Chris, On Wed, Oct 5, 2016 at 7:52 PM, Christopher Schultz < ch...@christopherschultz.net> wrote:
> -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA256 > > Ted, > > On 10/5/16 6:47 PM, Ted Spradley wrote: > > Chris, > > > > On Wed, Oct 5, 2016 at 5:14 PM, Christopher Schultz < > > ch...@christopherschultz.net> wrote: > > > > Ted, > > > > On 10/5/16 6:10 PM, Ted Spradley wrote: > >>>> Chris, > >>>> > >>>> Thanks for your response. > >>>> > >>>> On Wed, Oct 5, 2016 at 3:14 PM, Christopher Schultz < > >>>> ch...@christopherschultz.net> wrote: > >>>> > >>>> Ted, > >>>> > >>>> On 10/5/16 3:42 PM, TED SPRADLEY wrote: > >>>>>>> Tomcat 7.0.68 Apache 2.4.6 CentOS 7.2.1511 > >>>> > >>>> Thanks. > >>>> > >>>>>>> Problem: A Tomcat application at context "/mycontext" > >>>>>>> on port 8081 running through Apache proxy renders as > >>>>>>> expected when using http://example.com/mycontext but > >>>>>>> https://example.com/mycontext call renders "The > >>>>>>> requested URL /mycontext/ was not found on this > >>>>>>> server." > >>>>>>> > >>>>>>> Question: Do I have a Tomcat Connector configuration > >>>>>>> problem? Or an Apache proxy configuration problem? Or > >>>>>>> an Apache ssl.conf problem? > >>>>>>> > >>>>>>> Note: the CA issued certificate appears to be properly > >>>>>>> installed as evidence by the lock icon in the url bar > >>>>>>> displaying "Verified by Š " when doing a mouseover. > >>>>>>> > >>>>>>> Files: Httpd.conf - <VirtualHost *:80> ServerName > >>>>>>> www.example.com ServerAlias *.example.com ProxyRequests > >>>>>>> off ProxyPass /mycontext > >>>>>>> http://example.com:8081/mycontext ProxyPassReverse > >>>>>>> /mycontext http://example.com:8081/mycontext > >>>>>>> </VirtualHost> <VirtualHost *:443> ProxyRequests off > >>>>>>> ProxyPreserveHost on SSLEngine on SSLCertificateFile > >>>>>>> /path/to/certs/ca.crt SSLCertificateKeyFile > >>>>>>> /path/to/key/private/exampleDotCom.key ServerName > >>>>>>> www.example.com ServerAlias *.example.com ProxyPass > >>>>>>> /mycontext http://example.com:8081/mycontext > >>>>>>> ProxyPassReverse /mycontext > >>>>>>> http://example.com:8081/mycontext </VirtualHost> > >>>> > >>>> On first inspection, that looks correct. > >>>> > >>>>>>> Tomcat's server.xml Connector <Connector port="8081" > >>>>>>> protocol="HTTP/1.1" connectionTimeout="20000" > >>>>>>> proxyName="www.example.com" proxyPort="80" > >>>>>>> redirectPort="8443" xpoweredBy="false" server="Apache > >>>>>>> TomEE" /> > >>>> > >>>> That also looks correct. > >>>> > >>>> How have you deployed your actual application? > >>>> > >>>> > >>>>> Yes. It is deployed and responds as expected through the > >>>>> proxy when using http. > > > > Great. But *HOW* have you deployed your actual application? > > > > > >> Sorry, I missed the "How". I'm not sure what descriptors you are > >> asking for when you ask how. > > Auto-deployed WAR file/directory? WAR/dir deployed via manager > application? Explicit descriptor XML file placed in > CATALINA_HOME/conf/[service]/[host]/[app].xml? > > WAR/dir deployed via manager application? Yes Explicit descriptor XML file placed in CATALINA_HOME/conf/[service]/[ host]/[app].xml? Yes - with a caveat. The path is CATALINA_HOME/conf/[service]/[ host]/context.xml The only contents being one empty <Context> element with the docBase attribute defined <Context docBase="CATALINA_HOME/exampledotcomapps"> </Context> The CATALINA_HOME/exampledotcomapps directory contains three applications deployed using the manager application. 1. "http:example.com/mycontext" 2. "http:example.com/anotherContext" 3. "http:example.com/stillAnontherContext" All three applications are reached as expected through the proxy on port 80. The path CATALINA_HOME/exampledotcomapps matches the appBase attribute in the <Host> element for example.com in CATALINA_HOME/conf/server.xml I've since defined a separate Connector to listen for the redirect from Apache on port 8082 because I thought there was a possibility the proxyPort directive would need to be specifically port 443 instead of port 80. So now I have a Connector to receive the port 80 traffic and another for the port 443 traffic. I've tried it with and without the redirectPort attribute. Still no success. The Connectors appear in this order in server.xml <Connector port="8081" protocol="HTTP/1.1" connectionTimeout="20000" proxyName="www.example.com" proxyPort="80" redirectPort="8443" xpoweredBy="false" server="Apache TomEE" /> <Connector port="8082" protocol="HTTP/1.1" connectionTimeout="20000" proxyName="www.example.com" proxyPort="443" redirectPort="8443" xpoweredBy="false" server="Apache TomEE" /> Note: It is curious to me that when I enter https://example.com/ into a browser, Apache serves the page at /var/www/html/index.html which is in the document root defined in /etc/httpd/conf/httpd.conf with the directive DocumentRoot "/var/www/html" My expectation is that the call to https://example.com/ would be redirected with the pair ProxyPass / http://example.com:8082/ ProxyPassReverse / https://example.com:8082/ in the virtual host element for port 443. To refresh, the virtual host definitions are currently: <VirtualHost *:80> ServerName www.example.com ServerAlias *.example.com ProxyRequests off ProxyPreserveHost on ProxyPass / http://example.com:8081/ ProxyPassReverse / http://example.com:8081/ ProxyPass /mycontext http://example.com:8081/mycontext ProxyPassReverse /mycontext http://example.com:8081/mycontext ProxyPass /anotherContext http://example.com:8081/anotherContext ProxyPassReverse /anotherContext http://example.com:8081/anotherContext </VirtualHost> <VirtualHost *:443> ServerName www.example.com ServerAlias *.example.com <Proxy *> Order deny,allow Allow from all </Proxy> ProxyRequests off ProxyPreserveHost on CustomLog "/etc/httpd/logs/examplessl.log" "%h %l %u %t \"%r\" %>s %b" ErrorLog "/etc/httpd/logs/examplessl_error.log" SSLEngine on SSLProxyEngine on SSLCertificateFile /etc/pki/tls/certs/certfile.crt SSLCertificateKeyFile /etc/pki/tls/private/example.key ProxyRequests off ProxyPreserveHost on ProxyPass / http://example.com:8082/ ProxyPassReverse / https://example.com:8082/ ProxyPass /mycontext http://example.com:8082/mycontext ProxyPassReverse /mycontext http://example.com:8082/mycontext ProxyPass /anotherContext http://example.com:8082/anotherContext ProxyPassReverse /anotherContext http://example.com:8082/anotherContext </VirtualHost> Any other thoughts as to what I may not be seeing here? I think I've read the docs exhaustively. Your responses are much appreciated. Thank you, Ted S. - -chris > -----BEGIN PGP SIGNATURE----- > Comment: GPGTools - http://gpgtools.org > Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ > > iQIcBAEBCAAGBQJX9aA5AAoJEBzwKT+lPKRYoxAP/2KTSxTMFqtpm3gYOphW1B1N > Tx56YMCETDtihjLCtWuLQt0QSZ/u92Lbd+xg/aCM9SdkrQQkSby+h2oJuT2E5Dpb > LkWpeODS1xp93l0UO4eTp1RW46ToHZHlVABlYDkr27LPrIqYrtntyCLNPTr3N1Xo > ExBzvZxxM5C36uDVtnrrNxay/qKpq/sOJaW84yc161eXhrHvXh5wQF76hTGJswbs > OQapt+VCzDRcaQVeHpBXm6JvfSwFfjbflgpAcPen/Mwu1sgqeNicOKNd5kBnL2pJ > 7NOEyMIJnVMaZ9hdu/9HF4fVo307ix7n2yjm3JAMZcb3+2GRD3Zw8e6/+YIk7gRI > 8n8I8Q/zW8qEG9S5jqsX7Gb7wF2ZZUKc7xOOpGQy4Ctoa0RizFxipfQB77OhNzeu > 9txqUgks+AvjVV3aCEWMeyqhC9n8QPxws3Sc9A8MxQ4IqII9KWgsP3tQT2iqZukj > kXH1L5ELbe4CIFQBCxVS4BsvnFzGm96iz4DzkIRUnHGL0ipHXoWlQBXPjxFwudw2 > N7Ln+os14LZvnHFLSV1UDpEkB7pfWvIRAiRqavYx42gPpwXxx3MiImuevr+LDRbw > ublChOTt1yzsWNQIYspwGt8srDtBIW7rZZggqVmds9NmD+d3tLHoxfJ3bm7Cc9qA > lm7rwoaI3foiJ2Jnpn0D > =B1CN > -----END PGP SIGNATURE----- > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > >
