1

I do have a "simple" question that probably can be answered by you in seconds ;) I setup an apache webserver (v2.2), this apache server serves as balancer with "mod_jk" enabled. 2 different applications are hosted on this server, called "low" and "high". The tomcat servers that I am using are V6.0x servers.

Here comes the apache httpd.conf (abstract):

# Load mod_jk module
LoadModule    jk_module  modules/mod_jk-1.2.30-httpd-2.2.3.so
# Where to find workers.properties
JkWorkersFile conf/workers.properties
# loadbalancer contains the first application that may be clustered (runs on more tomcat instances/servers)
JkMount  /high/* loadbalancer
# webworker contains the second application that runs in a single tomcat instance
JkMount  /low/* webworker

As you can see there are two defined mappings. The first one "high" goes to the loadbalancer (2 application servers "worker1" and "worker2", see worker.properties below). The second resolves to "low" and goes to the webworker (just another tomcat instance on this server).

Here comes the worker.properties:

# Define worker list
worker.list=worker1,worker2,loadbalancer,webworker

# Set properties for worker1 (ajp13, http=8080, https=8443)
# Note: worker1 runs on the same machine as the serving apache webserver
worker.worker1.type=ajp13
worker.worker1.host=appserver1.example.com
worker.worker1.port=8009
worker.worker1.lbfactor=1

# Set properties for worker2 (ajp13, http=8080, https=8443)
# Note: worker2 runs on a different machine
worker.worker2.type=ajp13
worker.worker2.host=appserver2.example.com
worker.worker2.port=8010
worker.worker2.lbfactor=2

# Set properties for webworker (ajp13, http=9090, https=9443)
# Note: webworker runs on the same machine as the serving apache webserver
worker.webworker.type=ajp13
worker.webworker.host=appserver1.example.com
worker.webworker.port=8010

# Set properties for load balancer
worker.loadbalancer.type=lb
worker.loadbalancer.balance_workers=worker1, worker2

So, here is my question:

How can I setup that all requests for the mapping "low" should be rewritten to "https"? The second application "low" should be run completely secured.

i.e. calling "http://www.myapplication.com/low" leads the apache server to rewrite this to "https://www.myapplication.com/low".

Is this possible with "mod_rewrite"? Where do I have to place the certificate-file? Has the certificate to be configured in the tomcat-config (server.xml) or in apache-config (or perhaps in both config-files)?

Thx for your help :)

Found a solution:

Bruno helped me out, so this is my working configuration (placed the config in additional file called httpd-vhosts.conf):

<IfModule mod_ssl.c>
<VirtualHost *:443>
        ServerAdmin webmaster@example.com
        ServerName appserver1.example.com:443
        SSLEngine       on
        SSLCertificateFile     "conf/ssl.crt/server.crt"
        SSLCertificateKeyFile  "conf/ssl.key/server.key"
        JkMount  /low/* webworker
</VirtualHost>
</IfModule>

<VirtualHost *:80>
        ServerAdmin webmaster@example.com
        ServerName appserver1.example.com
        JkMount /high/* loadbalancer
        <IfModule mod_rewrite.c>
            RewriteEngine On
            RewriteCond %{HTTPS} !=on
            RewriteRule ^/low(.*) https://appserver1.example.com/low$1 [R,L]
        </IfModule>
</VirtualHost>
tim.kaufner
  • 113
  • 1
  • 4

1 Answers1

1

Have you tried something like this (assuming you've loaded mod_rewrite)?

RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^/low(.*) https://%{SERVER_NAME}/low$1 [R,L]

If you use Apache Httpd as a frontend, that's where SSL needs to be configured (see documentation for the mod_ssl module).

Typically, this will look like this:

<IfModule mod_ssl.c>
<VirtualHost *:443>
        ServerAdmin webmaster@host.name.example
        ServerName host.name.example

        SSLEngine       on
        SSLCertificateFile      /etc/ssl/certs/host.pem
        SSLCertificateKeyFile   /etc/ssl/private/host.key

        # ...
        # (the config file with your distribution will probably have
        #  a sensible set of options for SSL as well.)

        JkMount  /high/* loadbalancer
        JkMount  /low/* webworker
</VirtualHost>
</IfModule>

<VirtualHost *:80>
        ServerAdmin webmaster@host.name.example
        ServerName host.name.example


        # You can put the rewrite rules here for example.

        JkMount  /high/* loadbalancer
        # Don't put this one if you don't want it over plain HTTP
        # JkMount  /low/* webworker
</VirtualHost>
Bruno
  • 4,099
  • 1
  • 21
  • 37