Re: Configure http and https with apache and jboss
it would be awesome if you could make a wiki page out of this... -igor On Wed, Jul 6, 2011 at 8:47 AM, vp143 wrote: > All, > > I think I have this resolved, at least no problems so far. > > There were many things that I needed to add: > 1) Within server.xml, I added proxyName and proxyPort to the 8080 connector. > I found this in the Tomcat documentation "When you are running behind a > proxy server (or a web server that is configured to behave like a proxy > server), you will sometimes prefer to manage the values returned by these > calls. In particular, you will generally want the port number to reflect > that specified in the original request, not the one on which the Connector > itself is listening. You can use the proxyName and proxyPort attributes on > the element to configure these values." > > I also added a NEW connector at 8443 for https support. I found that > request.getScheme and similar code was returning incorrect values. To solve > this, this connector should have the value scheme="https". > > Here are the new connectors: > > connectionTimeout="2" proxyName="myserver.com" proxyPort="80"/> > > connectionTimeout="2" proxyName="myserver.com" proxyPort="443" > scheme="https" /> > > 2) A mistake I made was putting myserver.com within the ProxyPass and > ProxyPassReverse. This was a mistake because this address was not valid for > port 8080 as my firewall was blocking it. My firewall only allows 80 and > 443. I change these values to localhost. Additionally, the VirtualHost for > 443 should point to 8443- the new connector created above. > > Additionally, the myapp is removed entirely (see the next point for the > reasons). > > The httpd.conf I have now is as follows: > > NameVirtualHost *:80 > > ServerName myserver.com:80 > > ProxyPreserveHost On > ProxyPass / http://localhost:8080/ > ProxyPassReverse / http://localhost:8080/ > > > NameVirtualHost *:443 > > ServerName myserver.com:443 > > SSLEngine On > SSLCertificateKeyFile /etc/ssl/private/server.key > SSLCertificateFile /etc/ssl/certs/server.crt > > ProxyPass / http://localhost:8443/ > ProxyPassReverse / http://localhost:8443/ > > #Cookie stuff- untested for now > ProxyPreserveHost On > ProxyPassReverseCookiePath / / > > > 3) Finally, my war file that I deploy needs to be called ROOT.war. From the > Jboss documentation "The only special case to this naming special name ROOT. > To deploy an application under the root context, you simply name it > ROOT.war. JBoss already contains a ROOT.war web application in the > jbossweb.sar directory. You will need to remove or rename that one to create > your own root application." Renaming it ROOT removes the myapp in the url > within wicket. > > I hope this helps any one else trying to setup in a similar way. As I first > thought, it wasnt anything in wicket. Thank you all for your help. > > -- > View this message in context: > http://apache-wicket.1842946.n4.nabble.com/Configure-http-and-https-with-apache-and-jboss-tp3633546p3649180.html > Sent from the Users forum mailing list archive at Nabble.com. > > - > To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org > For additional commands, e-mail: users-h...@wicket.apache.org > > - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org
Re: Configure http and https with apache and jboss
All, I think I have this resolved, at least no problems so far. There were many things that I needed to add: 1) Within server.xml, I added proxyName and proxyPort to the 8080 connector. I found this in the Tomcat documentation "When you are running behind a proxy server (or a web server that is configured to behave like a proxy server), you will sometimes prefer to manage the values returned by these calls. In particular, you will generally want the port number to reflect that specified in the original request, not the one on which the Connector itself is listening. You can use the proxyName and proxyPort attributes on the element to configure these values." I also added a NEW connector at 8443 for https support. I found that request.getScheme and similar code was returning incorrect values. To solve this, this connector should have the value scheme="https". Here are the new connectors: 2) A mistake I made was putting myserver.com within the ProxyPass and ProxyPassReverse. This was a mistake because this address was not valid for port 8080 as my firewall was blocking it. My firewall only allows 80 and 443. I change these values to localhost. Additionally, the VirtualHost for 443 should point to 8443- the new connector created above. Additionally, the myapp is removed entirely (see the next point for the reasons). The httpd.conf I have now is as follows: