Win2003, Apache2.2 & Tomcat6 Apache proxy to Tomcat
am 30.09.2010 22:29:53 von Mike Rea
--0022150488a710cfc004917ff21c
Content-Type: text/plain; charset=ISO-8859-1
I am running a Win2003 server using Apache2.2 to basically just proxy to
Tomcat6 with SSL.
I had tried running just tomcat6 but from everything that I read it was
better for SSL traffic to proxy using Apache, so that is what i did.
Right now I am just pointing it to the Tomcat default page, that is easy
enough to change later.
Here is where I am at.
1. On the server if I go to http: //localhost: it brings up the page fine.
2. On the server https: //localhost also brings up the page fine. Of
course I do get a certificate error because the SSL cert is for my domain.
But it does work and the samples run fine.
3. From either the server or another PC, if I goto http: //my. domain.com
it works fine and brings up the Tomcat default page.
4. From either place going to https the browser says waiting and eventually
returns an error.
In my httpd.conf file I have:
Listen 80
Listen 443
The mod_proxy 's, mod_ssl & mod_vhost_alias are all turned on.
In my httpd-vhosts.conf file here is what I have:
NameVirtualHost *:80 (although on this try it isn't named, shows error in
the logs but doesnt seem to hurt anything)
NameVirtualHost *:443
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
ProxyPass / http: //localhost:8080/
ProxyPassReverse / http: //localhost:8080/
SSLEngine On
SSLProxyEngine on
SSLCertificateFile conf/ssl/certname.cer
SSLCertificateKeyFile conf/ssl/keyname.key
ProxyPass / httpa: //localhost:8443/
ProxyPassReverse / httpa: //localhost:8443/
ErrorLog "logs/mydomain.com-error.log"
CustomLog "logs/mydomain.com-access.log" common
I have tried several different rewrites on this and just not getting it to
work.
I did put the port 80 => 8080 pass in a VirtualHost tag, it works fine on
http: //localhost but when using https it gives some bogus message of the
server being too busy.
I took the 443 =>8443 directives out of the VirtualHost tag and that works
fine on http: //localhost but when using https it goes to the Apache
default page.
No matter what I do, I still get an error from http: //my. domain.com while
http: //my. domain.com runs fine.
Any ideas? I am definately not an expert with Apache setup. I am more a DB
& ERP system guy who has been writting more and more jsp apps.
Now I have one that I need to secure and having one heck of a time doing it.
(Sorry for the spaces. e-mail was seeing them as URLs and the listserv SPAM
filter was blocking the email)
Thanks in advance for any help.
Mike
--0022150488a710cfc004917ff21c
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
I am running a Win2003 server using Apache2.2 to basically just proxy to=
Tomcat6 with SSL.
=A0
I had tried running just tomcat6 but from ever=
ything that I read it was better for SSL traffic to proxy using Apache, so =
that is what i did.
=A0
Right now I am just pointing it to the Tomcat default page, that is =
easy enough to change later.
=A0
Here is where I am at.
=A0
1. =
On the server if I go to http: //localhost: it brings up the page fine.
=
2. On the server https: //localhost also brings up the page fine.=A0 =
Of course I do get a certificate error because the SSL cert is for my domai=
n.=A0 But it does work and the samples run fine.
=A0
3. From either the server or another PC, if I goto=A0http: //my.
href=3D"http://domain.com">domain.com it works fine and brings up=
the Tomcat default page.
4. From either place going to=A0https=A0 the b=
rowser says waiting and eventually returns an error.
=A0
In my httpd.conf file I have:
=A0
Listen 80
Listen 443
T=
he mod_proxy 's, mod_ssl & mod_vhost_alias are all turned on.
=
=A0
=A0
=A0
In my httpd-vhosts.conf file here is what I have:
=
=A0
NameVirtualHost *:80 (although on this try it isn't named, shows=
error in the logs but doesnt seem to hurt anything)
NameVirtualHost *:443
<IfModule ssl_module>
SSLRandomSeed start=
up builtin
SSLRandomSeed connect builtin
</IfModule>
ProxyPa=
ss / http: //localhost:8080/
ProxyPassReverse / http: //localhost:8080/<=
br>
<VirtualHost *:443>
=A0 SSLEngine On
=A0 SSLProxyEn=
gine on
=A0 SSLCertificateFile conf/ssl/certname.cer
=A0=
SSLCertificateKeyFile conf/ssl/keyname.key
ProxyPass / httpa: //localh=
ost:8443/
ProxyPassReverse / httpa: //localhost:8443/
=A0 ErrorLog "logs/mydomain.com-error.log"
=A0 Cu=
stomLog "logs/mydomain.com-access.log" common
</VirtualHost=
>
=A0
I have tried several different rewrites on this and just not ge=
tting it to work.
I did put the port 80 =3D> 8080 pass in a VirtualHo=
st tag, it works fine on http: //localhost=A0 but when using https it gives=
some bogus message of the server being too busy.
I took the 443 =3D>8443 directives out of the VirtualHost tag and that w=
orks fine on http: //localhost=A0 but when using https it goes to the Apach=
e default page.=A0
No matter what I do, I still get an error from http:=
//my. while http: //my.
ef=3D"http://domain.com">domain.com runs fine.
=A0
Any ideas?=A0 I am definately not an expert with Apache setup.=A0 I =
am more a DB & ERP system guy who has been writting more and more jsp a=
pps.=A0
Now I have one that I need to secure and having one heck of a t=
ime doing it.
(Sorry for the spaces.=A0 e-mail was seeing them as URLs and the lists=
erv SPAM filter was blocking the email)
Thanks in advance for any help.<=
br>Mike
--0022150488a710cfc004917ff21c--
Re: Win2003, Apache2.2 & Tomcat6 Apache proxy to Tomcat
am 01.10.2010 13:05:08 von Mike Rea
--000325554d9a25612a04918c2cd6
Content-Type: text/plain; charset=ISO-8859-1
Sorry.
Yes they are https, not https just me mis-typing.
The email client was seeing all of those as links and the apache listserv
bounced my original email as spam. So I added the spaces to get it to go
thru. They are not in the conf files.
Yes general message in IE, I will try it in firefox and others and see what
I get. Really not getting anything in the error log, first place I looked.
Thanks
On Fri, Oct 1, 2010 at 3:44 AM, Rainer Jung wrote:
> On 30.09.2010 22:29, Mike Rea wrote:
>
>> I am running a Win2003 server using Apache2.2 to basically just proxy to
>> Tomcat6 with SSL.
>>
>> I had tried running just tomcat6 but from everything that I read it was
>> better for SSL traffic to proxy using Apache, so that is what i did.
>>
>> Right now I am just pointing it to the Tomcat default page, that is easy
>> enough to change later.
>>
>> Here is where I am at.
>>
>> 1. On the server if I go to http: //localhost: it brings up the page fine.
>> 2. On the server https: //localhost also brings up the page fine. Of
>> course I do get a certificate error because the SSL cert is for my
>> domain. But it does work and the samples run fine.
>>
>> 3. From either the server or another PC, if I goto http: //my.
>> domain.com it works fine and brings up the Tomcat
>>
>> default page.
>> 4. From either place going to https the browser says waiting and
>> eventually returns an error.
>>
>> In my httpd.conf file I have:
>>
>> Listen 80
>> Listen 443
>> The mod_proxy 's, mod_ssl & mod_vhost_alias are all turned on.
>>
>>
>>
>> In my httpd-vhosts.conf file here is what I have:
>>
>> NameVirtualHost *:80 (although on this try it isn't named, shows error
>> in the logs but doesnt seem to hurt anything)
>> NameVirtualHost *:443
>>
>> SSLRandomSeed startup builtin
>> SSLRandomSeed connect builtin
>>
>> ProxyPass / http: //localhost:8080/
>> ProxyPassReverse / http: //localhost:8080/
>>
>> SSLEngine On
>> SSLProxyEngine on
>> SSLCertificateFile conf/ssl/certname.cer
>> SSLCertificateKeyFile conf/ssl/keyname.key
>>
>
> I assume you have a more complete SSL config included, like setting the
> cipher suite and enabling SSL session handling. See the default
> configuration provided with the Apache web server.
>
>
> ProxyPass / httpa: //localhost:8443/
>> ProxyPassReverse / httpa: //localhost:8443/
>>
>
> httpa does not exist, and the space between the scheme and the rest of the
> URL won't be good either. What do you really have in your config here?
>
> If you only want Tomcat to do http and the Apache reverse proxy should do
> the full https, then use again
>
>
> ProxyPass / http: //localhost:8080/
> ProxyPassReverse / http: //localhost:8080/
>
> ErrorLog "logs/mydomain.com-error.log"
>> CustomLog "logs/mydomain.com-access.log" common
>>
>>
>>
>> I have tried several different rewrites on this and just not getting it
>> to work.
>> I did put the port 80 => 8080 pass in a VirtualHost tag, it works fine
>> on http: //localhost but when using https it gives some bogus message
>> of the server being too busy.
>> I took the 443 =>8443 directives out of the VirtualHost tag and that
>> works fine on http: //localhost but when using https it goes to the
>> Apache default page.
>> No matter what I do, I still get an error from http: //my. domain.com
>> while http: //my. domain.com
>>
>> runs fine.
>>
>> Any ideas? I am definately not an expert with Apache setup. I am more
>> a DB & ERP system guy who has been writting more and more jsp apps.
