Chris, Thanks for your response.
On Wed, Oct 5, 2016 at 3:14 PM, Christopher Schultz < ch...@christopherschultz.net> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA256 > > Ted, > > On 10/5/16 3:42 PM, TED SPRADLEY wrote: > > Tomcat 7.0.68 Apache 2.4.6 CentOS 7.2.1511 > > Thanks. > > > Problem: A Tomcat application at context "/mycontext" on port 8081 > > running through Apache proxy renders as expected when using > > http://example.com/mycontext but https://example.com/mycontext call > > renders "The requested URL /mycontext/ was not found on this > > server." > > > > Question: Do I have a Tomcat Connector configuration problem? Or an > > Apache proxy configuration problem? Or an Apache ssl.conf problem? > > > > Note: the CA issued certificate appears to be properly installed as > > evidence by the lock icon in the url bar displaying "Verified by Š > > " when doing a mouseover. > > > > Files: Httpd.conf - <VirtualHost *:80> ServerName www.example.com > > ServerAlias *.example.com ProxyRequests off ProxyPass > > /mycontext http://example.com:8081/mycontext ProxyPassReverse > > /mycontext http://example.com:8081/mycontext </VirtualHost> > > <VirtualHost *:443> ProxyRequests off ProxyPreserveHost on > > SSLEngine on SSLCertificateFile /path/to/certs/ca.crt > > SSLCertificateKeyFile /path/to/key/private/exampleDotCom.key > > ServerName www.example.com ServerAlias *.example.com ProxyPass > > /mycontext http://example.com:8081/mycontext ProxyPassReverse > > /mycontext http://example.com:8081/mycontext </VirtualHost> > > On first inspection, that looks correct. > > > Tomcat's server.xml Connector <Connector port="8081" > > protocol="HTTP/1.1" connectionTimeout="20000" > > proxyName="www.example.com" proxyPort="80" redirectPort="8443" > > xpoweredBy="false" server="Apache TomEE" /> > > That also looks correct. > > How have you deployed your actual application? > Yes. It is deployed and responds as expected through the proxy when using http. > > Ssl.conf - SSLEngine on > > > > SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5:!SEED:!IDEA > > > > SSLCertificateFile /path/to/certs/ca.crt > > > > SSLCertificateKeyFile /path/to/key/private/exampleDotCom.key > > > > SSLCACertificateFile /path/to/bundle/ca_bundle.crt > > Is ssl.conf actually included anywhere? > Yes. ssl.conf full path is /etc/httpd/conf.d/ssl.conf. >From httpd.conf # Load config files in the "/etc/httpd/conf.d" directory, if any. IncludeOptional conf.d/*.conf > You will probably also want to use the RemoteIPValve and possibly the > SSLValve as well. Have a look at Tomcat's proxy support valves here: > > https://tomcat.apache.org/tomcat-7.0-doc/config/valve.html#Proxies_Support > Thank you. I'll read the Proxies Support and implement. > > - -chris > -----BEGIN PGP SIGNATURE----- > Comment: GPGTools - http://gpgtools.org > Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ > > iQIcBAEBCAAGBQJX9V9AAAoJEBzwKT+lPKRYL4YP/0KGogACGY7Ul3K59sMky8mz > tKjFmBU+jLk6DgyvUv6wI5ZcCRLukZsN6vvDU2psiIpGruakQjLfDtiDyPKnBGb3 > G6jmvdfCNPfp9eWRMAKvI90tEvZ10g8/Qbzfp7XZ8tAOuoFSkxyoVYRrZMCoLUYq > UPCVsJQxhu5yFqzDzAz1AJN26b25Q2+F1W8GznCWz3pjmBjI44Y+y3FwlBVeayGZ > QaXp+VCzsKw4RRlUy8uO6KH63GgLvNWFZM3gYE85231Eu9RhtQREZNQG/geufnSD > 3fy6pSQ1GvP+o2giUEgS0ik3zYjzmomtGGpbDQH2wCMuXTMJbJBM4iQZnhZ6Wz1Z > oDY6BRHvq+sTiEyJ4Ln6sKFymKccg3XSkwZ5UWHR+WA9NabyyEb7Li3AFYkpsyjk > o93QgPNqbzVBEmbsQTlsb/pfPPc3KoeCDRm5SLtMmPn9zDWHg30q0MGYbz8U96r8 > cojk8k634UQ+B2q36IZpcZh6Ah295bU+I73JUh6T9RF1EcN8PgqOcH4cC7S10fV+ > fiFqdz8XmV372jiiY1jk2Ka6SdJiYUo/froCUHlaNIsThMZra+D6woK55PO0e1yF > 0HCAMEGAH+bwhJB5UgUj/4rHdcVHO32GRuH0jKpUauhfBh6/k385C58iw4ONsxyG > Iwa3OPXi7GUSCrWJ0lxr > =m3nm > -----END PGP SIGNATURE----- > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > >
