Sorry, I made a couple of typos when I copied my stuff over and edited out my actual FQDN... I do have
<VirtualHost *:443> SSLEngine on SSLProxyEngine on SSLCertificateFile /path/to/server.crt SSLCertificateKeyFile /path/to/server.key ServerName my.webserver.com ProxyPass / https://my.webserver.com:8443/ ProxyPassReverse / https://my.webserver.com:8443/ </VirtualHost> which I think is what you are suggesting? J Java wrote: > --089e0160d0b63bc50904f3b99c68 > Content-Type: text/plain; charset=ISO-8859-1 > > Can you change and retry below lines : > ProxyPass / http://my.webserver.com:8443/ to ProxyPass > / https://my.webserver.com:8443/ <http://my.webserver.com:8443/> > ProxyPassReverse /app http://localhost:8443/ to ProxyPassReverse > /app https://localhost:8443/ <http://localhost:8443/> > > Thanks, > Shailesh > > > On Tue, Mar 4, 2014 at 1:44 AM, Jeff Haferman <j...@haferman.com> wrote: > >> >> The subject says it, I need help getting a secure reverse proxy to my >> tomcat server working. There is a lot of doc on the web, and it seems like >> I have everything configured properly, but I can't quite get the reverse >> proxy to work on the https side of things. >> >> Here is my config: >> Apache2.4.2 >> Ubuntu 12.04.2 LTS (GNU/Linux 3.2.0-24-generic x86_64) >> Tomcat 7.0.33 >> >> I simply want the reverse proxy to work so that https://my.webserver.comgets >> https://my.webserver.com:8443 (which is the secure tomcat server URL). >> I have the reverse proxy working so that http://my.webserver.comredirects >> the traffic on port 80 to the "normal" tomcat server on port >> 8080, and I also seem to have the secure tomcat server working because I >> can browse to https://my.webserver.com:8443 >> >> However when I bring up https://my.webserver.com, I get the contents of >> the Apache Root document at port 80. I'm using a self-signed cert. >> >> My httpd.conf file basically looks like (at least these are the important >> lines) >> >> Listen 80 >> ProxyRequests Off >> ProxyPreserveHost on >> <VirtualHost *:80> >> >> ServerName my.webserver.com >> ProxyPass / http://my.webserver.com:8080/ >> ProxyPassReverse /app http://localhost:8080/ >> >> </VirtualHost> >> <proxy http://my.webserver.com:8080/> >> AllowOverride None >> Order Deny,Allow >> Allow from all >> </proxy> >> >> Listen 443 >> <VirtualHost *:443> >> >> SSLEngine on >> SSLProxyEngine on >> SSLCertificateFile /path/to/server.crt >> SSLCertificateKeyFile /path/to/server.key >> ServerName my.webserver.com >> ProxyPass / http://my.webserver.com:8443/ >> ProxyPassReverse /app http://localhost:8443/ >> >> </VirtualHost> >> <proxy https://my.webserver.com:8443/> >> AllowOverride None >> Order Deny,Allow >> Allow from all >> </proxy> >> >> >> And my tomcat config (server.xml) connectors are defined like >> >> <Connector port="8080" >> protocol="org.apache.coyote.http11.Http11NioProtocol" >> maxHttpHeaderSize="8192" useBodyEncodingForURI="true" >> maxThreads="1000" minSpareThreads="25" maxSpareThreads="75" >> enableLookups="false" redirectPort="443" acceptCount="100" >> compression="on" compressionMinSize="2048" >> >> >> compressableMimeType="text/html,text/xml,text/javascript,text/css,text/plain" >> connectionTimeout="20000" disableUploadTimeout="true" >> URIEncoding="UTF-8"/> >> >> <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true" >> maxThreads="150" scheme="https" secure="false" >> proxyPort="443" proxyName="my.webserver.com" >> keystoreType= "PKCS12" >> keystoreFile="/path/to/server.p12" keystorePass="changeit" >> clientAuth="false" sslProtocol="TLSv1" /> >> >> >> I fire up tomcat and apache, I have debug loglevel set, and I don't see >> any real clues. The certificate files seem to be read fine and >> match my domain name. When I do the https://my.company.com/ request >> however, I see a debug line that says my client has obtained an HTTP >> connection to my.company.com. A few lines down, I see a line that says >> The timeout specified has expired: [client xxx.xxx.xxx.xxx:xxx] AH01991: >> SSL input filter read failed. >> >> But I also see the "timeout" messsage when I do a (successful) connection >> to https://my.company.com:8443 >> Currently no firewall rules set up, so nothing should be blocked. >> >> I'm not sure what to try at this point. The logfiles don't seem to any >> info that appears helpful. ANY suggestions would be appreciated. >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >> For additional commands, e-mail: users-h...@tomcat.apache.org >> >> > > --089e0160d0b63bc50904f3b99c68-- > --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org