The subject says it, I need help getting a secure reverse proxy to my tomcat server working. There is a lot of doc on the web, and it seems like I have everything configured properly, but I can't quite get the reverse proxy to work on the https side of things.
Here is my config: Apache2.4.2 Ubuntu 12.04.2 LTS (GNU/Linux 3.2.0-24-generic x86_64) Tomcat 7.0.33 I simply want the reverse proxy to work so that https://my.webserver.com gets https://my.webserver.com:8443 (which is the secure tomcat server URL). I have the reverse proxy working so that http://my.webserver.com redirects the traffic on port 80 to the "normal" tomcat server on port 8080, and I also seem to have the secure tomcat server working because I can browse to https://my.webserver.com:8443 However when I bring up https://my.webserver.com, I get the contents of the Apache Root document at port 80. I'm using a self-signed cert. My httpd.conf file basically looks like (at least these are the important lines) Listen 80 ProxyRequests Off ProxyPreserveHost on <VirtualHost *:80> ServerName my.webserver.com ProxyPass / http://my.webserver.com:8080/ ProxyPassReverse /app http://localhost:8080/ </VirtualHost> <proxy http://my.webserver.com:8080/> AllowOverride None Order Deny,Allow Allow from all </proxy> Listen 443 <VirtualHost *:443> SSLEngine on SSLProxyEngine on SSLCertificateFile /path/to/server.crt SSLCertificateKeyFile /path/to/server.key ServerName my.webserver.com ProxyPass / http://my.webserver.com:8443/ ProxyPassReverse /app http://localhost:8443/ </VirtualHost> <proxy https://my.webserver.com:8443/> AllowOverride None Order Deny,Allow Allow from all </proxy> And my tomcat config (server.xml) connectors are defined like <Connector port="8080" protocol="org.apache.coyote.http11.Http11NioProtocol" maxHttpHeaderSize="8192" useBodyEncodingForURI="true" maxThreads="1000" minSpareThreads="25" maxSpareThreads="75" enableLookups="false" redirectPort="443" acceptCount="100" compression="on" compressionMinSize="2048" compressableMimeType="text/html,text/xml,text/javascript,text/css,text/plain" connectionTimeout="20000" disableUploadTimeout="true" URIEncoding="UTF-8"/> <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true" maxThreads="150" scheme="https" secure="false" proxyPort="443" proxyName="my.webserver.com" keystoreType= "PKCS12" keystoreFile="/path/to/server.p12" keystorePass="changeit" clientAuth="false" sslProtocol="TLSv1" /> I fire up tomcat and apache, I have debug loglevel set, and I don't see any real clues. The certificate files seem to be read fine and match my domain name. When I do the https://my.company.com/ request however, I see a debug line that says my client has obtained an HTTP connection to my.company.com. A few lines down, I see a line that says The timeout specified has expired: [client xxx.xxx.xxx.xxx:xxx] AH01991: SSL input filter read failed. But I also see the "timeout" messsage when I do a (successful) connection to https://my.company.com:8443 Currently no firewall rules set up, so nothing should be blocked. I'm not sure what to try at this point. The logfiles don't seem to any info that appears helpful. ANY suggestions would be appreciated. --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