>> Now I have one that I need to secure and having one heck of a time doing
>> it.
>> (Sorry for the spaces. e-mail was seeing them as URLs and the listserv
>> SPAM filter was blocking the email)
>> Thanks in advance for any help.
>> Mike
>>
>
> If it still doesn't work:
>
> What error message do you get in the client? If it is the general error
> message provided by Microsoft Internet Explorer, use some other browser to
> see the full error message.
>
> Is there any message in the error log of Apache?
>
> Regards,
>
> Rainer
>
> ------------------------------------------------------------ ---------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>
--
Michael Rea
mike.a.rea@gmail.com
Cell: 330-402-2280
--------------------------------
www.theusergroup.org
Enspire ERP users resource with forums, issue lists, white papers and more.
--000325554d9a25612a04918c2cd6
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Sorry.
Yes they are https, not https just me mis-typing.
The email client was seeing all of those as links and the apache lists=
erv bounced my original email as spam.=A0 So I added the spaces to get it t=
o go thru.=A0 They are not in the conf files.
=A0
Yes general message in IE, I will try it in firefox and others and see=
what I get.=A0 Really not getting anything in the error log, first place I=
looked.
Thanks
On Fri, Oct 1, 2010 at 3:44 AM, Rainer Jung
n dir=3D"ltr"><
rainer.jung@ki=
ppdata.de> wrote:
; PADDING-LEFT: 1ex" class=3D"gmail_quote">
On 30.09.2010 22:29, Mike Rea wrote:
; PADDING-LEFT: 1ex" class=3D"gmail_quote">
I am running a Win2003 server using Apache2.2 to basicall=
y just proxy to
Tomcat6 with SSL.
I had tried running just tomcat=
6 but from everything that I read it was
better for SSL traffic to proxy=
using Apache, so that is what i did.
Right now I am just pointing it to the Tomcat default page, that is eas=
y
enough to change later.
Here is where I am at.
1. On the=
server if I go to http: //localhost: it brings up the page fine.
2. On =
the server https: //localhost =A0 also brings up the page fine. =A0Of
course I do get a certificate error because the SSL cert is for my
domai=
n. =A0But it does work and the samples run fine.
3. From either the =
server or another PC, if I goto http: //my.
in.com/" target=3D"_blank">domain.com <
" target=3D"_blank">http://domain.com> =A0 it works fine and brings =
up the Tomcat=20
default page.
4. From either place going to https =
=A0the browser says waiting and
eventually returns an error.
In m=
y httpd.conf file I have:
Listen 80
Listen 443
The mod_proxy &=
#39;s, mod_ssl & mod_vhost_alias are all turned on.
In my httpd-vhosts.conf file here is what I have:
NameVi=
rtualHost *:80 (although on this try it isn't named, shows error
in =
the logs but doesnt seem to hurt anything)
NameVirtualHost *:443
<IfModule ssl_module>
SSLRandomSeed startup builtin
SSLRandomSe=
ed connect builtin
</IfModule>
ProxyPass / http: //localhost:80=
80/
ProxyPassReverse / http: //localhost:8080/
<VirtualHost *:443&=
gt;
=A0 =A0 SSLEngine On
=A0 =A0 SSLProxyEngine on
=A0 =A0 SSLCertificate=
File conf/ssl/certname.cer
=A0 =A0 SSLCertificateKeyFile conf/ssl/keynam=
e.key
I assume you have a more complete SSL confi=
g included, like setting the cipher suite and enabling SSL session handling=
.. See the default configuration provided with the Apache web server.=20
; PADDING-LEFT: 1ex" class=3D"gmail_quote">ProxyPass / httpa: //localhost:8=
443/
ProxyPassReverse / httpa: //localhost:8443/
iv>
httpa does not exist, and the space between the scheme and the rest of the =
URL won't be good either. What do you really have in your config here?<=
br>
If you only want Tomcat to do http and the Apache reverse proxy shou=
ld do the full https, then use again=20
ProxyPass / http: //localhost:8080/
ProxyPassR=
everse / http: //localhost:8080/
; PADDING-LEFT: 1ex" class=3D"gmail_quote">
=A0 =A0 ErrorLog "logs/mydomain.com-error.log"<=
br>=A0 =A0 CustomLog "logs/mydomain.com-access.log" common
<=
;/VirtualHost>
I have tried several different rewrites on thi=
s and just not getting it
to work.
I did put the port 80 =3D> 8080 pass in a VirtualHost tag, i=
t works fine
on http: //localhost =A0but when using https it gives some =
bogus message
of the server being too busy.
I took the 443 =3D>844=
3 directives out of the VirtualHost tag and that
works fine on http: //localhost =A0but when using https it goes to the
A=
pache default page.
