Chris and Hassan, I removed the secure and scheme options to no avail; still seeing the same behavior. Since the waters are getting a bit muddy, let me back up and say what my goals are and maybe someone can suggest a change in direction. Let me apologize in advance for the length of this message, but I did not want to omit any detail that might shed light on the problem.
I have a J2EE (Struts) Application running in Tomcat. I want to use Apache HTTPD to provide the HTTPS connections and simply proxy all requests to the Tomcat container. I want to use Tomcat only as a J2EE container. I have not even configured SSL on Tomcat nor do I really want to. I have set up SSL in Apache HTTPD and I can see convincing evidence in the log files that Apache is accepting connections on port 443 and attempting to handle them. Another constraint is that I want the web site to be accessible by just its hostname and domain (e.g. https://www.resourcepoint.org) and I don't want to require a servlet context path to be typed as part of the URL every time one accesses the site. This is why I created the virtual host on Apache. However, I found that I had problems if I deployed my application in Tomcat using other than the ROOT context. The Struts tags I am using all throughout my application embed the servlet context path in all of the URL's generated by those tags. This means that a request for http://www.resourcepoint.org/somefile.jsp after being forwarded to my Tomcat application (deployed to /resourcepoint for example) would return a page with embedded URL's that look like http://www.resourcepoint.org/resourcepoint/someotherfile.jsp So the context (which I don't want visible to the end users) has 'escaped' into the browser world. I found that this was not a problem if I made my application appear in the ROOT context for the server, but didn't want to remove the standard ROOT applications (manager, etc.) for the local host. Therefore, I decided to have a second virtual host on the Tomcat side. I configured it all as described above initially using just HTTP because we were only in testing. Everything worked just fine. I only ran into problems when I configured the additional virtual host on Apache for SSL. Although Apache shows clearly in its log files that it has accepted my HTTPS request AND although I can also see clearly in the Tomcat log files that it has accepted a request on port 8009, the next thing I see in the Tomcat logs is a redirect to the equivalent http: URL. I do not believe the redirect is coming from my application because I see no evidence it gets far enough for any of my application code to even execute. The default page for the application is index.jsp and the redirect I see in the Tomcat logs is for this page, not any of the pages it might forward to. One of my next tests is going to be to replace this JSP with a vanilla HTML file to eliminate for certain the possibility that my application is doing this unwanted redirect, but I'm reasonably confident that it isn't. My experimenting with proxyName, proxyPort, scheme, and secure on the AJP connector were just that: experimentation. I tried almost every combination including having none of them configured and I got the same result with all the ones I tried. According to my interpretation of the documentation, these attributes don't do much other than cause Tomcat to return the specified values for the host, port, scheme, and secure attributes when you call the corresponding Tomcat API calls (e.g. Request.isSecure(), Request.getPort(), etc.) so it is not surprising in retrospect that changing them hasn't altered the behavior. Finally, I should mention that I have another application deployed on this same platform (Apache SSL with Tomcat behind) that works perfectly. The only difference is that in this other application there is no virtual host on the Tomcat side; the Apache virtual host sends all requests to the default host using the servlet context path of the application. If you've made it this far, thank you for your attention and any help you can provide will be most appreciated. Bill Bailey Senior Developer / DBA Northland, A Church Distributed -----Original Message----- From: Hassan Schroeder [mailto:[EMAIL PROTECTED] Sent: Monday, February 05, 2007 1:26 PM To: Tomcat Users List Subject: Re: AJP Connector - Problems Proxying HTTPS Connections On 2/5/07, Bill Bailey <[EMAIL PROTECTED]> wrote: > ServerName www.resourcepoint.org:80 > ServerAlias www.resourcepoint.org:80 again, the port # doesn't belong there, and there's no sense to defining a ServerAlias the same as the ServerName > # Note that this approach with single argument > # nested in a Location element works just fine > ProxyPass ajp://127.0.0.1:8010/ > ProxyPassReverse ajp://127.0.0.1:8010/ Personally I prefer to follow the documentation, even when something "seems to work" otherwise... :-) > <Connector port="8009" > address="127.0.0.1" > enableLookups="false" > protocol="AJP/1.3" > secure="true" > scheme="https" > proxyName="www.resourcepoint.org" > proxyPort="443" /> +1 on Christopher's comment -- AJP doesn't do https; I would remove that from this connector and see what happens. FWIW, -- Hassan Schroeder ------------------------ [EMAIL PROTECTED] --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
