0

I have two Tomcat instances, one running on port 8080 and the other running on 8081. The both have deployed a web app called app.war but they are separated not only by different ports, but different data stores. However each runs on the same physical box.

The firewall rules in our organization specify that I can only serve HTTPS via port 443. No HTTP nor HTTPS over 80, 8080, or 8081.

The physical box, runs RHEL5, and has a single IP running on eth0. The DNS is set up to map to the box for app1.example.com and app2.example.com.

How do I configure my httpd rewrite/proxy to direct app1.example.com:443 to localhost:8080 and app2.example.com:443 to localhost:8081?

EDIT:

Here is what I have tried...

LoadModule ssl_module modules/mod_ssl.so
Listen 443
NameVirtualHost *:443
ProxyRequests Off
<VirtualHost *:443>
     ServerName app1.example.com
     SSLProxyEngine On
     SSlProxyMachineCertificateFile /etc/httpd/cert/10year.pem
     SSLVerifyClient Off
     <Proxy *>
          Order deny,allow
          Allow from all
     </Proxy>
     ProxyPass / https://app.example.com:   /
     ProxyPassReverse / https://app.example.com:8080/
     ProxyPassReverseCookieDomain app.example.com app1.example.com
     <Location />
          Order allow,deny
          Allow from all
     </Location>
</VirtualHost>
<VirtualHost *:443>
     ServerName app2.example.com
     SSLProxyEngine On
     SSlProxyMachineCertificateFile /etc/httpd/cert/10year.pem
     SSLVerifyClient Off
     <Proxy *>
          Order deny,allow
          Allow from all
     </Proxy>
     ProxyPass / https://app.example.com:8081/
     ProxyPassReverse / https://app.example.com:8081/
     ProxyPassReverseCookieDomain app.example.com app2.example.com
     <Location />
          Order allow,deny
          Allow from all
     </Location>
</VirtualHost>

...and the error when I try and start it...

$ service httpd start
Starting httpd: [Mon Oct 21 11:18:43 2013] [warn] module ssl_module is already loaded, skipping
(98)Address already in use: make_sock: could not bind to address [::]:443
(98)Address already in use: make_sock: could not bind to address 0.0.0.0:443
no listening sockets available, shutting down
Unable to open logs
                                                           [FAILED]
dacracot
  • 469
  • 2
  • 13
  • 28
  • What `httpd` are you running? Apache?? What have you tried already? Do you have the `VirtualHost` directives configured? What proxy are you using (assuming Apache, mod_proxy or mod_jk)? What errors are you getting? [SF] is here to help, but not to do all the work for you... – Chris S Oct 21 '13 at 17:53
  • Apache is what I'm using for httpd. – dacracot Oct 21 '13 at 18:17

2 Answers2

1

This line looks like its missing the port number. Is it a typo?

ProxyPass / https://app.example.com:   /

Also you should probably have Apache handle the SSL and proxy to Tomcat as http (or ajp). You can use localhost as server name, e.g.:

ProxyPass / http://localhost:8080/
David Levesque
  • 3,543
  • 1
  • 19
  • 13
1

The first part of the error message seems to indicate that there is already something running on port 433. The second seems to suggest that you didn't execute the "service" command as root...

Do a 

sudo service httpd restart

That way you are sure that you are root, and that you are stopping, then starting apache.

Your httpd.conf looks good. However I would configure your tomcat instances as using http, not https, as there is no need to encrypt traffic when it stays on the host. Furthermore, https proxying doesn't work out of the box on apache. I would also disable the default ssl virtualhost for your instance. That should get rid of the warning that you're trying to load the ssl module twice.

Krist van Besien
  • 1,862
  • 13
  • 16