No matter what I do, I still get an error from http:=
//my.
<=
/div>
<&=
gt; while http: //my.
doma=
in.com <
http://doma=
in.com>=20
runs fine.
Any ideas? =A0I am definately not a=
n expert with Apache setup. =A0I am more
a DB & ERP system guy who h=
as been writting more and more jsp apps.
Now I have one that I need to s=
ecure and having one heck of a time doing it.
(Sorry for the spaces. =A0e-mail was seeing them as URLs and the listserv
r>SPAM filter was blocking the email)
Thanks in advance for any help.
>Mike
If it still doesn't work:
What e=
rror message do you get in the client? If it is the general error message p=
rovided by Microsoft Internet Explorer, use some other browser to see the f=
ull error message.
Is there any message in the error log of Apache?
Regards,
>Rainer
------------------------------------------------------------ =
---------
The official User-To-User support forum of the Apache HTTP Ser=
ver Project.
See <URL:
lank">http://httpd.apache.org/userslist.html> for more info.
To u=
nsubscribe, e-mail:
arget=3D"_blank">users-unsubscribe@httpd.apache.org
=A0" =A0 from the digest:
ttpd.apache.org" target=3D"_blank">users-digest-unsubscribe@httpd.apache.or=
g
For additional commands, e-mail:
d.apache.org" target=3D"_blank">users-help@httpd.apache.org
--
Michael Rea
ref=3D"mailto:mike.a.rea@gmail.com">mike.a.rea@gmail.com
Cell: 330-4=
02-2280
--------------------------------
rgroup.org">www.theusergroup.org
Enspire ERP users resource with forums, issue lists, white papers and more.=
=A0
--000325554d9a25612a04918c2cd6--
Re: Win2003, Apache2.2 & Tomcat6 Apache proxy to Tomcat
am 01.10.2010 14:29:46 von Rainer Jung
On 01.10.2010 13:05, Mike Rea wrote:
> Sorry.
> Yes they are https, not https just me mis-typing.
> The email client was seeing all of those as links and the apache
> listserv bounced my original email as spam. So I added the spaces to
> get it to go thru. They are not in the conf files.
> Yes general message in IE, I will try it in firefox and others and see
> what I get. Really not getting anything in the error log, first place I
> looked.
> Thanks
Don't overlook my hint about using port 8080 instead of 8443.
> On Fri, Oct 1, 2010 at 3:44 AM, Rainer Jung
> > wrote:
>
> On 30.09.2010 22:29, Mike Rea wrote:
>
> I am running a Win2003 server using Apache2.2 to basically just
> proxy to
> Tomcat6 with SSL.
>
> I had tried running just tomcat6 but from everything that I read
> it was
> better for SSL traffic to proxy using Apache, so that is what i did.
>
> Right now I am just pointing it to the Tomcat default page, that
> is easy
> enough to change later.
>
> Here is where I am at.
>
> 1. On the server if I go to http: //localhost: it brings up the
> page fine.
> 2. On the server https: //localhost also brings up the page
> fine. Of
> course I do get a certificate error because the SSL cert is for my
> domain. But it does work and the samples run fine.
>
> 3. From either the server or another PC, if I goto http: //my.
> domain.com
> > it works fine and brings up the Tomcat
>
> default page.
> 4. From either place going to https the browser says waiting and
> eventually returns an error.
>
> In my httpd.conf file I have:
>
> Listen 80
> Listen 443
> The mod_proxy 's, mod_ssl & mod_vhost_alias are all turned on.
>
>
>
> In my httpd-vhosts.conf file here is what I have:
>
> NameVirtualHost *:80 (although on this try it isn't named, shows
> error
> in the logs but doesnt seem to hurt anything)
> NameVirtualHost *:443
>
> SSLRandomSeed startup builtin
> SSLRandomSeed connect builtin
>
> ProxyPass / http: //localhost:8080/
> ProxyPassReverse / http: //localhost:8080/
>
> SSLEngine On
> SSLProxyEngine on
> SSLCertificateFile conf/ssl/certname.cer
> SSLCertificateKeyFile conf/ssl/keyname.key
>
>
> I assume you have a more complete SSL config included, like setting
> the cipher suite and enabling SSL session handling. See the default
> configuration provided with the Apache web server.
>
>
> ProxyPass / httpa: //localhost:8443/
> ProxyPassReverse / httpa: //localhost:8443/
>
>
> httpa does not exist, and the space between the scheme and the rest
> of the URL won't be good either. What do you really have in your
> config here?
>
> If you only want Tomcat to do http and the Apache reverse proxy
> should do the full https, then use again
>
>
> ProxyPass / http: //localhost:8080/
> ProxyPassReverse / http: //localhost:8080/
>
> ErrorLog "logs/mydomain.com-error.log"
> CustomLog "logs/mydomain.com-access.log" common
>
>
>
> I have tried several different rewrites on this and just not
> getting it
> to work.
> I did put the port 80 => 8080 pass in a VirtualHost tag, it
> works fine
> on http: //localhost but when using https it gives some bogus
> message
> of the server being too busy.
> I took the 443 =>8443 directives out of the VirtualHost tag and that
> works fine on http: //localhost but when using https it goes to the
> Apache default page.
> No matter what I do, I still get an error from http: //my.
> domain.com
> > while http: //my.
> domain.com
> >
>
> runs fine.
>
> Any ideas? I am definately not an expert with Apache setup. I
> am more
> a DB & ERP system guy who has been writting more and more jsp apps.
> Now I have one that I need to secure and having one heck of a
> time doing it.
> (Sorry for the spaces. e-mail was seeing them as URLs and the
> listserv
> SPAM filter was blocking the email)
> Thanks in advance for any help.
> Mike
>
>
> If it still doesn't work:
>
> What error message do you get in the client? If it is the general
> error message provided by Microsoft Internet Explorer, use some
> other browser to see the full error message.
>
> Is there any message in the error log of Apache?
>
> Regards,
>
> Rainer
>
> ------------------------------------------------------------ ---------
> The official User-To-User support forum of the Apache HTTP Server
> Project.
> See for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>
> " from the digest: users-digest-unsubscribe@httpd.apache.org
>
> For additional commands, e-mail: users-help@httpd.apache.org
>
------------------------------------------------------------ ---------
The official User-To-User support forum of the Apache HTTP Server Project.
See for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: Win2003, Apache2.2 & Tomcat6 Apache proxy to Tomcat
am 01.10.2010 14:59:48 von Mike Rea
--000325579d92406d7404918dc6b4
Content-Type: text/plain; charset=ISO-8859-1
Made the change to port 8080.
I also changed the host file on the server to bypass DNS for
www.mydomain.com and to just loop back to the local IP address instead.
Between those 2 one of them worked.
From the outside I am getting a connection time out in Firefox.
So, since it is working fine from the server, with it not having to leave
the network and come back in, I am assuming that https traffic is being
blocked by the firewall. At least that seems reasonable to me. I do not do
the firewall work for this company but I would think when I asked them to
open up internet traffic to this server that they would of opened up port 80
& 443 traffic, but who knows.
Thanks,
Hopefully this has taken care of my problem.
Mike
On Fri, Oct 1, 2010 at 8:29 AM, Rainer Jung wrote:
> On 01.10.2010 13:05, Mike Rea wrote:
>
>> Sorry.
>> Yes they are https, not https just me mis-typing.
>> The email client was seeing all of those as links and the apache
>> listserv bounced my original email as spam. So I added the spaces to
>> get it to go thru. They are not in the conf files.
>> Yes general message in IE, I will try it in firefox and others and see
>> what I get. Really not getting anything in the error log, first place I
>> looked.
>> Thanks
>>
>
> Don't overlook my hint about using port 8080 instead of 8443.
>
> On Fri, Oct 1, 2010 at 3:44 AM, Rainer Jung
>> > wrote:
>>
>> On 30.09.2010 22:29, Mike Rea wrote:
>>
>> I am running a Win2003 server using Apache2.2 to basically just
>> proxy to
>> Tomcat6 with SSL.
>>
>> I had tried running just tomcat6 but from everything that I read
>> it was
>> better for SSL traffic to proxy using Apache, so that is what i
>> did.
>>
>> Right now I am just pointing it to the Tomcat default page, that
>> is easy
>> enough to change later.
>>
>> Here is where I am at.
>>
>> 1. On the server if I go to http: //localhost: it brings up the
>> page fine.
>> 2. On the server https: //localhost also brings up the page
>> fine. Of
>> course I do get a certificate error because the SSL cert is for my
>> domain. But it does work and the samples run fine.
>>
>> 3. From either the server or another PC, if I goto http: //my.
>> domain.com
>>
>> > it works fine and brings up the Tomcat
>>
>> default page.
>> 4. From either place going to https the browser says waiting and
>> eventually returns an error.
>>
>> In my httpd.conf file I have:
>>
>> Listen 80
>> Listen 443
>> The mod_proxy 's, mod_ssl & mod_vhost_alias are all turned on.
>>
>>
>>
>> In my httpd-vhosts.conf file here is what I have:
>>
>> NameVirtualHost *:80 (although on this try it isn't named, shows
>> error
>> in the logs but doesnt seem to hurt anything)
>> NameVirtualHost *:443
>>
>> SSLRandomSeed startup builtin
>> SSLRandomSeed connect builtin
>>
>> ProxyPass / http: //localhost:8080/
>> ProxyPassReverse / http: //localhost:8080/
>>
>> SSLEngine On
>> SSLProxyEngine on
>> SSLCertificateFile conf/ssl/certname.cer
>> SSLCertificateKeyFile conf/ssl/keyname.key
>>
>>
>> I assume you have a more complete SSL config included, like setting
>> the cipher suite and enabling SSL session handling. See the default
>> configuration provided with the Apache web server.
>>
>>
>> ProxyPass / httpa: //localhost:8443/
>> ProxyPassReverse / httpa: //localhost:8443/
>>
>>
>> httpa does not exist, and the space between the scheme and the rest
>> of the URL won't be good either. What do you really have in your
>> config here?
>>
>> If you only want Tomcat to do http and the Apache reverse proxy
>> should do the full https, then use again
>>
>>
>> ProxyPass / http: //localhost:8080/
>> ProxyPassReverse / http: //localhost:8080/
>>
>> ErrorLog "logs/mydomain.com-error.log"
>> CustomLog "logs/mydomain.com-access.log" common
>>
>>
>>
>> I have tried several different rewrites on this and just not
>> getting it
>> to work.
>> I did put the port 80 => 8080 pass in a VirtualHost tag, it
>> works fine
>> on http: //localhost but when using https it gives some bogus
>> message
>> of the server being too busy.
>> I took the 443 =>8443 directives out of the VirtualHost tag and
>> that
>> works fine on http: //localhost but when using https it goes to
>> the
>> Apache default page.
>> No matter what I do, I still get an error from http: //my.
>> domain.com
>> > while http: //my.
>> domain.com
>>
>> >
>>
>> runs fine.
>>
>> Any ideas? I am definately not an expert with Apache setup. I
>> am more
>> a DB & ERP system guy who has been writting more and more jsp apps.
>> Now I have one that I need to secure and having one heck of a
>> time doing it.
>> (Sorry for the spaces. e-mail was seeing them as URLs and the
>> listserv
>> SPAM filter was blocking the email)
>> Thanks in advance for any help.
>> Mike
>>
>>
>> If it still doesn't work:
>>
>> What error message do you get in the client? If it is the general
>> error message provided by Microsoft Internet Explorer, use some
>> other browser to see the full error message.
>>
>> Is there any message in the error log of Apache?
>>
>> Regards,
>>
>> Rainer
>>
>> ------------------------------------------------------------ ---------
>> The official User-To-User support forum of the Apache HTTP Server
>> Project.
>> See for more info.
>> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>>
>>
>> " from the digest: users-digest-unsubscribe@httpd.apache.org
>>
>>
>> For additional commands, e-mail: users-help@httpd.apache.org
>>
>>
>
> ------------------------------------------------------------ ---------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>
--
Michael Rea
mike.a.rea@gmail.com
Cell: 330-402-2280
--------------------------------
www.theusergroup.org
Enspire ERP users resource with forums, issue lists, white papers and more.
--000325579d92406d7404918dc6b4
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Made the change to port 8080.
I also changed the host file on the server to bypass DNS for
=3D"http://www.mydomain.com/">www.mydomain.com and to just loop back to=
the local IP address instead.=A0
Between those 2 one of them worked.=A0
From the outside I am getting a connection time out in Firefox.=A0
iv>
So, since it is working fine from the server,=A0with it not having to =
leave the network and come back in,=A0I am assuming that https traffic is b=
eing blocked by the firewall.=A0 At least that seems reasonable to me. I do=
not do the firewall work for this company but I would think when I asked t=
hem to open up internet traffic to this server that they would of opened up=
port 80 & 443 traffic, but who knows.
Thanks,
Hopefully this has taken care of my problem.
Mike
On Fri, Oct 1, 2010 at 8:29 AM, Rainer Jung
n dir=3D"ltr"><
rainer.jung@ki=
ppdata.de> wrote:
; PADDING-LEFT: 1ex" class=3D"gmail_quote">
On 01.10.2010 13:05, Mike Rea wrote:
; PADDING-LEFT: 1ex" class=3D"gmail_quote">Sorry.
Yes they are https, no=
t https just me mis-typing.
The email client was seeing all of those as =
links and the apache
listserv bounced my original email as spam. =A0So I added the spaces to
=
get it to go thru. =A0They are not in the conf files.
Yes general messag=
e in IE, I will try it in firefox and others and see
what I get. =A0Real=
ly not getting anything in the error log, first place I
looked.
Thanks
Don't overlook my hint abou=
t using port 8080 instead of 8443.
