RE: Proxypass Question

2012-03-06 Thread Martin Gainty 

Perfectly Normal

if a http request comes in yoiu want to 
1)log the request ( writing the HTTP Env Vars)
2)forward to https

if a https request comes in you want to 
1)log (writing the HTTP Env vars)
2)authenticate

does your client that uses Tomcat have at least *read access* to 
/mnt/html/example/www.example.com.key

Viel Gluck!
Martin 
__ 
Verzicht und Vertraulichkeitanmerkung/Note de déni et de confidentialité

Diese Nachricht ist vertraulich. Sollten Sie nicht der vorgesehene Empfaenger 
sein, so bitten wir hoeflich um eine Mitteilung. Jede unbefugte Weiterleitung 
oder Fertigung einer Kopie ist unzulaessig. Diese Nachricht dient lediglich dem 
Austausch von Informationen und entfaltet keine rechtliche Bindungswirkung. 
Aufgrund der leichten Manipulierbarkeit von E-Mails koennen wir keine Haftung 
fuer den Inhalt uebernehmen.
Ce message est confidentiel et peut être privilégié. Si vous n'êtes pas le 
destinataire prévu, nous te demandons avec bonté que pour satisfaire informez 
l'expéditeur. N'importe quelle diffusion non autorisée ou la copie de ceci est 
interdite. Ce message sert à l'information seulement et n'aura pas n'importe 
quel effet légalement obligatoire. Étant donné que les email peuvent facilement 
être sujets à la manipulation, nous ne pouvons accepter aucune responsabilité 
pour le contenu fourni.


 From: truck...@woodbridgedata.com
 To: users@tomcat.apache.org
 Subject: Proxypass Question
 Date: Mon, 5 Mar 2012 23:18:52 -0500
 
 Greetings,
 
 I'm not sure whether this is a tomcat6 issue or an apache issue, but I 
 thought maybe I would start here if no one minds.
 
 We have a domain name and we have apache answering the door on both 
 https(443) and http(80).  What we'd like to do is proxypass port 443 to 
 tomcat6, and have port 80 serve html files normally on that domain name (i.e. 
 different content)
 
 So, we defined such in /etc/httpd/conf.d/virtuals.conf like so:
 
 NameVirtualHost *:443
 
 VirtualHost *:443
 ServerName www.example.com:443
 SSLEngine on
 SSLCipherSuite 
 ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
 SSLCertificateFile /mnt/html/example/example.com.crt
 SSLCertificateKeyFile /mnt/html/example/www.example.com.key
 ProxyPass / ajp://localhost:8009/
 /VirtualHost
 
 NameVirtualHost *:80
 
 VirtualHost *:80
 ServerName www.example.com:80
 #ProxyPass / ajp://localhost:8009/
 DocumentRoot/mnt/html/example
 /VirtualHost
 
 With the above, nothing works and in the /var/log/error_log file we see an 
 entry for file does not exist /mnt/html/example/, and we get that entry 
 regardless whether we hit ports 443 or port 80 - which tells us nothing is 
 proxying when set this way.
 
 If we change the latter part of the configuration file to this:
 
 NameVirtualHost *:80
 
 VirtualHost *:80
 ServerName www.example.com:80
 ProxyPass / ajp://localhost:8009/
 #DocumentRoot/mnt/html/example
 /VirtualHost
 
 Then https: does in fact proxy up to tomcat6, the application loads, and all 
 is well.  However, it does the very same thing for port 80 as the proxypass 
 statement is there also.
 
 Proxypass seems to only work if both ports are proxied, and not work if 
 either port is not proxied.
 
 My question is this - is that the normal/expected behavior of proxypass, or 
 should we keep digging elsewhere?
 
 Thank you very much!
 
 
 
 
 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Proxypass Question

2012-03-06 Thread André Warnier 

Truckman wrote:

As per list member Pid, I am starting a new thread rather than
lobotomizing an existing one.  Pid, you're right, my apologies, I was being
lazy.

Using apache virtual hosting, I am trying to forward port 443 to tomcat, yet
have port 80 serve normal local content in the traditional fashion.  The
reason for this is by business policy the application running on tomcat must
be accessed via https using ssl, and the user instruction manual for that
application resides on port 80, and is just a bunch of html files.

Meaning:

   (443) https://www.example.org - proxypass / ajp -- tomcat6
   (80) http://www.example.org - serves html files from /mnt/html/example


To achieve this, we created the following definitions within
/etc/httpd/conf.d/virtuals.conf:

NameVirtualHost *:443

VirtualHost *:443
ServerName www.example.com:443
SSLEngine on
SSLCipherSuite
ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateFile /mnt/html/example/example.com.crt
SSLCertificateKeyFile /mnt/html/example/www.example.com.key
ProxyPass / ajp://localhost:8009/
/VirtualHost

NameVirtualHost *:80

VirtualHost *:80
ServerName www.example.com:80
#ProxyPass / ajp://localhost:8009/
DocumentRoot/mnt/html/example
/VirtualHost


Unfortunately, the above doesn't work.  It appears we have to change the
port 80 definition to the below to allow port 443 to proxy through ajp:

VirtualHost *:80
ServerName www.example.com:80
ProxyPass / ajp://localhost:8009/
#DocumentRoot/mnt/html/example
/VirtualHost

Does proxypass ajp REQUIRE that both ports be forwarded?  Or can we have
port 443 proxy up to tomcat, and port 80 serve ordinary, boring, html files?



What if you simply do /not/ specify the port number in your ServerName 
directives above ?


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Proxypass Question

2012-03-05 Thread Pid 
Please start an entirely new thread, rather than replying to and editing
an existing, already rather long and confusing thread[1].


p


1. Re: [Tomcat JDBC Pool] Close pooled connections via JMX



signature.asc
Description: OpenPGP digital signature