NameVirtualHost *:80 ServerName myserver.com:80 ProxyPreserveHost On ProxyPass / http://localhost:8080/ ProxyPassReverse / http://localhost:8080/ NameVirtualHost *:443 ServerName myserver.com:443 SSLEngine On SSLCertificateKeyFile /etc/ssl/private/server.key SSLCertificateFile /etc/ssl/certs/server.crt ProxyPass / http://localhost:8443/ ProxyPassReverse / http://localhost:8443/ #Cookie stuff- untested for now ProxyPreserveHost On ProxyPassReverseCookiePath / / 3) Finally, my war file that I deploy needs to be called ROOT.war. From the Jboss documentation "The only special case to this naming special name ROOT. To deploy an application under the root context, you simply name it ROOT.war. JBoss already contains a ROOT.war web application in the jbossweb.sar directory. You will need to remove or rename that one to create your own root application." Renaming it ROOT removes the myapp in the url within wicket. I hope this helps any one else trying to setup in a similar way. As I first thought, it wasnt anything in wicket. Thank you all for your help. -- View this message in context: http://apache-wicket.1842946.n4.nabble.com/Configure-http-and-https-with-apache-and-jboss-tp3633546p3649180.html Sent from the Users forum mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org
Re: Configure http and https with apache and jboss
Thats correct, your entire HTTPS set up can be only from Apache outwards and AJP/HTTP between Apache and JBoss/Tomcat. On Fri, Jul 1, 2011 at 9:45 AM, vp143 wrote: > I have seen posts talking about this connector in Tomcat/Jboss > >port="8443" address="${jboss.bind.address}" > scheme="https" secure="true" clientAuth="false" > keystoreFile="${jboss.server.home.dir}/conf/chap8.keystore" > keystorePass="rmi+ssl" sslProtocol = "TLS" /> > > My understanding from what I have read is that this connector does not need > to be enabled because I am using Apache as the web server which handles all > the SSL traffic i.e SSL traffic is transparent to the Tomcat/Jboss, hence > ProxyPass etc are forwarding to port 8080 even for VirtualHost 443. > Can anyone verify this is correct? > > On 1 Jul 2011, at 14:32, Martin Grigorov-4 [via Apache Wicket] wrote: > > > Your Apache conf is SSL for 443, but the proxyed web server (Tomcat?!) > > is http:// > > Maybe this is the problem. > > > > > > If you reply to this email, your message will be added to the discussion > below: > > > http://apache-wicket.1842946.n4.nabble.com/Configure-http-and-https-with-apache-and-jboss-tp3633546p3638211.html > > To unsubscribe from Configure http and https with apache and jboss, click > here. > > > > -- > View this message in context: > http://apache-wicket.1842946.n4.nabble.com/Configure-http-and-https-with-apache-and-jboss-tp3633546p3638231.html > Sent from the Users forum mailing list archive at Nabble.com. > > - > To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org > For additional commands, e-mail: users-h...@wicket.apache.org > > -- Jeremy Levy
Re: Configure http and https with apache and jboss
I have seen posts talking about this connector in Tomcat/Jboss My understanding from what I have read is that this connector does not need to be enabled because I am using Apache as the web server which handles all the SSL traffic i.e SSL traffic is transparent to the Tomcat/Jboss, hence ProxyPass etc are forwarding to port 8080 even for VirtualHost 443. Can anyone verify this is correct? On 1 Jul 2011, at 14:32, Martin Grigorov-4 [via Apache Wicket] wrote: > Your Apache conf is SSL for 443, but the proxyed web server (Tomcat?!) > is http:// > Maybe this is the problem. > > > If you reply to this email, your message will be added to the discussion > below: > http://apache-wicket.1842946.n4.nabble.com/Configure-http-and-https-with-apache-and-jboss-tp3633546p3638211.html > To unsubscribe from Configure http and https with apache and jboss, click > here. -- View this message in context: http://apache-wicket.1842946.n4.nabble.com/Configure-http-and-https-with-apache-and-jboss-tp3633546p3638231.html Sent from the Users forum mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org
Re: Configure http and https with apache and jboss
Your Apache conf is SSL for 443, but the proxyed web server (Tomcat?!) is http:// Maybe this is the problem. On Fri, Jul 1, 2011 at 4:23 PM, vp143 wrote: > I am delving into the SwitchProtocolRequestTarget code a little to see if it > gives me any answers. When the requireProtocol is called the protocol is > https but request.getScheme() returns http. Why would this be? > > -- > View this message in context: > http://apache-wicket.1842946.n4.nabble.com/Configure-http-and-https-with-apache-and-jboss-tp3633546p3638188.html > Sent from the Users forum mailing list archive at Nabble.com. > > - > To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org > For additional commands, e-mail: users-h...@wicket.apache.org > > -- Martin Grigorov jWeekend Training, Consulting, Development http://jWeekend.com - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org
