Configure Apache SSL and then redirect to Tomcat with mod_jk

apache tomcat ssl mod-jk
33,139

Solution 1

I found the solution, so my Apache and Tomcat work fine... I' going to summarize the steps to solve the problem:

Considering, you have mydomain certificate (signed by GoDaddy) correctly installed and stored within Apple KeyChain of my Mac Server.

  1. Open KeyChain App (with root), expand mydomain certificate label, so you see the private key too.
  2. Save both with p12 extension, then generate .pem file from .p12

  3. Private Key:

    umask 0077
  openssl pkcs12 -in pkfilename.p12 -nocerts -nodes -out filename-key.pem
umask 0022

  4. Certificate:

    openssl pkcs12 -in certfilename.p12 -clcerts -nokeys -out filename-cert.pem

  5. Copy filename-key.pem and filename-cert.pem within /etc/apache2/ directory

  6. Considering you have the same httpd.conf configuration showed above, you just need to add 2 more VirtualHost for 443 (https port) connection.

  7. Anyway, add 1 VirtualHost for each ServerName you wish to secure, for instance I just want to secure mydomain.com incoming connection:

    <VirtualHost _default_:443>
    DocumentRoot "/Library/ApacheTomcat/apache-tomcat-6.0.33/webapps/MyServerAppName"
    ServerName mydomain.com
    ErrorLog "/private/var/log/apache2/https_mydomain.com-error_log"
    CustomLog "/private/var/log/apache2/https_mydomain.com-access_log" common
    SSLEngine On
    SSLCertificateFile /etc/apache2/filename-cert.pem
    SSLCertificateKeyFile /etc/apache2/filename-key.pem
    JkMountCopy On
    JkMount /* ajp13
</VirtualHost>

  8. Add Listen 443 in httpd.conf file, just add this line under Listen 80 you find at beginning of it.

You now can surf both http:// mydomain.com and https:// mydomain.com. In case of error you can read the log files within /var/log/apache2/.

Special thanks to Bruno user, how help me on creating privatekey and certificate file (step 3 and 4).

I hope this guideline can help you configuring Apache and Tomcat on mod_jk for Secure SSL connections.

Solution 2

You've configured mod_jk in your virtual hosts for plain HTTP requests (VirtualHost *:80). You need to configure these Jk* options in the HTTPS virtual hosts too (VirtualHost *:443), where you have configured your SSL settings.

Share:
33,139
piojo
Author by

piojo

Updated on August 08, 2020

Comments

  • piojo
    piojo over 3 years

    I'm trying to configure my home server to accept SSL Connection on port 443.

    I've www.mydomain.com domain, I've just linked Apache2 and Tomcat, using mod_jk, now I wish to accept also https request from the web.

    This is my configuration:

    httpd.conf

    <IfModule mod_jk.c>
    JKWorkersFile /etc/apache2/workers.properties
    JkShmFile /var/log/apache2/mod_jk.shm
    JKLogFile /var/log/apache2/mod_jk.log
    JkLogLevel debug
    JkLogStampFormat "[%a %b %d %H:%M:%S %Y] "
</IfModule>


<VirtualHost *:80>
    DocumentRoot "/Library/ApacheTomcat/apache-tomcat-6.0.33/webapps/MyTomcatAppName"
    ServerName www.mydomain.com
    ErrorLog "/private/var/log/apache2/www.mydomain.com-error_log"
    CustomLog "/private/var/log/apache2/www.mydomain.com-access_log" common
    JkMountCopy On
    JkMount /* ajp13
</VirtualHost>


<VirtualHost *:80>
    DocumentRoot "/Library/ApacheTomcat/apache-tomcat-6.0.33/webapps/MyTomcatAppName"
    ServerName mydomain.com
    ErrorLog "/private/var/log/apache2/mydomain.com-error_log"
    CustomLog "/private/var/log/apache2/mydomaino.com-access_log" common
    JkMountCopy On
    JkMount /* ajp13
</VirtualHost>

    Then this is my Worker.properties file:

    worker.list=ajp13

worker.ajp13.type=ajp13
worker.ajp13.host=localhost
worker.ajp13.port=8009

    This is my server.xml:

        <Host name="localhost"  appBase="/Library/ApacheTomcat/apache-tomcat-6.0.33/webapps"
        unpackWARs="true" autoDeploy="true"
        xmlValidation="false" xmlNamespaceAware="false">
      <Context path="" docBase="/Library/ApacheTomcat/apache-tomcat-6.0.33/webapps/MyTomcatAppName" />

    With this configuration I correctly surf MyTomcatAppName when I visit http:// www.mydomain.com or http:// domain.com... My issue now is to visit the same website using an https connection, so https:// www.mydomain.com or https:// domain.com. I also have a GoDaddy certificate installed on my Mac Mini Server (Lion osx), so if I type https:// www.mydomain.com (or https:// domain.com) the browser correctly inform me about the presence of a certificate for "mydomain.com", but it also says:

    Forbidden

You don't have permission to access / on this server.
Apache/2.2.20 (Unix) mod_ssl/2.2.20 OpenSSL/0.9.8r DAV/2 mod_jk/1.2.30 Server at mydomain.com Port 443

    I'm sure this is because I missed something in Virtual Host tag.... So how can I fix it?

  • Bruno
    Bruno over 12 years
    If, when you go to https://www.mydomain.com/, you get an HTTP response (forbidden), HTTPS is already working, so you must somehow have configured the SSL* options somewhere. Try to set the virtual host where they are (or create one with VirtualHost *:443 if it doesn't already exist) and put the Jk* options there.
  • piojo
    piojo over 12 years
    I forgot to add Certificate and Private Key within VirtualHost, you help me creating them on other post, so now I've summarized the steps in my Answer... Thank you so much...
  • Naved
    Naved over 10 years
    I am also facing the same problem, after this setting too, it was not solved. I have added my question as stackoverflow.com/questions/21308928/…

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

"You must specify a valid --with-apxs path" when building mod_jk on ubuntu
Removing Tomcat context from URLs for a virtual host (mod_jk, mod_rewrite)
Application successfully deployed on Tomcat, but 404 error
Apache + Tomcat with mod_jk - Web site hangs
What is the best way to install Mod_jk on linux to run apache in front of tomcat
Tomcat behind Apache and SSL
SSL connection to Tomcat (behind Apache - mod_jk)
apache tomcat redirection error: worker1 connecting to backend failed
Apache HTTP Client javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
Scoreboard is full,not at MaxRequestWorkers