Rainer, Do you have a suggestion? Do I need to change my worker.properties? Sorry, I'm new to Tomcat, I appreciate your help.
-----Original Message----- From: Rainer Jung [mailto:rainer.j...@kippdata.de] Sent: Wednesday, August 04, 2010 4:09 PM To: Tomcat Users List Subject: Re: Tomcat 6.0.18/ IIS 6.0 /SSL On 04.08.2010 21:50, Hansel, Jason T CTR SPAWARSYSCEN-ATLANTIC, 55E00 wrote: > I did read your post and I changed the Port Number. > > "<Connector port="8009" protocol="AJP/1.3" redirectPort="8443" /> This > connector should be used depending on your redirector config which we > haven't seen yet > > Here is my workers.properties: > > worker.list=worker1 > worker.worker1.type=ajp13 > worker.worker1.host=127.0.0.1 > worker.worker1.port=8009 > > Here is my uriworkermap.properties: > > /geoportal|/*=worker1 This didn't work, since the log snippet said it tried to use a worker named "ajp13", not "worker1". Regards, Rainer > -----Original Message----- > From: Rainer Jung [mailto:rainer.j...@kippdata.de] > Sent: Wednesday, August 04, 2010 3:40 PM > To: Tomcat Users List > Subject: Re: Tomcat 6.0.18/ IIS 6.0 /SSL > > On 04.08.2010 20:58, Hansel, Jason T CTR SPAWARSYSCEN-ATLANTIC, 55E00 wrote: >> Jung, >> I'm still getting the errors. > > Why shouldn't you? > Did you actually read my post? > Which parts didn't you understand? > >> <Connector port="8080" protocol="Java HTTP" ----What protocol should I > use >> here (do not want to expose) >> connectionTimeout="20000" >> redirectPort="80" /> > > This connector is *not* involved when using > > Browser -> IIS/Redirector -> Tomcat > >> <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true" >> -------------Does this look right? >> maxThreads="150" scheme="https" secure="true" >> clientAuth="false" sslProtocol="TLSv1" >> keystoreFile="C:\Program Files (x86)\Apache Software >> Foundation\Tomcat 6.0\conf\cert.pfx" >> keystorePass="password" >> keystoreType="pkcs12" /> > > This one neither. > >> <Connector port="8009" protocol="AJP/1.3" redirectPort="8443" /> >> -----------------Is this where my actual authentication is taking place? > This connector should be used depending on your redirector config > which we haven't seen yet. > > The error message you provided doesn't have to do with authentication. > Authentication problems might show up after you solved your worker > configuration problem. Until now your IIS doesn't even talk to Tomcat. > > Regards, > > Rainer > >> >> -----Original Message----- >> From: Rainer Jung [mailto:rainer.j...@kippdata.de] >> Sent: Wednesday, August 04, 2010 1:38 PM >> To: Tomcat Users List >> Subject: Re: Tomcat 6.0.18/ IIS 6.0 /SSL >> >> On 04.08.2010 18:07, Hansel, Jason T CTR SPAWARSYSCEN-ATLANTIC, 55E00 > wrote: >>> >>> >>> I am trying to get Tomcat and IIS configured on my secure web server >>> (SSL) so that I can access my deployed web application via https and >>> NOT over http. Connection to non-SSL works, but I cannot have that >>> connection due to security. >>> >>> I want to run Tomcat through IIS, and I have configured it using the >>> isapi_redirect.dll (thanks to Electronjockey). However, when I try >>> and hit my https://site/geoportal<https://site/geoportal> my >>> credentials do not carry me through to the web application, instead >>> I receive "Internet Explorer Cannot Display Webpage". Can someone >>> help me out on how to configure my server.xml and interpretting my >>> log files > please? >>> I have even tried to export my server certificate, and call it using >>> the keystore:"", still not working. I'm a Tomcat green horn, any >>> help would be awesome. >>> >>> Isapi_redirect.log file: Looks like some sort of authentication is >>> being passed, then the ajp13 is not found? >>> >>> [Wed Aug 04 11:51:15.901 2010] [10712:8360] [debug] >>> jk_isapi_plugin.c >>> (3108): Service protocol=HTTP/1.1 method=GET host=150.125.174.70 >>> addr=150.125.174.70 name=mywebsite port=443 auth=SSL/PCT >>> user=EIMS\john.doe uri=/jakarta/isapi_redirect.dll >>> >>> [Wed Aug 04 11:51:15.916 2010] [10712:8360] [debug] >>> jk_isapi_plugin.c >>> (3120): Service request headers=5 attributes=9 chunked=no >>> content-length=0 available=0 >>> >>> [Wed Aug 04 11:51:15.932 2010] [10712:8360] [debug] jk_worker.c (116): >>> did not find a worker ajp13 >>> [Wed Aug 04 11:51:15.948 2010] [10712:8360] [debug] >>> jk_isapi_plugin.c >>> (2162): could not get a worker for name ajp13 [Wed Aug 04 >>> 11:51:15.979 2010] [10712:8360] [error] jk_isapi_plugin.c >>> (2210): could not get a worker for name ajp13 >> >> Hard to tell without knowing the version of the isapi redirector, not >> having your configuration. This looks like: >> >> - it is trying to use a worker named ajp13 to connect to Tomcat. Lile >> y you have configured the redirector to use this worker within your >> uriworkermap.properties file >> >> - the redirector doesn't know how to use this worker. Either you are >> missing the workers.properties configuration file or there is no >> definition for a worker named ajp13 in the file. >> >> A good starting point for a workers.properties file is the example >> file contained in the source distribution of version 1.2.30. Please >> do also use this version of the redirector. >> >> Note: from the point of view of Tomcat it doesn't really matter >> whether you are talking http or https in the browser. This protocol >> is only used between the browser and IIS. Between IIS and Tomcat when >> using the isapi redirector the protocol is always AJP13 (it is just >> coincidence, that this is the same name as the name of the worker in >> your logs). The protocol is similar to HTTP but binary and it >> transports the information whether the browser used http or https, so >> Tomcat is aware of this. This protocol does not use the http or https > connectors in server.xml, only the AJP13 connector. >> >>> Here is the meat of my server.xml (pretty sure it's wrong): >>> >>> <!-- A "Connector" represents an endpoint by which requests are >>> received and responses are returned. Documentation at : >>> Java HTTP Connector: /docs/config/http.html (blocking& non-blocking) >>> Java AJP Connector: /docs/config/ajp.html APR (HTTP/AJP) Connector: >>> /docs/apr.html Define a non-SSL HTTP/1.1 Connector on port 8080 >>> --> >>> <Connector port="8080" protocol="HTTP/1.1" >>> connectionTimeout="20000" >>> redirectPort="80" /> >>> <!-- A "Connector" using the shared thread pool--> >>> >>> <Connector executor="tomcatThreadPool" >>> port="8009" protocol="HTTP/1.1" >>> connectionTimeout="20000" >>> redirectPort="443" /> >>> >>> <!-- Define a SSL HTTP/1.1 Connector on port 8443 This connector >>> uses the JSSE configuration, when using APR, the connector should be >>> using the OpenSSL style configuration described in the APR >>> documentation >>> --> >>> >>> <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true" >>> maxThreads="150" scheme="https" secure="true" >>> clientAuth="false" sslProtocol="TLSv1" >>> keystoreFile="C:\Program Files (x86)\Apache Software >>> Foundation\Tomcat 6.0\conf\cert.pfx" >>> keystorePass="mypassword" >>> keystoreType="pkcs12" /> >>> >>> <!-- Define an AJP 1.3 Connector on port 8009 --> <Connector >>> port="8009" protocol="AJP/1.3" redirectPort="8443" /> >> >> Two connectors, both on port 8009, will not work. Use the latter one. >> >> Regards, >> >> Rainer --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
smime.p7s
Description: S/MIME cryptographic signature