Chris,

I ultimately want to have a Tomcat application protected  by our university's 
system for authentication, which is SiteMinder.  They have told me that they 
can't protect Tomcat directly, but if user communications can be passed through 
a web server then they can protect the server with SiteMinder.  I have a 
working Tomcat application if I uncomment the non-SSL HTTP/1.1 protocol in the 
Tomcat, but I believe I need all communication to pass through the Apache web 
server.  Let me know if you need more information and, if so, what that would 
be.

Thanks,
Mike

-----Original Message-----
From: Christopher Schultz [mailto:ch...@christopherschultz.net] 
Sent: Friday, April 29, 2016 9:14 PM
To: Tomcat Users List <users@tomcat.apache.org>
Subject: Re: Tomcat connector settings

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Michael,

On 4/29/16 4:25 PM, Michael Fox wrote:
> I have an Apache web server(2.4.6) which is accessible at http or 
> https at DNS_hostname, and a Tomcat server (9.0.0.M1)with an 
> application available at DNS_hostname:8080/app_name.
> 
> I then disabled the non-SSL HTTP/1.1 connector on port 8080 and 
> enabled HTTP/2 in the Tomcat server.xml, using the certificate key 
> file and certificate where generated using the openssl (1.0.2g) 
> commands and used on the Apache web server.
> 
> The Apache ssl.conf file is set to listen on port 8443 for https, and 
> the only virtual host is set for IP_address:8443 and servername set to 
> DNS_hostname
> 
> In the file /etc/httpd/conf/workers.properties,
> worker.worker1.host is set to DNS_hostname and worker.worker1.port is 
> set to 8443.
> 
> Netstat -tamp shows httpd listening on port 8443 and java listening on 
> port 8009.
> 
> Are these settings proper and correct?

It doesn't look like it.

> What should the URL look like in order to access the Tomcat 
> application via Apache?

That depends upon what you are actually trying to do.

> Any help and/or guidance would most appreciated.

You have an HTTPS server listening on port 443 (httpd).
You have mod_jk (workers.properties) configured to connect to
host:8443 (which is the same host listening for HTTPS requests on port
8443) using AJP13 (not HTTP). So, if a client makes a call to host:8443, mod_jk 
will proxy the request through to host:8443. If the protocol were correct (it 
isn't), you'd have an infinite loop of request s.

Can you explain what you are actually trying to do and maybe we can help ?

- -chris
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iEYEARECAAYFAlckBuQACgkQ9CaO5/Lv0PCD7ACeK1EIVKHIImbX0XFqGgZrrnbe
Ng8Ani4YEpoSQO5ySueAGuTg+UrdAAYP
=3AaB
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Reply via email to