0

I am new to web server configurations, here is the scenario, we have a hybris tomcat server which is running on 9002 for https and 9001 for http. I need to configure apache web server with mod_proxy server which will open https and http through 80 port. I tried to configure mod_proxy for tomcat https and http site, but the site worked in http only. customer only allowed 80 port, Can anyone help me about scenario.



LoadModule headers_module modules/mod_headers.so
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_balancer_module modules/mod_proxy_balancer.so
LoadModule proxy_connect_module modules/mod_proxy_connect.so
LoadModule proxy_http_module modules/mod_proxy_http.so
LoadModule ssl_module  modules/mod_ssl.so

<VirtualHost *:80>
DocumentRoot /var/www/html
ProxyPreserveHost On
ProxyPass / http://tomcatserver.ip:9001/
ProxyPassReverse /  http://tomcatserver.ip:9001/
</VirtualHost>

<VirtualHost *:443>
DocumentRoot /var/www/html
ProxyPreserveHost On
ServerName webserver.ip
SSLEngine on
SSLProxyEngine On
ProxyPass / https://tomcatserver.ip:9002/
ProxyPassReverse /  https://tomcatserver.ip:9002

SSLCertificateFile /etc/ssl/certs/webserverdomain.crt
SSLCertificateKeyFile  /etc/ssl/certs/webserverdomain.key

</VirtualHost>







server.xml configuration


  <Connector port="${tomcat.http.port}"
                maxHttpHeaderSize="8192"
           maxThreads="${tomcat.maxthreads}"
           protocol="org.apache.coyote.http11.Http11Protocol"
           executor="hybrisExecutor"
           enableLookups="false"
           acceptCount="100"
           connectionTimeout="20000"
           URIEncoding="UTF-8"
           disableUploadTimeout="true"
           proxyName="webserverdomainname" proxyPort="80" /> />

<Connector port="${tomcat.ssl.port}"
                maxHttpHeaderSize="8192"
           maxThreads="150"
           protocol="org.apache.coyote.http11.Http11Protocol"
           executor="hybrisExecutor"
           enableLookups="false"
           acceptCount="${tomcat.acceptcount}"
           connectionTimeout="20000"
           disableUploadTimeout="true"
           URIEncoding="UTF-8"
           SSLEnabled="true"
           proxyName="webserverdomainname" 
           proxyPort="443"                  
                scheme="https"
                secure="true"
                clientAuth="false"
            sslProtocol = "TLS"
            keystoreFile="${catalina.home}/lib/keystore"
            keystorePass="123456"

here is the tomcat server.xml file Thank you @christopher @Benoit

rakiarchana
  • 5
  • 6
  • 1
    Please post your configuration. – Christopher Schultz Mar 23 '16 at 19:29
  • Please edit your first message with a formatted xml configuration, also explain the behavior when you try to access the site trough HTTPS ? Any error logged (Apache or Hybris) what is your browser saying ? – Benoit Vanalderweireldt Mar 24 '16 at 03:53
  • Browser redirects to apache default test page, ssl_error_log [autoindex:error] [pid 10927] [client tomcat.ip:37152] AH01276: Cannot serve directory /var/www/html/: No matching DirectoryIndex (index.html) found, and server-generated directory index forbidden by Options directive – rakiarchana Mar 24 '16 at 04:19
  • It doesn't make much sense to use HTTPS or even HTTP between Apache and Tomcat, if they're in the same LAN/data centre. You should look into mod_ajp and the AJP Connector in Tomcat for the final leg. – user207421 Mar 24 '16 at 10:00
  • I agree with @EJP but it should work anyway. Could you post any error messages from Apache or Hybris ? What happens in your browser when you access it over HTTPS ? – Benoit Vanalderweireldt Mar 24 '16 at 13:48
  • @BenoitVanalderweireldt, hac and hmc working on http, but website will launches on https, https not working. when i try to access through https, the page redirects to apache test page. I had generated ssl cert for web server, tomcat server already have certificate. I am also sharing server.xml conf file. Can you please check. – rakiarchana Mar 24 '16 at 19:10
  • done some changes, now showing AH00898: Error during SSL Handshake with remote server returned by /hac/ and AH01097: pass request body failed to tomcat.ip:9002 in httpd error log – rakiarchana Mar 24 '16 at 20:52
  • Do you want Apache to unload the SSL certificate or Tomcat ? – Benoit Vanalderweireldt Mar 24 '16 at 21:45

1 Answers1

1

What is happening here is that SSLProxyEngine is detecting a non valid ssl certificate, so you need to explicitly tell him not to check anything !

This configuration is fine for development but not for production, in production you should unload the ssl certificate and send all traffic to http with a flag like 'RequestHeader set X-Forwarded-Proto "https"' and add a valve into Tomcat configuration

Change your Apache configuration for this :

<VirtualHost *:443>
DocumentRoot /var/www/html
ProxyPreserveHost On
ServerName webserver.ip
SSLEngine on
SSLProxyEngine On
SSLProxyVerify none
SSLProxyCheckPeerCN off
SSLProxyCheckPeerName off
SSLProxyCheckPeerExpire off
ProxyPass / https://tomcatserver.ip:9002/
ProxyPassReverse /  https://tomcatserver.ip:9002

SSLCertificateFile /etc/ssl/certs/webserverdomain.crt
SSLCertificateKeyFile  /etc/ssl/certs/webserverdomain.key    
</VirtualHost>
Benoit Vanalderweireldt
  • 2,925
  • 2
  • 21
  • 31