Hi All, I am trying to setup an Apache proxy in front of Spectrum Oneclick Tomcat using HTTPD's AJP protocol. I am using SSL and Sun web agent for authentication. User requests are sent to https://host_url.tld and the user is directed to the authentication portal. Once authenticated they are sent back to HTTPD on the server where the request is proxied using the AJP protocol on port 8009 for Tomcat. In my Apache logs I see the 302 redirect but the Tomcat server is not accepting the connections. My Spectrum/tomcat/conf/server.xml I have a connector accepting requests on 8009. I have tried several different combinations of configurations in the server.xml but none are working. It is my understanding that I would only need to edit my httpd/conf.d/ssl.conf and Spectrum/tomcat/conf/server.xml. Is there some other file that I need to edit. Does anyone have experience with a similar setup and would you mind sharing your configurations?
Thank you, Scotty ssl.conf ajp proxy lines -- # Tomcat Proxy ProxyRequests On <Proxy *> Order deny,allow Allow from all </Proxy> ProxyPass / ajp://localhost:8009/ ProxyPassReverse / ajp://localhost:8009/ <Location /> Order allow,deny Allow from all </Location> server.xml (current configuration with no redirect) -- <?xml version="1.0" encoding="UTF-8"?> <!-- Tomcat Server Configuration File --><Server port="8005" shutdown="SHUTDOWN"> <Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" /> <!-- Define the Tomcat Stand-Alone Service --> <Service name="Tomcat-Standalone"> <!-- Define an AJP 1.3 Connector on port 8009 --> <Connector port="8009" protocol="AJP/1.3" /> <!-- Define the top level container in our container hierarchy --> <Engine name="Catalina" defaultHost="localhost"> <!-- Define the host to run the web applications --> <Host name="localhost" appBase="webapps" unpackWARs="true" autoDeploy="false"> <!-- Access log processes all requests for this virtual host. By default, log files are created in the "logs" directory relative to $CATALINA_HOME. If you wish, you can specify a different directory with the "directory" attribute. Specify either a relative (to $CATALINA_HOME) or absolute path to the desired directory. This access log implementation is optimized for maximum performance, but is hardcoded to support only the "common" and "combined" patterns. --> <Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs" prefix="localhost_access_log." suffix=".txt" pattern="common" resolveHosts="false" /> </Host> </Engine> </Service> </Server> server.xml (with redirect to port 8443) -- <?xml version="1.0" encoding="UTF-8"?> <!-- Tomcat Server Configuration File --><Server port="8005" shutdown="SHUTDOWN"> <Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" /> <!-- Define the Tomcat Stand-Alone Service --> <Service name="Tomcat-Standalone"> <!-- Define an AJP 1.3 Connector on port 8009 --> <Connector port="8009" protocol="AJP/1.3" redirectPort="8443" /> <!-- Define a SSL Coyote HTTP/1.1 Connector on port 8443 --> <Connector address="127.0.0.1" port="8443" minProcessors="5" maxProcessors="75" enableLookups="true" disableUploadTimeout="true" acceptCount="100" debug="0" scheme="https" secure="true" SSLEnabled="true" clientAuth="false" sslProtocol="TLS" ciphers="SSL_RSA_WITH_RC4_128_MD5,SSL_RSA_WITH_RC4_128_SHA,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_DSS_WITH_AES_128_CBC_SHA,SSL_RSA_WITH_3DES_EDE_CBC_SHA,SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA,SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA" keystoreFile="/opt/Spectrum/custom/keystore/cacerts" keystorePass="changeit"> </Connector> <!-- Define the top level container in our container hierarchy --> <Engine name="Catalina" defaultHost="localhost"> <!-- Define the host to run the web applications --> <Host name="localhost" appBase="webapps" unpackWARs="true" autoDeploy="false"> <!-- Access log processes all requests for this virtual host. By default, log files are created in the "logs" directory relative to $CATALINA_HOME. If you wish, you can specify a different directory with the "directory" attribute. Specify either a relative (to $CATALINA_HOME) or absolute path to the desired directory. This access log implementation is optimized for maximum performance, but is hardcoded to support only the "common" and "combined" patterns. --> <Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs" prefix="localhost_access_log." suffix=".txt" pattern="common" resolveHosts="false" /> </Host> </Engine> </Service> </Server> --- To unsubscribe from spectrum, send email to [email protected] with the body: unsubscribe spectrum [email protected]
