Jeff wrote:
> Can you post the changes you made to httpd-custom.conf? I'm trying to
> do the same thing with limited success. Thanks. . .
Sure (sorry for the delay, I was away).
I have two services set up on 443 (HTTPS): a wiki using Tomcat and VisualSVN
Server. They actually run on different machines, but so far I've only tested
the configuration below using one machine for both services.
-------- start httpd-custom.conf -----------
LoadModule proxy_module bin/mod_proxy.so
LoadModule proxy_ajp_module bin/mod_proxy_ajp.so
#
# Use name-based virtual hosting.
#
NameVirtualHost *:443
<VirtualHost *:443>
ServerName wiki.ourdomain.com
ServerAdmin webmas...@localhost
SSLEngine on
# Only work as a reverse proxy (important!)
ProxyRequests Off
ProxyPreserveHost On
ProxyPass / ajp://wiki.machine:8009/
ProxyPassReverse / ajp://wiki.machine:8009/
</VirtualHost>
<VirtualHost *:443>
ServerName svn.ourdomain.com
SSLEngine on
</VirtualHost>
-------- end httpd-custom.conf -----------
A couple of notes:
- I have VisualSVN Server configured for SSL on port 443.
- To get the AJP connector working you have to find a copy of mod_proxy_ajp.so
from the _same version_ of Apache that your instance of VisualSVN is using. I
just downloaded the same version dist. of Apache, installed it and grabbed
mod_proxy_ajp.so from there. Stick it in the "VisualSVN Server/bin" directory.
- You don't need to use the AJP connector and mod_proxy_ajp, instead you can
use:
LoadModule proxy_http_module bin/mod_proxy_http.so
(it's already delivered with VisualSVN Server), and for the wiki virtual host:
ProxyPass / http://wiki.machine[:port]
ProxyPassReverse / http://wiki.machine[:port]
I've just read that the AJP connector is supposed to be more efficient.
- the AJP connector is *not* SSL. Apache decrypts incoming requests, sends
plain-text to wiki.machine through AJP and then encrypts the responses going
out. So if both machines are on the internal network and ultra-security isn't
an issue, it'll work. Otherwise you'll need to play with "SSLProxyEngine on"
in the wiki virtual host, and proxy to https://wiki.machine (I haven't tried
this).
- I put the wiki virtual host before the SVN virtual host, since the first host
is the one used for all requests that don't match a ServerName. This way, the
wiki server can deal with those instead of hitting the SVN server (so random
users hitting the server IP won't even know the SVN server is there unless they
specifically use "svn.ourdomain.com").
I'm not exactly a SSL expert, nor an Apache one. I just pieced together what I
found all over the 'net and got something that works. If you (or someone else)
has any comments or pointers (or sees some glaring security problem I've
introduced) please do let me know.
Also let me know if it does/doesn't work for you, or if you came up with other
mods. Good luck!
Trevor
