0

I have a server that runs multiple web applications in Tomcat virtual hosts (site1.domain.com, site2.domain.com) etc. Runs on port(s) 8080 and 8443 for ssl. Default settings.

There is also an Apache2 frontend for the Tomcat, with individual websites for each tomcat site, configured to communicate over ajp connector.

The problem is that I cannot get ssl to function from Apache side and question is, which one of the servers should handle the https at all?

user1492810
  • 31
  • 1
  • 6

1 Answers1

0

Ok figured it out.

  1. Create two DNS entries that both point to your Tomcat server IP address. (site1.domain.int, site2.domain.int)
  2. Create two virtualhosts in tomcat. Test them - put an /manager app[copy from default and edit xml appBase paths accordingly] in them to test them working correctly (over port 8080 to validate it's really a tomcat that's handling http)
  3. Set up apache server and create virtualhosts accordingly to pt 1. 3.1 Create self-ssl (.pem) with make-ssl-cert (in linux)

For HTTP and HTTPS, each apache host should look similar:

<VirtualHost *:80>
ServerName server.domain.int
ServerAlias server
#Redirect / https://server.domain.com
ProxyRequests Off
<Proxy *>
    Order deny,allow
    Allow from all
</Proxy>

ProxyPass / ajp://server.domain.int:8009/
ProxyPassReverse / http://server.domain.int

<Location />
    Order allow,deny
    Allow from all
</Location>

ServerAdmin webmaster@localhost ServerName server.domain.int

    SSLEngine on
    SSLCertificateFile    /etc/apache2/ssl/apache.pem

ProxyRequests Off
<Proxy *>
    Order deny,allow
    Allow from all
</Proxy>

ProxyPass / ajp://server.domain.int:8009/
 ProxyPassReverse / https://server.domain.int

<Location />
    Order allow,deny
    Allow from all
</Location>

The key for understanding it is to know that HTTPS is happening only between client and apache. Apache communicates with tomcat over ajp protocol (not http, not https). 4.Test addresses site1.domain.int and site2.domain.int (over port 80 this time!) 4.1 Test Addresses with https:// perfix

  1. For security, close tomcat ports 8080 and 8443 in server.xml

Now, I answer for my question myself - SSL must be handeled by Apache if you have fronted for Tomcat(7)

user1492810
  • 31
  • 1
  • 6