Chris, Thanks for all your patience and help! It's working.
Regards, Mike -----Original Message----- From: Christopher Schultz [mailto:ch...@christopherschultz.net] Sent: Thursday, May 5, 2016 4:50 PM To: Tomcat Users List <users@tomcat.apache.org> Subject: Re: Tomcat connector settings -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Michael, On 5/5/16 3:28 PM, Michael Fox wrote: > Please confirm that to configure the passthrough with an external > HTTPS and an internal HTTP, I would set Apache to listen to SSL on > port 8443 and Tomcat on port 8080, with a line inside the Virtual Host > directive of > > ProxyPass /myapp http://DNS_hostname:8080/myapp ProxyPassReverse > /myapp http://DNS_hostname:8080/myapp If DNS_hostname is the hostname of your Tomcat server, then yes, this is correct. If the web server and Tomcat are on the same host, then you can use "localhost" which should speed things up. I'm guessing that the powers-that-be are using the web server elsewhere, so they'll have to use the IP address (or hostname) of wherever Tomcat is running in the URLs above. Note that there is no requirement to use port 8080 -- you can use anything you'd like -- but 8080 is somewhat traditional and also happens to be the default configuration shipped with Tomcat. > In the Tomcat server.xml file, inside the Host directive, I will place > <Valve className="org.apache.catalina.valves.RemoteIpValve" > /> Good. > In the file /etc/httpd/conf/workers.properties, > worker.worker1.host should be set to DNS_hostname and > worker.worker1.port is set to 8080. Nope. You don't need a workers.properties file at all. That's for us you want to use mod_jk and the AJP13 protocol as a proxying protocol. Since you are using HTTP, you don't need any of that stuff. (At worst, it will be confusing, since Tomcat will be listening on :8080 for HTTP connections, not AJP13 connections.) > With this setup, the URL for accessing the Tomcat application via the > Apache server would be https://DNS_hostname/myapp If Tomcat is on DNS_hostname, then this is probably wrong. If DNS_hostname points to the host where the reverse-proxy (web server) is, then you are correct. Here's the ASCII-art picture: Client --- HTTPS:443 ---> web server --- HTTP:8080 --> Tomcat If you wanted to use AJP13 with mod_jk (or mod_proxy_ajp), it would look like this: Client --- HTTPS:443 ---> web server --- AJP13:8009 --> Tomcat (8009 is the default port setting for AJP13 in a Tomcat configuration.) - From the client perspective, the URL should be https://publichostname/myapp. From the web server's perspective, the URL should be http://tomcat.internal.hostname:8080/myapp Hope that helps, - -chris -----BEGIN PGP SIGNATURE----- Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEARECAAYFAlcrsg8ACgkQ9CaO5/Lv0PBXzQCfaL/Dy/GqKA/7t0WSex8ZzPb8 iaAAn2TwoF3N89NHiEQEimZ+VjDA4Y4+ =DMoV -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org