Re: Configure http and https with apache and jboss
I am delving into the SwitchProtocolRequestTarget code a little to see if it gives me any answers. When the requireProtocol is called the protocol is https but request.getScheme() returns http. Why would this be? -- View this message in context: http://apache-wicket.1842946.n4.nabble.com/Configure-http-and-https-with-apache-and-jboss-tp3633546p3638188.html Sent from the Users forum mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org
Re: Configure http and https with apache and jboss
/myapp is only used within the apache httpd.conf and not accessing it through the browser. The pages are accessed like http://myserver.com/ and hopefully https://myserver.com/login A debug output from getUrl shows the link obtained is https://myserver.com/myapp/login (I think from request.getRequestURI()) -- View this message in context: http://apache-wicket.1842946.n4.nabble.com/Configure-http-and-https-with-apache-and-jboss-tp3633546p3635405.html Sent from the Users forum mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org
Re: Configure http and https with apache and jboss
On Thu, Jun 30, 2011 at 1:34 PM, vp143 wrote: > One additional point... if I take out > protected IRequestCycleProcessor newRequestCycleProcessor() { > HttpsConfig config = new HttpsConfig(80, 443); > return new HttpsRequestCycleProcessor(config); > } > and I navigate manually to an https link i.e. https://myserver.com/login. In your previous mails you used "/myapp" as context path. Your Apache config also setups it. Now you say that the page is reachable without "/myapp" ?! > Everything looks fine, loads, padlock etc is working as expected. > So I am sure them the answer is in > HttpsRequestCycleProcessor/SwitchProtocolRequestTarget although the fix may > be in the setup of the web server. > > Any other suggestions on what to look out for in > HttpsRequestCycleProcessor/SwitchProtocolRequestTarget classes? > > -- > View this message in context: > http://apache-wicket.1842946.n4.nabble.com/Configure-http-and-https-with-apache-and-jboss-tp3633546p3635299.html > Sent from the Users forum mailing list archive at Nabble.com. > > - > To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org > For additional commands, e-mail: users-h...@wicket.apache.org > > -- Martin Grigorov jWeekend Training, Consulting, Development http://jWeekend.com - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org
Re: Configure http and https with apache and jboss
One additional point... if I take out protected IRequestCycleProcessor newRequestCycleProcessor() { HttpsConfig config = new HttpsConfig(80, 443); return new HttpsRequestCycleProcessor(config); } and I navigate manually to an https link i.e. https://myserver.com/login. Everything looks fine, loads, padlock etc is working as expected. So I am sure them the answer is in HttpsRequestCycleProcessor/SwitchProtocolRequestTarget although the fix may be in the setup of the web server. Any other suggestions on what to look out for in HttpsRequestCycleProcessor/SwitchProtocolRequestTarget classes? -- View this message in context: http://apache-wicket.1842946.n4.nabble.com/Configure-http-and-https-with-apache-and-jboss-tp3633546p3635299.html Sent from the Users forum mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org
Re: Configure http and https with apache and jboss
Right. 443 is not needed if the protocol is HTTPS. It should be something in the setup of the web servers ... On Thu, Jun 30, 2011 at 1:04 PM, vp143 wrote: > The port being passed was null. The code in HttpsRequestCycleProcessor that > sets the port is: > Integer port = null; > if (protocol == Protocol.HTTP) { > if (processor.getConfig().getHttpPort() != 80) { > port = processor.getConfig().getHttpPort(); > } > } > else if (protocol == Protocol.HTTPS) { > if (processor.getConfig().getHttpsPort() != 443) { > port = processor.getConfig().getHttpsPort(); > } > } > Why is the port only set if its not 80 or 443. If its 80 or 443 then its > null. I guess if its the default ports then they do not need to be set? > > I amended the code so that a port is set, but still no difference i.e. I > still get a 404. > > -- > View this message in context: > http://apache-wicket.1842946.n4.nabble.com/Configure-http-and-https-with-apache-and-jboss-tp3633546p3635246.html > Sent from the Users forum mailing list archive at Nabble.com. > > - > To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org > For additional commands, e-mail: users-h...@wicket.apache.org > > -- Martin Grigorov jWeekend Training, Consulting, Development http://jWeekend.com - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org
