Tomcat behind Apache and SSL

apache tomcat grails ssl spring-security
12,894

You can't just relay the SSL/TLS traffic to Tomcat from Apache. Either your SSL connection ends at Apache, and then you should reverse proxy the traffic to Tomcat (SSL is rarely useful in this case), or you make the clients connect to Tomcat directly and let it handle the SSL connection.

I'm not sure where you've read that mod_jk can pass on the SSL connection itself to Tomcat. It would need to relay the socket directly, therefore bypassing the AJP protocol used by mod_jk (by the way mod_proxy_ajp is the new way, or even mod_proxy_http).

I'm not sure why you would want Apache to be in front of Tomcat if you want Tomcat to handle the SSL requests anyway. If this has to do with port numbers or something, use a firewall rule to forward port 443 to the Tomcat port.

In addition, be cautious about the way these automatic redirections from HTTP to HTTPS are done: they only happen after the initial HTTP request has been made.

Share:
12,894

Related videos on Youtube

Nico Huysamen
Author by

Nico Huysamen

I obtained my Masters, Honours, and Bachelors degrees in Computer Science at the University of Stellenbosch in South Africa. I am currently working as a software developer.

Updated on July 26, 2022

Comments

  • Nico Huysamen
    Nico Huysamen almost 2 years

    I have been looking everywhere but cannot find a clear solution for the following situation:

    We have a web application (Grails + Spring Security) that is running in tomcat, behind apache. Part of the application needs to run on https, so using Spring Security Channel Security, whenever you navigate to a part of the application that is secure, Spring will redirect you to https with a 302 status code.

    Now, tomcat is set up to know about the https and certificates, so it knows how to handle the ssl. In fact, when side-stepping apache by going directly to the url and port to hit tomcat directly, everything works 100%.

    The problem now comes in when putting apache in front of tomcat. The apache config that we have at the moment works fine for the non-secure parts of the application. We are using mod_jk to proxy apache and tomcat.

    However, as soon as you try to go to a secure part of the application, Spring will redirect you, it will hit the

    <VirtualHost _default_:443> ... </VirtualHost>

    part of the apache config... and this is where the problem starts.

    From what I have read, it is possible for apache, via mod_jk, to pass off the ssl handling to tomcat. But we cannot seem to get the configuration for this correct. Since tomcat is already set up for the ssl, it knows where the certificates are, and Spring Security is set up, we would like tomcat to handle all the ssl, and apache merely to pawn it off to tomcat.

    Is this at all possible, or am I missing something? Does anyone have some clear instruction as to how to set this up? Any help will be greatly appreciated.

    We are using Apache 2.2 and tomat 7.0.27

    Thanks

  • Gregg
    Gregg about 12 years
    I agree. Especially about the mod_proxy_* point. We use Apache which handles our SSL and then mod_proxy_http to forward requests to Tomcat. Works great. And super simple config.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Apache HTTP Client javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
Configure Apache SSL and then redirect to Tomcat with mod_jk
Error during SSL Handshake with remote server
Does Tomcat support TLS v1.2?
SSL, Tomcat and Grails
Redirect apache to tomcat
Forward connection from Apache on 80 to Tomcat 6 on 8080 with mod_proxy
SSLCertificateChainFile is obsolete
Is it possible to have a valid sub-subdomain with a wildcard certificate?
How to configure SSL on Apache 2.4 (Windows 7)?