirect traffic from http to https for that virtual host, or you only mount the webapp in the http virtual host and not for the https. Oscar Carrillo On Mon, 2 Feb 2004, Ralf Schneider wrote: > Am Montag, 2. Februar 2004 13:55 schrieb Yiannis Mavroukakis: > > Best remove that line, stick it in your httpd.conf instead along with the > > hostname. > > This wasn't the problem. I did not notice that mod_ssl was not compiled into > httpd :-( After a rebuild of Apache (now with SSL support :-) and works now. > > My last problem to solve (I hope :-) is how can I prevent user from accessing > the webapp with the normal HTTP protocol instead of HTTPS? At the moment both > works, but I only want it to work with HTTPS. > > Ralf. > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Jeff Tulley ([EMAIL PROTECTED]) (801)861-5322 Novell, Inc., The Leading Provider of Net Business Solutions http://www.novell.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: HTTPS with Apache 2.0.48 and Tomcat 5.0.16
BTW, there's sample http.conf, ssl.conf, and server.xml files there. In the config files, I denote your host that resolves to an IP as "myhost.mydomain", and your virtual host as "host1.domain". http://www.linuxjava.net/howto/webapp/install_files/ Oscar On Mon, 2 Feb 2004, Oscar Carrillo wrote: > I describe this in my HOWTO. > > http://www.linuxjava.net/howto/webapp/ > > You either redirect traffic from http to https for that virtual host, or > you only mount the webapp in the http virtual host and not for the https. > > Oscar Carrillo > > On Mon, 2 Feb 2004, Ralf Schneider wrote: > > > Am Montag, 2. Februar 2004 13:55 schrieb Yiannis Mavroukakis: > > > Best remove that line, stick it in your httpd.conf instead along with the > > > hostname. > > > > This wasn't the problem. I did not notice that mod_ssl was not compiled into > > httpd :-( After a rebuild of Apache (now with SSL support :-) and works now. > > > > My last problem to solve (I hope :-) is how can I prevent user from accessing > > the webapp with the normal HTTP protocol instead of HTTPS? At the moment both > > works, but I only want it to work with HTTPS. > > > > Ralf. > > > > > > - > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: HTTPS with Apache 2.0.48 and Tomcat 5.0.16
I describe this in my HOWTO. http://www.linuxjava.net/howto/webapp/ You either redirect traffic from http to https for that virtual host, or you only mount the webapp in the http virtual host and not for the https. Oscar Carrillo On Mon, 2 Feb 2004, Ralf Schneider wrote: > Am Montag, 2. Februar 2004 13:55 schrieb Yiannis Mavroukakis: > > Best remove that line, stick it in your httpd.conf instead along with the > > hostname. > > This wasn't the problem. I did not notice that mod_ssl was not compiled into > httpd :-( After a rebuild of Apache (now with SSL support :-) and works now. > > My last problem to solve (I hope :-) is how can I prevent user from accessing > the webapp with the normal HTTP protocol instead of HTTPS? At the moment both > works, but I only want it to work with HTTPS. > > Ralf. > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: HTTPS with Apache 2.0.48 and Tomcat 5.0.16
D'oh! :) You would still need the listen directive for it to work btw;) As far as that is concerned, a fellow list member had the same requirements some time ago this is what I suggested and it worked for him. Use the Location directive and stick SSLRequireSSL in it. SSLRequireSSL Yiannis. -Original Message- From: Ralf Schneider [mailto:[EMAIL PROTECTED] Sent: 02 February 2004 16:13 To: Tomcat Users List Subject: Re: HTTPS with Apache 2.0.48 and Tomcat 5.0.16 Am Montag, 2. Februar 2004 13:55 schrieb Yiannis Mavroukakis: > Best remove that line, stick it in your httpd.conf instead along with the > hostname. This wasn't the problem. I did not notice that mod_ssl was not compiled into httpd :-( After a rebuild of Apache (now with SSL support :-) and works now. My last problem to solve (I hope :-) is how can I prevent user from accessing the webapp with the normal HTTP protocol instead of HTTPS? At the moment both works, but I only want it to work with HTTPS. Ralf. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] This e-mail has been scanned for all viruses by Star Internet. The service is powered by MessageLabs. Note:__ This message is for the named person's use only. It may contain confidential, proprietary or legally privileged information. No confidentiality or privilege is waived or lost by any mistransmission. If you receive this message in error, please immediately delete it and all copies of it from your system, destroy any hard copies of it and notify the sender. You must not, directly or indirectly, use, disclose, distribute, print, or copy any part of this message if you are not the intended recipient. Jaguar Freight Services and any of its subsidiaries each reserve the right to monitor all e-mail communications through its networks. Any views expressed in this message are those of the individual sender, except where the message states otherwise and the sender is authorized to state them to be the views of any such entity. This e-mail has been scanned for all viruses by Star Internet. The service is powered by MessageLabs.
