passing HTTPS connections in apache to tomcat

buffe · 04-01-2010, 01:23 AM

hi,
I have configured apache using mod_jk to front tomcat. Then I configured tomcat and my application to use https. but after that I cannot access it through https without adding port 8080 in the URL. I think I need to add some configurations to apache to cope with this situation, but I still couldn't find the proper config though I tried many. I would be grateful if someone can help me with this.

Thanks

roreilly · 04-01-2010, 01:01 PM

it sounds like you're running tomcat via ssl, you should run apache w/ ssl.

enable ssl. in ports.conf, make sure that Listen 443 is enabled.

I also use mod-rewrite to have all http://your.host.name automatically redirect up to https://your.host.name.

Hope this helps.

roreilly · 04-02-2010, 08:30 PM

hey buffe,

If you're still stuck, ping me. I have a couple dozen servers set up with apache fronting tomcat,
so I think I can help you get through this.

R.

buffe · 04-05-2010, 04:52 AM

Thank you very much roreilly,
Actually I could configure apache to use https, but it didn't fulfill my requirement. I want apache to use https only for the pages that redirects to https by the application running on tomcat. and use http for others. that means apache should be able to serve both http and https and those which should be accessed through https shoould be decided by tomcat side(actually the application on tomcat, eg:use https only for login page). I configured virtual hosts for both port 80 and 443 and workers as well, but browser says I'm in a loop. I would be grateful if you could help me with this.

Thank you.

roreilly · 04-06-2010, 07:13 AM

I believe that the loop is caused by trying to have tomcat make the decisions about what ports to serve.

In my case, we enforce ssl across the board. The load cost of ssl isn't high enough for us to worry about doing it otherwise.

However, in your instance, as I understand, you want ssl for logins only.

In this case, here is how I would lay it out:

tomcat should listen only on the ajp13 port. (8009 by defaut)

apache should listen on 80 & 443.

use mod_rewrite to handle the ssl redirects in this manner:
note, this is not syntactically correct:

vhost:80
rewrite ^"login page" > https://my.domain.com
do not rewrite any other requests.

vhost:443:

match != login pages > http://my.domain.com

I believe something like that is what you need. Trying to have tomcat do the decision making of https/http is probably going to give you far too much grief.

I'm afraid my mod_rewrite skills are not strong enough to be very helpful, but if you like I can get you started on the basic matching to redirect up to https.