Tomcat - server.xml SSL configuration with mod_jk redirect

bar338 · 06-01-2010, 04:08 PM

I have an application that is currently setup to redirect from port 8080 to port 8009. This then uses the mod_jk connector to redirect it to port 80 so that the application is viewable as if it was running on apache.

I've recently purchased an SSL certificate and am having difficulty configuring tomcat to redirect properly.

Below is my current configuration:

server.xml

Quote:

worker.properties

Quote:

workers.tomcat_home=/usr/share/tomcat6
workers.java_home=/usr/java/jdk1.6.0_16
ps=/
worker.list=worker1
worker.worker1.host=localhost
worker.worker1.port=8009
worker.worker1.type=ajp13
worker.worker1.lbfactor=1
worker.loadbalancer.type=lb
worker.loadbalancer.balanced_workers=worker1
worker.inprocess.type=jni
worker.inprocess.class_path=$(workers.tomcat_home)$(ps)lib$(ps)tomcat.jar
worker.inprocess.cmd_line=start
worker.inprocess.jvm_lib=$(workers.java_home)$(ps)jre$(ps)lib$(ps)
i386$(ps)classic$(ps)libjvm.so
worker.inprocess.stdout=$(workers.tomcat_home)$(ps)logs$(ps)inprocess.stdout
worker.inprocess.stderr=$(workers.tomcat_home)$(ps)logs$(ps)inprocess.stder

mod_jk

Quote:

# Where to put jk logs
JkLogFile logs/mod_jk.log
# Set the jk log level [debug/error/info]
JkLogLevel info
# Select the log format
JkLogStampFormat "[%a %b %d %H:%M:%S %Y] "
# JkOptions indicate to send SSL KEY SIZE,
JkOptions +ForwardKeySize +ForwardURICompat -ForwardDirectories
# JkRequestLogFormat set the request format
JkRequestLogFormat "%w %V %T"
# Send requests for context /application to worker named worker1
JkMount /application/* worker1

# Rewrite rule in case
RewriteRule ^/(application/.+);jsessionid=\w+$ /$1

After all this when I try to visit the url:
https://www.mydomain.com/application

I get the error:
Forbidden
You don't have permission to access /e-resources/ on this server.

Any suggestions on what I can do to get this working? Your help is greatly appreciated.

zanerock · 06-02-2010, 12:47 AM

A couple things I'm not getting here.

First:

'redirectPort' is the port where Tomcat sends requests for resources that should be secure, but are not using HTTPS. E.g., someone requests 'login.jsp' which is configured to require SSL. If the request is non-secure, it will be redirected to the secure port. Usually you set 'redirectPort' on a non-secure connector. I'm guessing it has no effect to set it on a secure connector.

Second:

If apache involved, it usually handles the incoming request and the SSL and hands off to tomcat for processing. Apache is much better at handling the SSL itself and I've never seen handling the SSL at the Tomcat level when Apache is already involved. You may have your reasons, but wanted to make sure this is really what you want to do.

I'll be glad to help out if I can once I understand your goal a bit better.

Z

bar338 · 06-02-2010, 02:54 PM

Basically I had my website setup so that the application running on tomcat could be reached by :
http://mydomain.com/application
instead of mydomain.com:8080/application

In addition to this I have several other applications running directly off of apache. When I upgraded to SSL for apache it was as simple as configuring the SSL and changing the URL to https. So the SSL is handled on apache, I just need to figure out how to get tomcat to cooperate with this.

With https I get a 403 Forbidden error or a 404 page not found error. I then use the same URL and change it to http and it once again works.

My goal is to be able to use the https protocol with my tomcat application.

Does that make sense?

zanerock · 06-03-2010, 11:38 PM

If apache is handling the SSL, there's no need for tomcat to be SSL aware, just configure Tomcat to listen on 8009.