Chris, I ultimately want to have a Tomcat application protected by our university's system for authentication, which is SiteMinder. They have told me that they can't protect Tomcat directly, but if user communications can be passed through a web server then they can protect the server with SiteMinder. I have a working Tomcat application if I uncomment the non-SSL HTTP/1.1 protocol in the Tomcat, but I believe I need all communication to pass through the Apache web server. Let me know if you need more information and, if so, what that would be.
Thanks, Mike -----Original Message----- From: Christopher Schultz [mailto:ch...@christopherschultz.net] Sent: Friday, April 29, 2016 9:14 PM To: Tomcat Users List <users@tomcat.apache.org> Subject: Re: Tomcat connector settings -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Michael, On 4/29/16 4:25 PM, Michael Fox wrote: > I have an Apache web server(2.4.6) which is accessible at http or > https at DNS_hostname, and a Tomcat server (9.0.0.M1)with an > application available at DNS_hostname:8080/app_name. > > I then disabled the non-SSL HTTP/1.1 connector on port 8080 and > enabled HTTP/2 in the Tomcat server.xml, using the certificate key > file and certificate where generated using the openssl (1.0.2g) > commands and used on the Apache web server. > > The Apache ssl.conf file is set to listen on port 8443 for https, and > the only virtual host is set for IP_address:8443 and servername set to > DNS_hostname > > In the file /etc/httpd/conf/workers.properties, > worker.worker1.host is set to DNS_hostname and worker.worker1.port is > set to 8443. > > Netstat -tamp shows httpd listening on port 8443 and java listening on > port 8009. > > Are these settings proper and correct? It doesn't look like it. > What should the URL look like in order to access the Tomcat > application via Apache? That depends upon what you are actually trying to do. > Any help and/or guidance would most appreciated. You have an HTTPS server listening on port 443 (httpd). You have mod_jk (workers.properties) configured to connect to host:8443 (which is the same host listening for HTTPS requests on port 8443) using AJP13 (not HTTP). So, if a client makes a call to host:8443, mod_jk will proxy the request through to host:8443. If the protocol were correct (it isn't), you'd have an infinite loop of request s. Can you explain what you are actually trying to do and maybe we can help ? - -chris -----BEGIN PGP SIGNATURE----- Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEARECAAYFAlckBuQACgkQ9CaO5/Lv0PCD7ACeK1EIVKHIImbX0XFqGgZrrnbe Ng8Ani4YEpoSQO5ySueAGuTg+UrdAAYP =3AaB -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
