On 04.08.2010 21:50, Hansel, Jason T CTR SPAWARSYSCEN-ATLANTIC, 55E00 wrote:
I did read your post and I changed the Port Number.
"<Connector port="8009" protocol="AJP/1.3" redirectPort="8443" />
This connector should be used depending on your redirector config which we
haven't seen yet
Here is my workers.properties:
worker.list=worker1
worker.worker1.type=ajp13
worker.worker1.host=127.0.0.1
worker.worker1.port=8009
Here is my uriworkermap.properties:
/geoportal|/*=worker1
This didn't work, since the log snippet said it tried to use a worker
named "ajp13", not "worker1".
Regards,
Rainer
-----Original Message-----
From: Rainer Jung [mailto:rainer.j...@kippdata.de]
Sent: Wednesday, August 04, 2010 3:40 PM
To: Tomcat Users List
Subject: Re: Tomcat 6.0.18/ IIS 6.0 /SSL
On 04.08.2010 20:58, Hansel, Jason T CTR SPAWARSYSCEN-ATLANTIC, 55E00 wrote:
Jung,
I'm still getting the errors.
Why shouldn't you?
Did you actually read my post?
Which parts didn't you understand?
<Connector port="8080" protocol="Java HTTP" ----What protocol should I
use
here (do not want to expose)
connectionTimeout="20000"
redirectPort="80" />
This connector is *not* involved when using
Browser -> IIS/Redirector -> Tomcat
<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
-------------Does this look right?
maxThreads="150" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLSv1"
keystoreFile="C:\Program Files (x86)\Apache Software
Foundation\Tomcat 6.0\conf\cert.pfx"
keystorePass="password"
keystoreType="pkcs12" />
This one neither.
<Connector port="8009" protocol="AJP/1.3" redirectPort="8443" />
-----------------Is this where my actual authentication is taking place?
This connector should be used depending on your redirector config which we
haven't seen yet.
The error message you provided doesn't have to do with authentication.
Authentication problems might show up after you solved your worker
configuration problem. Until now your IIS doesn't even talk to Tomcat.
Regards,
Rainer
-----Original Message-----
From: Rainer Jung [mailto:rainer.j...@kippdata.de]
Sent: Wednesday, August 04, 2010 1:38 PM
To: Tomcat Users List
Subject: Re: Tomcat 6.0.18/ IIS 6.0 /SSL
On 04.08.2010 18:07, Hansel, Jason T CTR SPAWARSYSCEN-ATLANTIC, 55E00
wrote:
I am trying to get Tomcat and IIS configured on my secure web server
(SSL) so that I can access my deployed web application via https and
NOT over http. Connection to non-SSL works, but I cannot have that
connection due to security.
I want to run Tomcat through IIS, and I have configured it using the
isapi_redirect.dll (thanks to Electronjockey). However, when I try
and hit my https://site/geoportal<https://site/geoportal> my
credentials do not carry me through to the web application, instead I
receive "Internet Explorer Cannot Display Webpage". Can someone help
me out on how to configure my server.xml and interpretting my log files
please?
I have even tried to export my server certificate, and call it using
the keystore:"", still not working. I'm a Tomcat green horn, any help
would be awesome.
Isapi_redirect.log file: Looks like some sort of authentication is
being passed, then the ajp13 is not found?
[Wed Aug 04 11:51:15.901 2010] [10712:8360] [debug] jk_isapi_plugin.c
(3108): Service protocol=HTTP/1.1 method=GET host=150.125.174.70
addr=150.125.174.70 name=mywebsite port=443 auth=SSL/PCT
user=EIMS\john.doe uri=/jakarta/isapi_redirect.dll
[Wed Aug 04 11:51:15.916 2010] [10712:8360] [debug] jk_isapi_plugin.c
(3120): Service request headers=5 attributes=9 chunked=no
content-length=0 available=0
[Wed Aug 04 11:51:15.932 2010] [10712:8360] [debug] jk_worker.c (116):
did not find a worker ajp13
[Wed Aug 04 11:51:15.948 2010] [10712:8360] [debug] jk_isapi_plugin.c
(2162): could not get a worker for name ajp13 [Wed Aug 04
11:51:15.979 2010] [10712:8360] [error] jk_isapi_plugin.c
(2210): could not get a worker for name ajp13
Hard to tell without knowing the version of the isapi redirector, not
having your configuration. This looks like:
- it is trying to use a worker named ajp13 to connect to Tomcat. Lile
y you have configured the redirector to use this worker within your
uriworkermap.properties file
- the redirector doesn't know how to use this worker. Either you are
missing the workers.properties configuration file or there is no
definition for a worker named ajp13 in the file.
A good starting point for a workers.properties file is the example
file contained in the source distribution of version 1.2.30. Please do
also use this version of the redirector.
Note: from the point of view of Tomcat it doesn't really matter
whether you are talking http or https in the browser. This protocol is
only used between the browser and IIS. Between IIS and Tomcat when
using the isapi redirector the protocol is always AJP13 (it is just
coincidence, that this is the same name as the name of the worker in
your logs). The protocol is similar to HTTP but binary and it
transports the information whether the browser used http or https, so
Tomcat is aware of this. This protocol does not use the http or https
connectors in server.xml, only the AJP13 connector.
Here is the meat of my server.xml (pretty sure it's wrong):
<!-- A "Connector" represents an endpoint by which requests are
received and responses are returned. Documentation at :
Java HTTP Connector: /docs/config/http.html (blocking& non-blocking)
Java AJP Connector: /docs/config/ajp.html APR (HTTP/AJP) Connector:
/docs/apr.html Define a non-SSL HTTP/1.1 Connector on port 8080
-->
<Connector port="8080" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="80" />
<!-- A "Connector" using the shared thread pool-->
<Connector executor="tomcatThreadPool"
port="8009" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="443" />
<!-- Define a SSL HTTP/1.1 Connector on port 8443 This connector uses
the JSSE configuration, when using APR, the connector should be using
the OpenSSL style configuration described in the APR documentation
-->
<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLSv1"
keystoreFile="C:\Program Files (x86)\Apache Software
Foundation\Tomcat 6.0\conf\cert.pfx"
keystorePass="mypassword"
keystoreType="pkcs12" />
<!-- Define an AJP 1.3 Connector on port 8009 --> <Connector
port="8009" protocol="AJP/1.3" redirectPort="8443" />
Two connectors, both on port 8009, will not work. Use the latter one.
Regards,
Rainer
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
