Re: Proxypass Question

2012-03-06 Thread André Warnier 

Truckman wrote:

As per list member "Pid", I am starting a new thread rather than
lobotomizing an existing one.  Pid, you're right, my apologies, I was being
lazy.

Using apache virtual hosting, I am trying to forward port 443 to tomcat, yet
have port 80 serve "normal" local content in the traditional fashion.  The
reason for this is by business policy the application running on tomcat must
be accessed via https using ssl, and the user instruction manual for that
application resides on port 80, and is just a bunch of html files.

Meaning:

   (443) https://www.example.org -> proxypass / ajp --> tomcat6
   (80) http://www.example.org -> serves html files from /mnt/html/example


To achieve this, we created the following definitions within
/etc/httpd/conf.d/virtuals.conf:

NameVirtualHost *:443


ServerName www.example.com:443
SSLEngine on
SSLCipherSuite
ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateFile /mnt/html/example/example.com.crt
SSLCertificateKeyFile /mnt/html/example/www.example.com.key
ProxyPass / ajp://localhost:8009/


NameVirtualHost *:80


ServerName www.example.com:80
#ProxyPass / ajp://localhost:8009/
DocumentRoot/mnt/html/example



Unfortunately, the above doesn't work.  It appears we have to change the
port 80 definition to the below to allow port 443 to proxy through ajp:


ServerName www.example.com:80
ProxyPass / ajp://localhost:8009/
#DocumentRoot/mnt/html/example


Does proxypass ajp REQUIRE that both ports be forwarded?  Or can we have
port 443 proxy up to tomcat, and port 80 serve ordinary, boring, html files?



What if you simply do /not/ specify the port number in your "ServerName" 
directives above ?


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: Proxypass Question

2012-03-06 Thread Martin Gainty 

Perfectly Normal

if a http request comes in yoiu want to 
1)log the request ( writing the HTTP Env Vars)
2)forward to https

if a https request comes in you want to 
1)log (writing the HTTP Env vars)
2)authenticate

does your client that uses Tomcat have at least *read access* to 
/mnt/html/example/www.example.com.key

Viel Gluck!
Martin 
__ 
Verzicht und Vertraulichkeitanmerkung/Note de déni et de confidentialité

Diese Nachricht ist vertraulich. Sollten Sie nicht der vorgesehene Empfaenger 
sein, so bitten wir hoeflich um eine Mitteilung. Jede unbefugte Weiterleitung 
oder Fertigung einer Kopie ist unzulaessig. Diese Nachricht dient lediglich dem 
Austausch von Informationen und entfaltet keine rechtliche Bindungswirkung. 
Aufgrund der leichten Manipulierbarkeit von E-Mails koennen wir keine Haftung 
fuer den Inhalt uebernehmen.
Ce message est confidentiel et peut être privilégié. Si vous n'êtes pas le 
destinataire prévu, nous te demandons avec bonté que pour satisfaire informez 
l'expéditeur. N'importe quelle diffusion non autorisée ou la copie de ceci est 
interdite. Ce message sert à l'information seulement et n'aura pas n'importe 
quel effet légalement obligatoire. Étant donné que les email peuvent facilement 
être sujets à la manipulation, nous ne pouvons accepter aucune responsabilité 
pour le contenu fourni.


> From: truck...@woodbridgedata.com
> To: users@tomcat.apache.org
> Subject: Proxypass Question
> Date: Mon, 5 Mar 2012 23:18:52 -0500
> 
> Greetings,
> 
> I'm not sure whether this is a tomcat6 issue or an apache issue, but I 
> thought maybe I would start here if no one minds.
> 
> We have a domain name and we have apache answering the door on both 
> https(443) and http(80).  What we'd like to do is proxypass port 443 to 
> tomcat6, and have port 80 serve html files normally on that domain name (i.e. 
> different content)
> 
> So, we defined such in /etc/httpd/conf.d/virtuals.conf like so:
> 
> NameVirtualHost *:443
> 
> 
> ServerName www.example.com:443
> SSLEngine on
> SSLCipherSuite 
> ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
> SSLCertificateFile /mnt/html/example/example.com.crt
> SSLCertificateKeyFile /mnt/html/example/www.example.com.key
> ProxyPass / ajp://localhost:8009/
> 
> 
> NameVirtualHost *:80
> 
> 
> ServerName www.example.com:80
> #ProxyPass / ajp://localhost:8009/
> DocumentRoot/mnt/html/example
> 
> 
> With the above, nothing works and in the /var/log/error_log file we see an 
> entry for "file does not exist /mnt/html/example/", and we get that entry 
> regardless whether we hit ports 443 or port 80 - which tells us nothing is 
> proxying when set this way.
> 
> If we change the latter part of the configuration file to this:
> 
> NameVirtualHost *:80
> 
> 
> ServerName www.example.com:80
> ProxyPass / ajp://localhost:8009/
> #DocumentRoot/mnt/html/example
> 
> 
> Then https: does in fact proxy up to tomcat6, the application loads, and all 
> is well.  However, it does the very same thing for port 80 as the proxypass 
> statement is there also.
> 
> Proxypass seems to only work if both ports are proxied, and not work if 
> either port is not proxied.
> 
> My question is this - is that the normal/expected behavior of proxypass, or 
> should we keep digging elsewhere?
> 
> Thank you very much!
> 
> 
> 
> 
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>

Re: Proxypass Question

2012-03-05 Thread Pid 
Please start an entirely new thread, rather than replying to and editing
an existing, already rather long and confusing thread[1].


p


1. Re: [Tomcat JDBC Pool] Close pooled connections via JMX



signature.asc
Description: OpenPGP digital signature