; PADDING-LEFT: 1ex" class=3D"gmail_quote">
On Fri, Oct 1, 2010 at 3:44 AM, Rainer Jung <
=3D"mailto:rainer.jung@kippdata.de" target=3D"_blank">rainer.jung@kippdata.=
de
<mailto:
get=3D"_blank">rainer.jung@kippdata.de>> wrote:
=A0 =A0On =
30.09.2010 22:29, Mike Rea wrote:
=A0 =A0 =A0 =A0I am running a Win2=
003 server using Apache2.2 to basically just
=A0 =A0 =A0 =A0proxy to
=A0 =A0 =A0 =A0Tomcat6 with SSL.
=A0 =A0 =
=A0 =A0I had tried running just tomcat6 but from everything that I read
=
=A0 =A0 =A0 =A0it was
=A0 =A0 =A0 =A0better for SSL traffic to proxy usi=
ng Apache, so that is what i did.
=A0 =A0 =A0 =A0Right now I am just pointing it to the Tomcat default pa=
ge, that
=A0 =A0 =A0 =A0is easy
=A0 =A0 =A0 =A0enough to change later=
..
=A0 =A0 =A0 =A0Here is where I am at.
=A0 =A0 =A0 =A01. On =
the server if I go to http: //localhost: it brings up the
=A0 =A0 =A0 =A0page fine.
=A0 =A0 =A0 =A02. On the server https: //local=
host =A0 also brings up the page
=A0 =A0 =A0 =A0fine. =A0Of
=A0 =A0 =
=A0 =A0course I do get a certificate error because the SSL cert is for my
r>=A0 =A0 =A0 =A0domain. =A0But it does work and the samples run fine.
=A0 =A0 =A0 =A03. From either the server or another PC, if I goto http:=
//my.
=A0 =A0 =A0 =A0
ank">domain.com <
ht=
tp://domain.com/> <
k">http://domain.com=20
=A0 =A0 =A0 =A0<
get=3D"_blank">http://domain.com/>> =A0 it works fine and brings =
up the Tomcat
=A0 =A0 =A0 =A0default page.
=A0 =A0 =A0 =A04. From=
either place going to https =A0the browser says waiting and
=A0 =A0 =A0 =A0eventually returns an error.
=A0 =A0 =A0 =A0In my htt=
pd.conf file I have:
=A0 =A0 =A0 =A0Listen 80
=A0 =A0 =A0 =A0List=
en 443
=A0 =A0 =A0 =A0The mod_proxy 's, mod_ssl & mod_vhost_alia=
s are all turned on.
=A0 =A0 =A0 =A0In my httpd-vhosts.conf file here is what I have:
=A0=
=A0 =A0 =A0NameVirtualHost *:80 (although on this try it isn't named, =
shows
=A0 =A0 =A0 =A0error
=A0 =A0 =A0 =A0in the logs but doesnt seem=
to hurt anything)
=A0 =A0 =A0 =A0NameVirtualHost *:443
=A0 =A0 =A0 =A0<IfModule ssl_module>
=A0 =A0 =A0 =A0SSLRandomSeed =
startup builtin
=A0 =A0 =A0 =A0SSLRandomSeed connect builtin
=A0 =A0 =
=A0 =A0</IfModule>
=A0 =A0 =A0 =A0ProxyPass / http: //localhost:80=
80/
=A0 =A0 =A0 =A0ProxyPassReverse / http: //localhost:8080/
=A0 =A0 =A0 =A0<VirtualHost *:443>
=A0 =A0 =A0 =A0 =A0 =A0 SSLEngi=
ne On
=A0 =A0 =A0 =A0 =A0 =A0 SSLProxyEngine on
=A0 =A0 =A0 =A0 =A0 =
=A0 SSLCertificateFile conf/ssl/certname.cer
=A0 =A0 =A0 =A0 =A0 =A0 SSL=
CertificateKeyFile conf/ssl/keyname.key
=A0 =A0I assume you have=
a more complete SSL config included, like setting
=A0 =A0the cipher suite and enabling SSL session handling. See the default<=
br>=A0 =A0configuration provided with the Apache web server.
=A0=
=A0 =A0 =A0ProxyPass / httpa: //localhost:8443/
=A0 =A0 =A0 =A0ProxyPas=
sReverse / httpa: //localhost:8443/
=A0 =A0httpa does not exist, and the space between the scheme and t=
he rest
=A0 =A0of the URL won't be good either. What do you really h=
ave in your
=A0 =A0config here?
=A0 =A0If you only want Tomcat to=
do http and the Apache reverse proxy
=A0 =A0should do the full https, then use again
=A0 =A0ProxyPass=
/ http: //localhost:8080/
=A0 =A0ProxyPassReverse / http: //localhost:8=
080/
=A0 =A0 =A0 =A0 =A0 =A0 ErrorLog "logs/mydomain.com-error.=
log"
=A0 =A0 =A0 =A0 =A0 =A0 CustomLog "logs/mydomain.com-acce=
ss.log" common
=A0 =A0 =A0 =A0</VirtualHost>
=A0 =A0 =A0 =A0I have tried =
several different rewrites on this and just not
=A0 =A0 =A0 =A0getting i=
t
=A0 =A0 =A0 =A0to work.
