Configure Apache SSL and then redirect to Tomcat with mod_jk
Solution 1
I found the solution, so my Apache and Tomcat work fine... I' going to summarize the steps to solve the problem:
Considering, you have mydomain certificate (signed by GoDaddy) correctly installed and stored within Apple KeyChain of my Mac Server.
- Open KeyChain App (with root), expand mydomain certificate label, so you see the private key too.
- Save both with p12 extension, then generate .pem file from .p12
Private Key:
umask 0077 openssl pkcs12 -in pkfilename.p12 -nocerts -nodes -out filename-key.pem umask 0022
Certificate:
openssl pkcs12 -in certfilename.p12 -clcerts -nokeys -out filename-cert.pem
Copy filename-key.pem and filename-cert.pem within /etc/apache2/ directory
- Considering you have the same httpd.conf configuration showed above, you just need to add 2 more
VirtualHost
for 443 (https port) connection. Anyway, add 1 VirtualHost for each ServerName you wish to secure, for instance I just want to secure mydomain.com incoming connection:
<VirtualHost _default_:443> DocumentRoot "/Library/ApacheTomcat/apache-tomcat-6.0.33/webapps/MyServerAppName" ServerName mydomain.com ErrorLog "/private/var/log/apache2/https_mydomain.com-error_log" CustomLog "/private/var/log/apache2/https_mydomain.com-access_log" common SSLEngine On SSLCertificateFile /etc/apache2/filename-cert.pem SSLCertificateKeyFile /etc/apache2/filename-key.pem JkMountCopy On JkMount /* ajp13 </VirtualHost>
Add
Listen 443
in httpd.conf file, just add this line underListen 80
you find at beginning of it.
You now can surf both http:// mydomain.com and https:// mydomain.com.
In case of error you can read the log files within /var/log/apache2/
.
Special thanks to Bruno user, how help me on creating privatekey and certificate file (step 3 and 4).
I hope this guideline can help you configuring Apache and Tomcat on mod_jk for Secure SSL connections.
Solution 2
You've configured mod_jk in your virtual hosts for plain HTTP requests (VirtualHost *:80
). You need to configure these Jk*
options in the HTTPS virtual hosts too (VirtualHost *:443
), where you have configured your SSL settings.
piojo
Updated on August 08, 2020Comments
-
piojo over 3 years
I'm trying to configure my home server to accept SSL Connection on port 443.
I've www.mydomain.com domain, I've just linked Apache2 and Tomcat, using mod_jk, now I wish to accept also https request from the web.
This is my configuration:
httpd.conf
<IfModule mod_jk.c> JKWorkersFile /etc/apache2/workers.properties JkShmFile /var/log/apache2/mod_jk.shm JKLogFile /var/log/apache2/mod_jk.log JkLogLevel debug JkLogStampFormat "[%a %b %d %H:%M:%S %Y] " </IfModule> <VirtualHost *:80> DocumentRoot "/Library/ApacheTomcat/apache-tomcat-6.0.33/webapps/MyTomcatAppName" ServerName www.mydomain.com ErrorLog "/private/var/log/apache2/www.mydomain.com-error_log" CustomLog "/private/var/log/apache2/www.mydomain.com-access_log" common JkMountCopy On JkMount /* ajp13 </VirtualHost> <VirtualHost *:80> DocumentRoot "/Library/ApacheTomcat/apache-tomcat-6.0.33/webapps/MyTomcatAppName" ServerName mydomain.com ErrorLog "/private/var/log/apache2/mydomain.com-error_log" CustomLog "/private/var/log/apache2/mydomaino.com-access_log" common JkMountCopy On JkMount /* ajp13 </VirtualHost>
Then this is my Worker.properties file:
worker.list=ajp13 worker.ajp13.type=ajp13 worker.ajp13.host=localhost worker.ajp13.port=8009
This is my server.xml:
<Host name="localhost" appBase="/Library/ApacheTomcat/apache-tomcat-6.0.33/webapps" unpackWARs="true" autoDeploy="true" xmlValidation="false" xmlNamespaceAware="false"> <Context path="" docBase="/Library/ApacheTomcat/apache-tomcat-6.0.33/webapps/MyTomcatAppName" />
With this configuration I correctly surf MyTomcatAppName when I visit http:// www.mydomain.com or http:// domain.com... My issue now is to visit the same website using an https connection, so https:// www.mydomain.com or https:// domain.com. I also have a GoDaddy certificate installed on my Mac Mini Server (Lion osx), so if I type https:// www.mydomain.com (or https:// domain.com) the browser correctly inform me about the presence of a certificate for "mydomain.com", but it also says:
Forbidden You don't have permission to access / on this server. Apache/2.2.20 (Unix) mod_ssl/2.2.20 OpenSSL/0.9.8r DAV/2 mod_jk/1.2.30 Server at mydomain.com Port 443
I'm sure this is because I missed something in Virtual Host tag.... So how can I fix it?
-
Bruno over 12 yearsIf, when you go to
https://www.mydomain.com/
, you get an HTTP response (forbidden), HTTPS is already working, so you must somehow have configured theSSL*
options somewhere. Try to set the virtual host where they are (or create one withVirtualHost *:443
if it doesn't already exist) and put theJk*
options there. -
piojo over 12 yearsI forgot to add Certificate and Private Key within VirtualHost, you help me creating them on other post, so now I've summarized the steps in my Answer... Thank you so much...
-
Naved over 10 yearsI am also facing the same problem, after this setting too, it was not solved. I have added my question as stackoverflow.com/questions/21308928/…