Re: Configure http and https with apache and jboss
The port being passed was null. The code in HttpsRequestCycleProcessor that sets the port is: Integer port = null; if (protocol == Protocol.HTTP) { if (processor.getConfig().getHttpPort() != 80) { port = processor.getConfig().getHttpPort(); } } else if (protocol == Protocol.HTTPS) { if (processor.getConfig().getHttpsPort() != 443) { port = processor.getConfig().getHttpsPort(); } } Why is the port only set if its not 80 or 443. If its 80 or 443 then its null. I guess if its the default ports then they do not need to be set? I amended the code so that a port is set, but still no difference i.e. I still get a 404. -- View this message in context: http://apache-wicket.1842946.n4.nabble.com/Configure-http-and-https-with-apache-and-jboss-tp3633546p3635246.html Sent from the Users forum mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org
Re: Configure http and https with apache and jboss
Put a breakpoint at org.apache.wicket.protocol.https.SwitchProtocolRequestTarget.respond(RequestCycle) and see what port is passed to org.apache.wicket.protocol.https.SwitchProtocolRequestTarget.getUrl(String, Integer, HttpServletRequest) On Thu, Jun 30, 2011 at 11:01 AM, vp143 wrote: > The MyHttpsRequestCycleProcessor was just used to debug i.e. no changes of > code. The same problem is there without my custom class. > > You say the httpsPort is being ignored. How can I check this? What should be > outputted if I print the url as nothing is being outputted? > > -- > View this message in context: > http://apache-wicket.1842946.n4.nabble.com/Configure-http-and-https-with-apache-and-jboss-tp3633546p3635048.html > Sent from the Users forum mailing list archive at Nabble.com. > > - > To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org > For additional commands, e-mail: users-h...@wicket.apache.org > > -- Martin Grigorov jWeekend Training, Consulting, Development http://jWeekend.com - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org
Re: Configure http and https with apache and jboss
The MyHttpsRequestCycleProcessor was just used to debug i.e. no changes of code. The same problem is there without my custom class. You say the httpsPort is being ignored. How can I check this? What should be outputted if I print the url as nothing is being outputted? -- View this message in context: http://apache-wicket.1842946.n4.nabble.com/Configure-http-and-https-with-apache-and-jboss-tp3633546p3635048.html Sent from the Users forum mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org
Re: Configure http and https with apache and jboss
On Wed, Jun 29, 2011 at 8:58 PM, Vishal Popat wrote: > I am trying to configure my web app to use http and https. I am using the > following code in my Application class: > protected IRequestCycleProcessor newRequestCycleProcessor() { > HttpsConfig config = new HttpsConfig(80, 443); > return new MyHttpsRequestCycleProcessor(config); What is MyHttpsRequestCycleProcessor ? This is your class which I guess extends from Wicket's HttpsRequestCycleProcessor. Maybe here is the problem. It seems HttpsConfig's httpsPort is ignored. > } > WebPages such as Login, MyAccount etc have the @RequireHttps annotation. > > I receive a 404 error when clicking on any page which have the @RequireHttps > A bit of debugging shows that the link its trying to access is > https://myserver.com/myapp/login. I am trying to have my web application not > have a context root i.e. the myapp should not be there. > > I have looked at various threads which have slightly different scenarios > without success. I have tried various other setup configs with different > results. > Any help would be appreciated. > > My setup is below: > Ubuntu 11.04 > Apache/2.2.17 (Unix) > JbossAS 6 > Wicket 1.4.15 > > I am using Apache as the front web server which I want to handle http and > https > I have the following within my httpd.conf: > > NameVirtualHost *:80 > > ServerName myserver.com:80 > > ProxyPass / http://myserver.com:8080/myapp/ > ProxyPassReverse / http://myserver.com:8080/myapp/ > > > NameVirtualHost *:443 > > ServerName myserver.com:443 > > SSLEngine On > SSLCertificateKeyFile /etc/ssl/private/server.key > SSLCertificateFile /etc/ssl/certs/server.crt > > ProxyPass / http://myserver.com:8080/myapp/ > ProxyPassReverse / http://myserver.com:8080/myapp/ > > > Regards > Vishal > - > To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org > For additional commands, e-mail: users-h...@wicket.apache.org > > -- Martin Grigorov jWeekend Training, Consulting, Development http://jWeekend.com - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org