Re: HTTPS with Apache 2.0.48 and Tomcat 5.0.16
Am Montag, 2. Februar 2004 13:55 schrieb Yiannis Mavroukakis: > Best remove that line, stick it in your httpd.conf instead along with the > hostname. This wasn't the problem. I did not notice that mod_ssl was not compiled into httpd :-( After a rebuild of Apache (now with SSL support :-) and works now. My last problem to solve (I hope :-) is how can I prevent user from accessing the webapp with the normal HTTP protocol instead of HTTPS? At the moment both works, but I only want it to work with HTTPS. Ralf. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: HTTPS with Apache 2.0.48 and Tomcat 5.0.16
Best remove that line, stick it in your httpd.conf instead along with the hostname. -Original Message- From: Ralf Schneider [mailto:[EMAIL PROTECTED] Sent: 02 February 2004 12:16 To: Tomcat Users List Subject: Re: HTTPS with Apache 2.0.48 and Tomcat 5.0.16 -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Am Montag, 2. Februar 2004 13:00 schrieb Yiannis Mavroukakis: > This is an httpd question but here goes :) > Just because you declared your virtual host/port pair that doesn't > mean that httpd is listening to port 443. > Therefore you need to add a Listen directive to your conf: > > Listen your_virtual_host_name:443 My ssl.conf contains the following line: Listen 443 Do I have to insert the hostname here? Ralf. -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQFAHj+I7YyyfykA0YkRAp5JAJ4wGvqjJVDfAhIg+m0IANHNbsZfxgCffWMW vc/N/KOQWHH/iWKbRPk1IQ4= =iwMU -END PGP SIGNATURE- - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] This e-mail has been scanned for all viruses by Star Internet. The service is powered by MessageLabs. Note:__ This message is for the named person's use only. It may contain confidential, proprietary or legally privileged information. No confidentiality or privilege is waived or lost by any mistransmission. If you receive this message in error, please immediately delete it and all copies of it from your system, destroy any hard copies of it and notify the sender. You must not, directly or indirectly, use, disclose, distribute, print, or copy any part of this message if you are not the intended recipient. Jaguar Freight Services and any of its subsidiaries each reserve the right to monitor all e-mail communications through its networks. Any views expressed in this message are those of the individual sender, except where the message states otherwise and the sender is authorized to state them to be the views of any such entity. This e-mail has been scanned for all viruses by Star Internet. The service is powered by MessageLabs.
Re: HTTPS with Apache 2.0.48 and Tomcat 5.0.16
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Am Montag, 2. Februar 2004 13:00 schrieb Yiannis Mavroukakis: > This is an httpd question but here goes :) > Just because you declared your virtual host/port pair that doesn't > mean that httpd is listening to port 443. > Therefore you need to add a Listen directive to your conf: > > Listen your_virtual_host_name:443 My ssl.conf contains the following line: Listen 443 Do I have to insert the hostname here? Ralf. -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQFAHj+I7YyyfykA0YkRAp5JAJ4wGvqjJVDfAhIg+m0IANHNbsZfxgCffWMW vc/N/KOQWHH/iWKbRPk1IQ4= =iwMU -END PGP SIGNATURE- - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: HTTPS with Apache 2.0.48 and Tomcat 5.0.16
This is an httpd question but here goes :)
Just because you declared your virtual host/port pair that doesn't
mean that httpd is listening to port 443.
Therefore you need to add a Listen directive to your conf:
Listen your_virtual_host_name:443
and you should be set.
Yiannis
-Original Message-
From: Ralf Schneider [mailto:[EMAIL PROTECTED]
Sent: 02 February 2004 11:42
To: 'Tomcat Users List'
Subject: HTTPS with Apache 2.0.48 and Tomcat 5.0.16
Hi,
I try to set an Apache 2.0.48 with a connection to Tomcat 5.0.16 via mod_jk2
2.0.2. The static pages should be accessed via normal HTTP whereas the
dynamic pages of my webapp should only be accessible via HTTPS for security.
I installed a certificate in /usr/local/apache2/conf/ssl.cert and set up a
virtual host for the SSL pages in ssl.conf:
DocumentRoot "/usr/local/tomcat/webapps/demo_02"
ServerName www.development.home:443
ServerAdmin [EMAIL PROTECTED]
ErrorLog /usr/local/apache2/logs/error_log
TransferLog /usr/local/apache2/logs/access_log
Alias /demo_02 "/usr/local/tomcat/webapps/demo_02"
AllowOverride None
deny from all
AllowOverride None
deny from all
JKMount /demo_02/*.do ajp13
JKMount /demo_02/*.jsp ajp13
JKMount /demo_02 ajp13
JKMount /demo_02/* ajp13
SSLEngine on
SSLCipherSuite
ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateFile /usr/local/apache2/conf/ssl.crt/server.crt
SSLCertificateKeyFile /usr/local/apache2/conf/ssl.key/server.key
SSLOptions +StdEnvVars
SSLOptions +StdEnvVars
SetEnvIf User-Agent ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
CustomLog /usr/local/apache2/logs/ssl_request_log \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
When I call the webapp over http://localhost/demo_02 everything works fine.
The request to my webapp is forwarded to Tomcat. But when I switch to https
I
get "Connection refused" from the browser. I do not see anything in any log
file.
Did I miss a configuration step? Or did I misconfigure something?
Ralf.
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
This e-mail has been scanned for all viruses by Star Internet. The
service is powered by MessageLabs.
Note:__
This message is for the named person's use only. It may contain
confidential, proprietary or legally privileged information. No
confidentiality or privilege is waived or lost by any mistransmission.
If you receive this message in error, please immediately delete it and
all copies of it from your system, destroy any hard copies of it and
notify the sender. You must not, directly or indirectly, use, disclose,
distribute, print, or copy any part of this message if you are not the
intended recipient. Jaguar Freight Services and any of its subsidiaries
each reserve the right to monitor all e-mail communications through its
networks.
Any views expressed in this message are those of the individual sender,
except where the message states otherwise and the sender is authorized
to state them to be the views of any such entity.
This e-mail has been scanned for all viruses by Star Internet. The
service is powered by MessageLabs.
