SSL connection to Tomcat (behind Apache - mod_jk)

apache-2.2 ssl tomcat mod-jk
5,022

Solution 1

Check the output of apache2ctl -S - a second SSL vhost that is loading first on the port will get requests instead of the desired vhost.

Solution 2

The DocumentRoot from the httpd.conf is only in charge for the global Apache settings. If you set on your server on a VirtualHostconfiguration it shouldn't interfere with your VH at all.

I'd recommend for now to increase yourLogLeveland check the log file after that. Additionally, if it ain't on productive server yet, you can drop the DocumentRoot lines in httpd.conf as well.

I haven't used mod_jk for a very long time as I find the configuration itself not very amusing. I switched over to mod_proxy for this sort of reverse proxying as it is more intuitive. In case of Tomcat I use mod_proxy_ajp and enclose the elements with the <IfModule mod_proxy_ajp.c> container. But that might be a personal flavour thing. If you can't figure out why, you might save time giving that a try.

Solution 3

What is controlling whether the Apache is searching in DocumentRoot dir or forwarding the requests to Tomcat?

Two factors: the order and definition of <Directory> and related directives, and the JKMount location(s).

I am curious why you think you need two - just use /cas/* (apache will redirect a request for /cas to /cas/ automatically if /cas does not exist, based on the DirectorySlash setting, which defaults to On)

Share:
5,022
TheMouse
Author by

TheMouse

Updated on September 18, 2022

Comments

  • TheMouse
    TheMouse over 1 year

    The SSL connection is working for every page on the Apache server except these served to Tomcat. Tomcat works well on http connection.

    The setup:

    • Apache/2.2.21
    • Tomcat-7.0.23
    • mod_jk to connect them
    • self-signed certificate

    What is working

    If I try to connect to tomcat through http everything is OK. Every page which is specified in the JkMount directive is forward to Tomcat and all the others pages are Apache's responsibility. I have two virtual hosts - one for port 80 and one for 443. The working configuration for 80 is:

    <VirtualHost *:80>
ServerName *******

JkMount /cas ajp13_worker
JkMount /cas/* ajp13_worker

</VirtualHost>

    What is my problem

    When I try to use https with similar vhost configuration for port 443 - there is an entry in the apache logs:

    File does not exist: ****/apache2/htdocs/cas

    Configuration files

    The settings for vhost on port 443:

    <VirtualHost ****:443>
ServerName *******

JkMount /cas ajp13_worker
JkMount /cas/* ajp13_worker

</VirtualHost>

    In the httpd.conf the section for mod_jk is:

    JkWorkersFile ****/tomcat-7.0.23/conf/workers.properties
JkLogFile ****/apache2/logs/mod_jk.log
JkLogLevel info
JkLogStampFormat "[%a %b %d %H:%M:%S %Y] "

(I've read that I need the following lines ... )
JkExtractSSL On
JkHTTPSIndicator HTTPS
JkSESSIONIndicator SSL_SESSION_ID
JkCIPHERIndicator SSL_CIPHER
JkCERTSIndicator SSL_CLIENT_CERT

    In httpd-ssl.conf I've specified the certificate paths ... https is working correctly for all pages except the Tomcat ones.

    DocumentRoot is specified in httpd.conf.

    Questions

    What is controlling whether the Apache is searching in DocumentRoot dir or forwarding the requests to Tomcat? What am I doing wrong?

    Thank you :)

    • ravi yarlagadda
      ravi yarlagadda about 12 years
      What's the output from apache2ctl -S? I have a sneaking suspicion that a different :443 vhost is getting the requests instead.
    • TheMouse
      TheMouse about 12 years
      Could you write this as an answer (so I can select it) and not just a comment. This was my problem. There was a second vhost for 443 in conf/extra/httpd-ssl.conf Thank you.
  • TheMouse
    TheMouse about 12 years
    I've read some examples and just enter it like that. You are right - I need only '/cas/*'.
  • TheMouse
    TheMouse about 12 years
    I have tried mod_proxy_ajp - it seems easier to configure. When I add ProxyPass /cas ajp://localhost:8010/cas to the vhost configs: if I add it to to *:80 config section - it works (like with mod_jk) ... but when I add it to the 443 section - all requests are forward to the htdocs dir. There is no helpful info in the logs (I've switched to debug). Any ideas?
  • Chris
    Chris about 12 years
    How does your <VirtualHost>container for SSL look like? Can you try and work with the IP address? Like <VirtualHost 222.333.444.555:443>and do you have the NameVirtualHost set for SSL as well?

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Apache mod_jk Setting for Tomcat - workers.properties
Configuring Apache, Tomcat, mod_jk and mod_rewrite to serve up tomcat from top-level
Apache module "mod_jk". Setup rewrite condition for using https for specific url/context
Apache & Tomcat Load balancing via Mod_jk issue
How can I diagnose a "502 Bad Gateway" response from an Apache/Tomcat configuration?
Apache not Forwarding Client x509 Certificate to Tomcat via mod_proxy
Why - Could not find worker with name 'jk-manager' in uri map post processing?
IOException: Socket read failed using Apache 2, mod_jk and Tomcat over AJP
The proxy server received an invalid response from an upstream server
How do I force Apache to use HTTPS in conjunction with AJP?