Can you change and retry below lines : ProxyPass / http://my.webserver.com:8443/ to ProxyPass / https://my.webserver.com:8443/ <http://my.webserver.com:8443/> ProxyPassReverse /app http://localhost:8443/ to ProxyPassReverse /app https://localhost:8443/ <http://localhost:8443/>
Thanks, Shailesh On Tue, Mar 4, 2014 at 1:44 AM, Jeff Haferman <j...@haferman.com> wrote: > > The subject says it, I need help getting a secure reverse proxy to my > tomcat server working. There is a lot of doc on the web, and it seems like > I have everything configured properly, but I can't quite get the reverse > proxy to work on the https side of things. > > Here is my config: > Apache2.4.2 > Ubuntu 12.04.2 LTS (GNU/Linux 3.2.0-24-generic x86_64) > Tomcat 7.0.33 > > I simply want the reverse proxy to work so that https://my.webserver.comgets > https://my.webserver.com:8443 (which is the secure tomcat server URL). > I have the reverse proxy working so that http://my.webserver.comredirects the > traffic on port 80 to the "normal" tomcat server on port > 8080, and I also seem to have the secure tomcat server working because I > can browse to https://my.webserver.com:8443 > > However when I bring up https://my.webserver.com, I get the contents of > the Apache Root document at port 80. I'm using a self-signed cert. > > My httpd.conf file basically looks like (at least these are the important > lines) > > Listen 80 > ProxyRequests Off > ProxyPreserveHost on > <VirtualHost *:80> > > ServerName my.webserver.com > ProxyPass / http://my.webserver.com:8080/ > ProxyPassReverse /app http://localhost:8080/ > > </VirtualHost> > <proxy http://my.webserver.com:8080/> > AllowOverride None > Order Deny,Allow > Allow from all > </proxy> > > Listen 443 > <VirtualHost *:443> > > SSLEngine on > SSLProxyEngine on > SSLCertificateFile /path/to/server.crt > SSLCertificateKeyFile /path/to/server.key > ServerName my.webserver.com > ProxyPass / http://my.webserver.com:8443/ > ProxyPassReverse /app http://localhost:8443/ > > </VirtualHost> > <proxy https://my.webserver.com:8443/> > AllowOverride None > Order Deny,Allow > Allow from all > </proxy> > > > And my tomcat config (server.xml) connectors are defined like > > <Connector port="8080" > protocol="org.apache.coyote.http11.Http11NioProtocol" > maxHttpHeaderSize="8192" useBodyEncodingForURI="true" > maxThreads="1000" minSpareThreads="25" maxSpareThreads="75" > enableLookups="false" redirectPort="443" acceptCount="100" > compression="on" compressionMinSize="2048" > > compressableMimeType="text/html,text/xml,text/javascript,text/css,text/plain" > connectionTimeout="20000" disableUploadTimeout="true" > URIEncoding="UTF-8"/> > > <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true" > maxThreads="150" scheme="https" secure="false" > proxyPort="443" proxyName="my.webserver.com" > keystoreType= "PKCS12" > keystoreFile="/path/to/server.p12" keystorePass="changeit" > clientAuth="false" sslProtocol="TLSv1" /> > > > I fire up tomcat and apache, I have debug loglevel set, and I don't see > any real clues. The certificate files seem to be read fine and > match my domain name. When I do the https://my.company.com/ request > however, I see a debug line that says my client has obtained an HTTP > connection to my.company.com. A few lines down, I see a line that says > The timeout specified has expired: [client xxx.xxx.xxx.xxx:xxx] AH01991: > SSL input filter read failed. > > But I also see the "timeout" messsage when I do a (successful) connection > to https://my.company.com:8443 > Currently no firewall rules set up, so nothing should be blocked. > > I'm not sure what to try at this point. The logfiles don't seem to any > info that appears helpful. ANY suggestions would be appreciated. > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > >