-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Assaf,
On 6/15/12 6:33 AM, Assaf Urieli wrote: > So, the addresses to test are: http://www.joli-ciel.com/test.jsp > http://www.moyshele.com/test.jsp http://178.79.152.69/test.jsp > http://176.58.107.88/test.jsp > > And exactly the same four, but with HTTPS: > https://www.joli-ciel.com/test.jsp > https://www.moyshele.com/test.jsp https://178.79.152.69/test.jsp > https://176.58.107.88/test.jsp > > Now, every single one of these gives the exact same values for > request.getLocalName() and request.getLocalAddr(). > request.getLocalName(): www.joli-ciel.com request.getLocalAddr(): > 178.79.152.69 And this is why, even when useIPVHosts=true, I always > get the HTTPS Connector corresponding to 178.79.152.69, which gives > the wrong SSL certificate for https://www.moyshele.com > Note (in case it's relevent) that /etc/iptables.conf is mapping > port 8080 to port 80 and port 8443 to port 443 - relevent portions > below: ************************************************ *nat > :PREROUTING ACCEPT [11:3512] :POSTROUTING ACCEPT [13:844] :OUTPUT > ACCEPT [13:844] -A PREROUTING -p tcp -m tcp --dport 443 -j REDIRECT > --to-ports 8443 -A PREROUTING -p tcp -m tcp --dport 80 -j REDIRECT > --to-ports 8080 -A OUTPUT -p tcp -m tcp --dport 443 -j REDIRECT > --to-ports 8443 -A OUTPUT -p tcp -m tcp --dport 80 -j REDIRECT > --to-ports 8080 COMMIT > ************************************************ You are routing *all* traffic destined to 8080/8443->80/443 without regard for the incoming interface. I'm not sure what iptables does with that -- it's possible that you are re-routing everything to the same interface which is why all your addresses look the same. - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk/fMzIACgkQ9CaO5/Lv0PAlsACgtKjLhHrCn009MPZLPXBdrvbq wWoAoLEvyGVqw0zLJ/jRbs1PywY6hDWR =JlkA -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org