Re: secure reverse proxy to my tomcat server HELP NEEDED

Tue, 04 Mar 2014 12:01:25 -0800 

Christopher Schultz wrote:
>
> Jeff,
>
> On 3/3/14, 6:25 PM, Jeff Haferman wrote:
>> What actually happens is that, just for https://my.webserver.com/,
>> I get served the pages that are at the apache root, *not* what is
>> being served by tomcat at port 8443.
>
> Ok. Let's take a look at your original configuration you posted:
>
>> <VirtualHost *:80>
>> 
>> ServerName my.webserver.com ProxyPass /
>> http://my.webserver.com:8080/ ProxyPassReverse /app
>> http://localhost:8080/
>> 
>> </VirtualHost>
>> 
>> <VirtualHost *:443>
>> 
>> SSLEngine on SSLProxyEngine on SSLCertificateFile
>> /path/to/server.crt SSLCertificateKeyFile /path/to/server.key 
>> ServerName my.webserver.com ProxyPass /
>> http://my.webserver.com:8443/ ProxyPassReverse /app
>> http://localhost:8443/
>> 
>> </VirtualHost>
>
> You also had <proxy> elements outside of the above. Those are
> configured differently than the ProxyPass/ProxyPassReverse you have
> above. What were those <proxy> elements supposed to do?
>
> Also, you are likely confusing yourself id you are using ProxyPass and
> ProxyPassReverse with different URL prefixes (/ vs /app). Why are you
> doing that?

Chris -
This came up in a previous response, when I edited my domain name in my 
posting, I actually fat-fingered a couple of things... the config looks like

Listen 80
ProxyRequests Off
ProxyPreserveHost on
<VirtualHost *:80>

    ServerName my.webserver.com
    ProxyPass / http://my.webserver.com:8080/
    ProxyPassReverse / http://localhost:8080/
  
</VirtualHost>
<proxy http://my.webserver.com:8080/>
    AllowOverride None
    Order Deny,Allow
    Allow from all
</proxy>

Listen 443
<VirtualHost *:443>

    SSLEngine on
    SSLProxyEngine on
    SSLCertificateFile /path/to/server.crt
    SSLCertificateKeyFile /path/to/server.key
    ServerName my.webserver.com
    ProxyPass / https://my.webserver.com:8443/
    ProxyPassReverse / https://localhost:8443/

</VirtualHost>
<proxy https://my.webserver.com:8443/>
    AllowOverride None
    Order Deny,Allow
    Allow from all
</proxy>

>
>> I do get the tomcat pages if I explicitly add the port, i.e.
>> https://my.webserver.com:8443/ So, the reverse proxy seems to be
>> broken for https only.
>
> Sounds plausible.
>
>> The reverse proxy works fine for http, i.e.
>> http://my.webserver.com/ gets the tomcat pages served at
>> http://my.webserver.com:8080/
>
> You don't have multiple interfaces (IP addresses) on this machine, do you?
>

No, I do not.

> - -chris

Jeff


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Reply via email to