Sorry, I made a couple of typos when I copied my stuff over and edited out my
actual FQDN... I do have
<VirtualHost *:443>
SSLEngine on
SSLProxyEngine on
SSLCertificateFile /path/to/server.crt
SSLCertificateKeyFile /path/to/server.key
ServerName my.webserver.com
ProxyPass / https://my.webserver.com:8443/
ProxyPassReverse / https://my.webserver.com:8443/
</VirtualHost>
which I think is what you are suggesting?
J Java wrote:
> --089e0160d0b63bc50904f3b99c68
> Content-Type: text/plain; charset=ISO-8859-1
>
> Can you change and retry below lines :
> ProxyPass / http://my.webserver.com:8443/ to ProxyPass
> / https://my.webserver.com:8443/ <http://my.webserver.com:8443/>
> ProxyPassReverse /app http://localhost:8443/ to ProxyPassReverse
> /app https://localhost:8443/ <http://localhost:8443/>
>
> Thanks,
> Shailesh
>
>
> On Tue, Mar 4, 2014 at 1:44 AM, Jeff Haferman <[email protected]> wrote:
>
>>
>> The subject says it, I need help getting a secure reverse proxy to my
>> tomcat server working. There is a lot of doc on the web, and it seems like
>> I have everything configured properly, but I can't quite get the reverse
>> proxy to work on the https side of things.
>>
>> Here is my config:
>> Apache2.4.2
>> Ubuntu 12.04.2 LTS (GNU/Linux 3.2.0-24-generic x86_64)
>> Tomcat 7.0.33
>>
>> I simply want the reverse proxy to work so that https://my.webserver.comgets
>> https://my.webserver.com:8443 (which is the secure tomcat server URL).
>> I have the reverse proxy working so that http://my.webserver.comredirects
>> the traffic on port 80 to the "normal" tomcat server on port
>> 8080, and I also seem to have the secure tomcat server working because I
>> can browse to https://my.webserver.com:8443
>>
>> However when I bring up https://my.webserver.com, I get the contents of
>> the Apache Root document at port 80. I'm using a self-signed cert.
>>
>> My httpd.conf file basically looks like (at least these are the important
>> lines)
>>
>> Listen 80
>> ProxyRequests Off
>> ProxyPreserveHost on
>> <VirtualHost *:80>
>>
>> ServerName my.webserver.com
>> ProxyPass / http://my.webserver.com:8080/
>> ProxyPassReverse /app http://localhost:8080/
>>
>> </VirtualHost>
>> <proxy http://my.webserver.com:8080/>
>> AllowOverride None
>> Order Deny,Allow
>> Allow from all
>> </proxy>
>>
>> Listen 443
>> <VirtualHost *:443>
>>
>> SSLEngine on
>> SSLProxyEngine on
>> SSLCertificateFile /path/to/server.crt
>> SSLCertificateKeyFile /path/to/server.key
>> ServerName my.webserver.com
>> ProxyPass / http://my.webserver.com:8443/
>> ProxyPassReverse /app http://localhost:8443/
>>
>> </VirtualHost>
>> <proxy https://my.webserver.com:8443/>
>> AllowOverride None
>> Order Deny,Allow
>> Allow from all
>> </proxy>
>>
>>
>> And my tomcat config (server.xml) connectors are defined like
>>
>> <Connector port="8080"
>> protocol="org.apache.coyote.http11.Http11NioProtocol"
>> maxHttpHeaderSize="8192" useBodyEncodingForURI="true"
>> maxThreads="1000" minSpareThreads="25" maxSpareThreads="75"
>> enableLookups="false" redirectPort="443" acceptCount="100"
>> compression="on" compressionMinSize="2048"
>>
>>
>> compressableMimeType="text/html,text/xml,text/javascript,text/css,text/plain"
>> connectionTimeout="20000" disableUploadTimeout="true"
>> URIEncoding="UTF-8"/>
>>
>> <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
>> maxThreads="150" scheme="https" secure="false"
>> proxyPort="443" proxyName="my.webserver.com"
>> keystoreType= "PKCS12"
>> keystoreFile="/path/to/server.p12" keystorePass="changeit"
>> clientAuth="false" sslProtocol="TLSv1" />
>>
>>
>> I fire up tomcat and apache, I have debug loglevel set, and I don't see
>> any real clues. The certificate files seem to be read fine and
>> match my domain name. When I do the https://my.company.com/ request
>> however, I see a debug line that says my client has obtained an HTTP
>> connection to my.company.com. A few lines down, I see a line that says
>> The timeout specified has expired: [client xxx.xxx.xxx.xxx:xxx] AH01991:
>> SSL input filter read failed.
>>
>> But I also see the "timeout" messsage when I do a (successful) connection
>> to https://my.company.com:8443
>> Currently no firewall rules set up, so nothing should be blocked.
>>
>> I'm not sure what to try at this point. The logfiles don't seem to any
>> info that appears helpful. ANY suggestions would be appreciated.
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: [email protected]
>> For additional commands, e-mail: [email protected]
>>
>>
>
> --089e0160d0b63bc50904f3b99c68--
>
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
