2

I've got a Tomcat server (JIRA) working behind an Apache reverse proxy server (took a while but I got there). I'm upgrading my old server and adding Apache to give me some extra functionality and security. The old server was accessed on 

https://example.com:8443

I want to be able to get Apache to forward anyone who visits the old address with the port 8443 (i.e. from old bookmarks etc.) to https://example.com but I'm struggling to get it to work. I can do the following

  • http://example.com -> https://example.com
  • http://example.com:8443 -> https://example.com

but https://example.com:8443 generates and SSL connection error in Chrome. I'm a bit stuck. In httpd.conf I have

Listen 80
Listen 8443

in httpd-vhosts.conf I have

<VirtualHost *:80>
    ServerName example.com
    Redirect        /   https://example.com/
</VirtualHost>
<VirtualHost *:8443>
    ServerName example.com
    Redirect    /   https://example.com/
</VirtualHost>

in httpd-ssl.com I have

Listen 443
<VirtualHost *:443>
    ServerName example.com

    SSLEngine               On
    SSLCertificateFile      "C:\Program Files\Atlassian\JIRA\jre\server.crt"
    SSLCertificateKeyFile   "C:\Program Files\Atlassian\JIRA\jre\server.key"
    SSLProxyEngine      Off

    ProxyRequests       Off
    ProxyPreserveHost   On
    <Proxy *>
        Order deny,allow
        Allow from all
    </Proxy>

    ProxyPass           /   http://example.com:8080/
    ProxyPassReverse    /   http://example.com:8080/

</VirtualHost>
kasperd
  • 30,455
  • 17
  • 76
  • 124
Eddy555
  • 31
  • 1
  • 1
  • 3

2 Answers2

2

You still need to be using SSL on port 8443 in order to to read the request and make a response.

symcbean
  • 21,009
  • 1
  • 31
  • 52
  • Thanks for the reply. OK, but I'm not sure how to do this. I've added ` ServerName myserver.com Redirect / https ://myserver.com/ ` to httpd-ssl.conf but that didn't work. I'm a bit confused as to how to implement it. – Eddy555 Aug 12 '14 at 09:57
  • Change `Listen 443` to `Listen 443,8443` in the ssl config and copy the existing definition for `` to `` (this should be obvious?) – symcbean Aug 12 '14 at 10:12
  • That's what I thought but it gives the same error SSL Connection error. It's like it can't find the VirtualHost redirection for https ://myserver.com:8443 – Eddy555 Aug 12 '14 at 10:22
  • Did you restart the webserver? Check your errorLog? – symcbean Aug 12 '14 at 10:27
  • Aha. I had been restarting it but not checked the error.log (Beginner mistake). The VirtualHosts *:8443 in httpd-vhosts.conf was loaded first and overriding whatever I set in httpd-ssl.conf. So if I removed the VH from vhosts and set it as a copy of 443 as you suggested in ssl.conf then it works for calls to https ://myserver.com:8443. This does mean calls to http ://myserver.com:8443 results in a bad request, but that shouldn't be a big issue I think. Thanks for the help and pointers :) – Eddy555 Aug 12 '14 at 10:39
1

I use this with Jira in apache. Note: I use the /jira which I configured in jira/conf/server.xml (see below). Also note proxyName="example.com"

<VirtualHost *:80>
        ServerName example.com
        Redirect permanent / https://example.com/jira/
</VirtualHost>

<VirtualHost *:443>

        ServerName example.com
        Redirect permanent / https://example.com/jira/
        <Proxy *>
                Order deny,allow
                Allow from all
        </Proxy>

        ProxyRequests Off
        ProxyPass /jira http://localhost:8080/jira
        ProxyPassReverse /jira http://localhost:8080/jira
        <Location />
                Order allow,deny
                Allow from all
        </Location>

        SSLEngine on
        SSLCertificateFile ....crt
        SSLCertificateKeyFile ....key
        SSLCertificateChainFile ....crt
</VirtualHost>

server.xml

<?xml version="1.0" encoding="utf-8"?>

<Server port="8005" shutdown="SHUTDOWN">

    <!--APR library loader. Documentation at /docs/apr.html -->
    <Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on"/>
    <!--Initialize Jasper prior to webapps are loaded. Documentation at /docs/jasper-howto.html -->
    <Listener className="org.apache.catalina.core.JasperListener"/>
    <Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener"/>

    -->
    <Service name="Catalina">


 <Connector acceptCount="100"
connectionTimeout="20000"
disableUploadTimeout="true"
enableLookups="false"
maxHttpHeaderSize="8192"
maxThreads="150"
minSpareThreads="25"
port="8081"
protocol="HTTP/1.1"
redirectPort="8443"
useBodyEncodingForURI="true"/>

        <Connector acceptCount="100"
connectionTimeout="20000"
disableUploadTimeout="true"
enableLookups="false"
maxHttpHeaderSize="8192"
maxThreads="150"
minSpareThreads="25"
port="8080"
protocol="HTTP/1.1"
redirectPort="8443"
useBodyEncodingForURI="true"
scheme="https"
proxyName="example.com"
proxyPort="443"/>

        <Engine name="Catalina" defaultHost="localhost">
            <Host name="localhost" appBase="webapps" unpackWARs="true" autoDeploy="true">

                <Context path="/jira" docBase="${catalina.home}/atlassian-jira" reloadable="false" useHttpOnly="true">

                    <Resource name="UserTransaction" auth="Container" type="javax.transaction.UserTransaction"
                              factory="org.objectweb.jotm.UserTransactionFactory" jotm.timeout="60"/>
                    <Manager pathname=""/>
                </Context>

            </Host>
            <Valve className="org.apache.catalina.valves.AccessLogValve" resolveHosts="false"
                   pattern="%a %{jira.request.id}r %{jira.request.username}r %t &quot;%m %U%q %H&quot; %s %b %D &quot;%{Referer}i&quot; &quot;%{User-Agent}i&quot; &quot;%{jira.request.assession.id}r&quot;"/>

        </Engine>
    </Service>
</Server>
Skiaddict
  • 116
  • 1
  • 10
  • Thanks for the reply. It looks similar to my setup. I think yours will redirect `http ://example.com to https ://example.com/jira` and similarly `https ://example.com to https ://example.com/jira`. I need an external call from the server to be redirected as follows `https ://example.com:8443 to https ://example.com` but I can't seem to get that configured to work. – Eddy555 Aug 12 '14 at 10:29