Re: Configure http and https with apache and jboss
I have already tested html files containing http links and https links. I can navigate around these files including browser indicators saying the ssl cert is fine. For this I had to add DocumentRoot /var/www. The http part of the wicket website is working fine. I would like to try Jboss without Wicket but cannot think of a simple way of doing this. I have also tried changing an http page to https which loads fine (although the pages I have tried show some insecure elements to the page) So far the problem seems to lie around the HttpsRequestCycleProcessor class although the "fix" may lie elsewhere. -- View this message in context: http://apache-wicket.1842946.n4.nabble.com/Configure-http-and-https-with-apache-and-jboss-tp3633546p3634045.html Sent from the Users forum mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org
Re: Configure http and https with apache and jboss
If I had this problem to solve, I'd start off first by showing a html file in apache over https, and next step adding in wicket without https, and then joining them afterwards.. Asking both apache httpd forum and this one (as you've already done) If having problems.. As a last step, i'd write a nice little blog post telling other people how you solved it :) 2011/6/29 Vishal Popat : > I am trying to configure my web app to use http and https. I am using the > following code in my Application class: > protected IRequestCycleProcessor newRequestCycleProcessor() { > HttpsConfig config = new HttpsConfig(80, 443); > return new MyHttpsRequestCycleProcessor(config); > } > WebPages such as Login, MyAccount etc have the @RequireHttps annotation. > > I receive a 404 error when clicking on any page which have the @RequireHttps > A bit of debugging shows that the link its trying to access is > https://myserver.com/myapp/login. I am trying to have my web application not > have a context root i.e. the myapp should not be there. > > I have looked at various threads which have slightly different scenarios > without success. I have tried various other setup configs with different > results. > Any help would be appreciated. > > My setup is below: > Ubuntu 11.04 > Apache/2.2.17 (Unix) > JbossAS 6 > Wicket 1.4.15 > > I am using Apache as the front web server which I want to handle http and > https > I have the following within my httpd.conf: > > NameVirtualHost *:80 > > ServerName myserver.com:80 > > ProxyPass / http://myserver.com:8080/myapp/ > ProxyPassReverse / http://myserver.com:8080/myapp/ > > > NameVirtualHost *:443 > > ServerName myserver.com:443 > > SSLEngine On > SSLCertificateKeyFile /etc/ssl/private/server.key > SSLCertificateFile /etc/ssl/certs/server.crt > > ProxyPass / http://myserver.com:8080/myapp/ > ProxyPassReverse / http://myserver.com:8080/myapp/ > > > Regards > Vishal > - > To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org > For additional commands, e-mail: users-h...@wicket.apache.org > > - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org
Configure http and https with apache and jboss
I am trying to configure my web app to use http and https. I am using the following code in my Application class: protected IRequestCycleProcessor newRequestCycleProcessor() { HttpsConfig config = new HttpsConfig(80, 443); return new MyHttpsRequestCycleProcessor(config); } WebPages such as Login, MyAccount etc have the @RequireHttps annotation. I receive a 404 error when clicking on any page which have the @RequireHttps A bit of debugging shows that the link its trying to access is https://myserver.com/myapp/login. I am trying to have my web application not have a context root i.e. the myapp should not be there. I have looked at various threads which have slightly different scenarios without success. I have tried various other setup configs with different results. Any help would be appreciated. My setup is below: Ubuntu 11.04 Apache/2.2.17 (Unix) JbossAS 6 Wicket 1.4.15 I am using Apache as the front web server which I want to handle http and https I have the following within my httpd.conf: NameVirtualHost *:80 ServerName myserver.com:80 ProxyPass / http://myserver.com:8080/myapp/ ProxyPassReverse / http://myserver.com:8080/myapp/ NameVirtualHost *:443 ServerName myserver.com:443 SSLEngine On SSLCertificateKeyFile /etc/ssl/private/server.key SSLCertificateFile /etc/ssl/certs/server.crt ProxyPass / http://myserver.com:8080/myapp/ ProxyPassReverse / http://myserver.com:8080/myapp/ Regards Vishal - To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org