=A0 =A0 =A0 =A0I did put the port 80 =3D>=
; 8080 pass in a VirtualHost tag, it
=A0 =A0 =A0 =A0works fine
=A0 =A0 =A0 =A0on http: //localhost =A0but whe=
n using https it gives some bogus
=A0 =A0 =A0 =A0message
=A0 =A0 =A0 =
=A0of the server being too busy.
=A0 =A0 =A0 =A0I took the 443 =3D>84=
43 directives out of the VirtualHost tag and that
=A0 =A0 =A0 =A0works fine on http: //localhost =A0but when using https it g=
oes to the
=A0 =A0 =A0 =A0Apache default page.
=A0 =A0 =A0 =A0No matt=
er what I do, I still get an error from http: //my.
=A0 =A0 =
=A0 =A0 <=
>=
=A0 =A0 =A0 =A0<
http://=
domain.com <
http://=
domain.com/>> while http: //my.
=A0 =A0 =A0 =A0
://domain.com/" target=3D"_blank">domain.com <
in.com/" target=3D"_blank">http://domain.com/> <
/domain.com/" target=3D"_blank">http://domain.com=20
=A0 =A0 =A0 =A0<
get=3D"_blank">http://domain.com/>>
=A0 =A0 =A0 =A0runs fi=
ne.
=A0 =A0 =A0 =A0Any ideas? =A0I am definately not an expert with =
Apache setup. =A0I
=A0 =A0 =A0 =A0am more
=A0 =A0 =A0 =A0a DB & ERP system guy who has been writting more and mor=
e jsp apps.
=A0 =A0 =A0 =A0Now I have one that I need to secure and havi=
ng one heck of a
=A0 =A0 =A0 =A0time doing it.
=A0 =A0 =A0 =A0(Sorry =
for the spaces. =A0e-mail was seeing them as URLs and the
=A0 =A0 =A0 =A0listserv
=A0 =A0 =A0 =A0SPAM filter was blocking the emai=
l)
=A0 =A0 =A0 =A0Thanks in advance for any help.
=A0 =A0 =A0 =A0Mike=
=A0 =A0If it still doesn't work:
=A0 =A0What error m=
essage do you get in the client? If it is the general
=A0 =A0error message provided by Microsoft Internet Explorer, use some
=
=A0 =A0other browser to see the full error message.
=A0 =A0Is there =
any message in the error log of Apache?
=A0 =A0Regards,
=A0 =
=A0Rainer
=A0 =A0--------------------------------------------------------- -----------=
-
=A0 =A0The official User-To-User support forum of the Apache HTTP Server
>=A0 =A0Project.
=A0 =A0See <URL:
serslist.html" target=3D"_blank">http://httpd.apache.org/userslist.html=
> for more info.
=A0 =A0To unsubscribe, e-mail:
ache.org" target=3D"_blank">users-unsubscribe@httpd.apache.org
>=A0 =A0<mailto:
rget=3D"_blank">users-unsubscribe@httpd.apache.org>=20
=A0 =A0" =A0 from the digest:
users-digest-unsubscribe@httpd.apache.org" target=3D"_blank">users-digest-u=
nsubscribe@httpd.apache.org
=A0 =A0<mailto:
o:users-digest-unsubscribe@httpd.apache.org" target=3D"_blank">users-digest=
-unsubscribe@httpd.apache.org>=20
=A0 =A0For additional commands, e-mail:
ilto:users-help@httpd.apache.org" target=3D"_blank">users-help@httpd.apache=
..org
=A0 =A0<mailto:
he.org" target=3D"_blank">users-help@httpd.apache.org>
-----------------------------------------------------=
----------------
The official User-To-User support forum of the Apache H=
TTP Server Project.
See <URL:
list.html" target=3D"_blank">http://httpd.apache.org/userslist.html>=
for more info.
To unsubscribe, e-mail:
g" target=3D"_blank">users-unsubscribe@httpd.apache.org
=A0" =
=A0 from the digest:
e.org" target=3D"_blank">users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail:
org" target=3D"_blank">users-help@httpd.apache.org
<=
/blockquote>
--
Michael Rea
=3D"mailto:mike.a.rea@gmail.com">mike.a.rea@gmail.com
Cell: 330-402-2280
--------------------------------
/www.theusergroup.org">www.theusergroup.org
Enspire ERP users resour=
ce with forums, issue lists, white papers and more.=A0
--000325579d92406d7404918dc6b4--