Re: secure reverse proxy to my tomcat server HELP NEEDED

Mon, 03 Mar 2014 12:50:27 -0800 

Sorry, I made a couple of typos when I copied my stuff over and edited out my 
actual FQDN... I do have

<VirtualHost *:443>

    SSLEngine on
    SSLProxyEngine on
    SSLCertificateFile /path/to/server.crt
    SSLCertificateKeyFile /path/to/server.key
    ServerName my.webserver.com
    ProxyPass / https://my.webserver.com:8443/
    ProxyPassReverse / https://my.webserver.com:8443/

</VirtualHost>

which I think is what you are suggesting?


J Java wrote:
> --089e0160d0b63bc50904f3b99c68
> Content-Type: text/plain; charset=ISO-8859-1
>
> Can you change and retry below lines :
> ProxyPass / http://my.webserver.com:8443/          to            ProxyPass
> / https://my.webserver.com:8443/ <http://my.webserver.com:8443/>
>     ProxyPassReverse /app http://localhost:8443/  to          ProxyPassReverse
> /app https://localhost:8443/ <http://localhost:8443/>
>
> Thanks,
> Shailesh
>
>
> On Tue, Mar 4, 2014 at 1:44 AM, Jeff Haferman <j...@haferman.com> wrote:
>
>>
>> The subject says it, I need help getting a secure reverse proxy to my
>> tomcat server working. There is a lot of doc on the web, and it seems like
>> I have everything configured properly, but I can't quite get the reverse
>> proxy to work on the https side of things.
>>
>> Here is my config:
>> Apache2.4.2
>> Ubuntu 12.04.2 LTS (GNU/Linux 3.2.0-24-generic x86_64)
>> Tomcat 7.0.33
>>
>> I simply want the reverse proxy to work so that https://my.webserver.comgets
>> https://my.webserver.com:8443 (which is the secure tomcat server URL).
>> I have the reverse proxy working so that http://my.webserver.comredirects 
>> the traffic on port 80 to the "normal" tomcat server on port
>> 8080, and I also seem to have the secure tomcat server working because I
>> can browse to https://my.webserver.com:8443
>>
>> However when I bring up https://my.webserver.com, I get the contents of
>> the Apache Root document at port 80. I'm using a self-signed cert.
>>
>> My httpd.conf file basically looks like (at least these are the important
>> lines)
>>
>> Listen 80
>> ProxyRequests Off
>> ProxyPreserveHost on
>> <VirtualHost *:80>
>>
>>     ServerName my.webserver.com
>>     ProxyPass / http://my.webserver.com:8080/
>>     ProxyPassReverse /app http://localhost:8080/
>>
>> </VirtualHost>
>> <proxy http://my.webserver.com:8080/>
>>     AllowOverride None
>>     Order Deny,Allow
>>     Allow from all
>> </proxy>
>>
>> Listen 443
>> <VirtualHost *:443>
>>
>>     SSLEngine on
>>     SSLProxyEngine on
>>     SSLCertificateFile /path/to/server.crt
>>     SSLCertificateKeyFile /path/to/server.key
>>     ServerName my.webserver.com
>>     ProxyPass / http://my.webserver.com:8443/
>>     ProxyPassReverse /app http://localhost:8443/
>>
>> </VirtualHost>
>> <proxy https://my.webserver.com:8443/>
>>     AllowOverride None
>>     Order Deny,Allow
>>     Allow from all
>> </proxy>
>>
>>
>> And my tomcat config (server.xml) connectors are defined like
>>
>>     <Connector port="8080"
>> protocol="org.apache.coyote.http11.Http11NioProtocol"
>> maxHttpHeaderSize="8192" useBodyEncodingForURI="true"
>>                maxThreads="1000" minSpareThreads="25" maxSpareThreads="75"
>>                enableLookups="false" redirectPort="443" acceptCount="100"
>>                compression="on" compressionMinSize="2048"
>>
>>  
>> compressableMimeType="text/html,text/xml,text/javascript,text/css,text/plain"
>>                connectionTimeout="20000" disableUploadTimeout="true"
>> URIEncoding="UTF-8"/>
>>
>>     <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
>>                maxThreads="150" scheme="https" secure="false"
>> proxyPort="443" proxyName="my.webserver.com"
>>                keystoreType= "PKCS12"
>>                keystoreFile="/path/to/server.p12" keystorePass="changeit"
>>                clientAuth="false" sslProtocol="TLSv1" />
>>
>>
>> I fire up tomcat and apache, I have debug loglevel set, and I don't see
>> any real clues. The certificate files seem to be read fine and
>> match my domain name. When I do the https://my.company.com/ request
>> however, I see a debug line that says my client has obtained an HTTP
>> connection to my.company.com. A few lines down, I see a line that says
>> The timeout specified has expired: [client xxx.xxx.xxx.xxx:xxx] AH01991:
>> SSL input filter read failed.
>>
>> But I also see the "timeout" messsage when I do a (successful) connection
>> to https://my.company.com:8443
>> Currently no firewall rules set up, so nothing should be blocked.
>>
>> I'm not sure what to try at this point. The logfiles don't seem to any
>> info that appears helpful. ANY suggestions would be appreciated.
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
>> For additional commands, e-mail: users-h...@tomcat.apache.org
>>
>>
>
> --089e0160d0b63bc50904f3b99c68--
>


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Reply via email to