Re: SSL/HTTPS forwarding under Apache + mod_jk + tomcat

Mon, 19 Oct 2009 09:16:57 -0700 

Hi,

I installed SSL on Apache and now HTTPS works fine over mod_jk.

But now I got SSL installed on all servers, apache and each Tomcat (JBoss)
as well, see excerpt from my server.xml files from Tomcat. If I remove
reference to SSL certificate from server.xml, HTTPS via apache (mod_jk)
doesn't. My apache and Tomcats are all on seperate machines.

Is this correct, what I have? that SSL need to be on Apache AND each
Tomcat???

I am concerned with this set up, thinking it may be doing SSL twice for each
request.


Tomcat's server.xml
-------------------
<Connector port="8080" address="${jboss.bind.address}" 
         maxSpareThreads="75"
         maxThreads="1000" 
         maxHttpHeaderSize="8192"
         emptySessionPath="true" 
         protocol="HTTP/1.1"
         enableLookups="false" 
         redirectPort="8443" 
         acceptCount="100"
         connectionTimeout="20000" 
         disableUploadTimeout="true"
         compression="on"/>

    <Connector  address="${jboss.bind.address}"

      SSLEnabled="true"
      protocol="HTTP/1.1"
      port="8443"
      enableLookups="false"
      disableUploadTimeout="true"
      scheme="https"
      secure="true"
      sslProtocol="TLS"
      acceptCount="100"
      maxProcessors="75"
      maxHttpHeaderSize="8192"
      maxThreads="1000"
      minSpareThreads="25"
      maxSpareThreads="75"
      debug="0"
      clientAuth="false"

      SSLPassword="xxxxxxxxxxx"
      SSLCertificateFile="X:/key/star_my_cert.crt"
      SSLCertificateKeyFile="X:/key/my_key.key"
      SSLCertificateChainFile="X:/key/digi.crt"

      minProcessors="5"
      compression="on"/>

    <Connector port="8009" address="${jboss.bind.address}"
protocol="AJP/1.3"
         emptySessionPath="true" 
         enableLookups="false" 
         redirectPort="8443"
         maxThreads="2000" 
         connectionTimeout="600000" 
         backlog="200" />


Apache Configs
---------------
httpd-ssl.conf
-------------
<VirtualHost admin.tisc.edu.au:443>

    ServerAdmin onlinead...@tisc.edu.au
    DocumentRoot "/docs/admin.tisc.edu.au"
    ServerName admin.tisc.edu.au
    ServerAlias admin.tisc.edu.au
        
    JkMountFile conf/uriworkermap.properties
                
    SSLEngine on
    SSLCertificateFile "C:/apache/key/star_cert.crt"
    SSLCertificateKeyFile "C:/apache/key/cert_key.key"
    SSLCertificateChainFile "C:/apache/key/chain_cert.crt"
                
</VirtualHost> 


-- 
View this message in context: 
http://www.nabble.com/SSL-HTTPS-forwarding-under-Apache-%2B-mod_jk-%2B-tomcat-tp17817647p25961156.html
Sent from the Tomcat - User mailing list archive at Nabble.com.


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Reply via email to