Login/Register
Configure Apache SSL and then redirect to Tomcat with mod_jk
Asked Answered
apachetomcatsslmod-jk
C

2

5

I'm trying to configure my home server to accept SSL Connection on port 443.

I've www.mydomain.com domain, I've just linked Apache2 and Tomcat, using mod_jk, now I wish to accept also https request from the web.

This is my configuration:

httpd.conf

<IfModule mod_jk.c>
    JKWorkersFile /etc/apache2/workers.properties
    JkShmFile /var/log/apache2/mod_jk.shm
    JKLogFile /var/log/apache2/mod_jk.log
    JkLogLevel debug
    JkLogStampFormat "[%a %b %d %H:%M:%S %Y] "
</IfModule>


<VirtualHost *:80>
    DocumentRoot "/Library/ApacheTomcat/apache-tomcat-6.0.33/webapps/MyTomcatAppName"
    ServerName www.mydomain.com
    ErrorLog "/private/var/log/apache2/www.mydomain.com-error_log"
    CustomLog "/private/var/log/apache2/www.mydomain.com-access_log" common
    JkMountCopy On
    JkMount /* ajp13
</VirtualHost>


<VirtualHost *:80>
    DocumentRoot "/Library/ApacheTomcat/apache-tomcat-6.0.33/webapps/MyTomcatAppName"
    ServerName mydomain.com
    ErrorLog "/private/var/log/apache2/mydomain.com-error_log"
    CustomLog "/private/var/log/apache2/mydomaino.com-access_log" common
    JkMountCopy On
    JkMount /* ajp13
</VirtualHost>

Then this is my Worker.properties file:

worker.list=ajp13

worker.ajp13.type=ajp13
worker.ajp13.host=localhost
worker.ajp13.port=8009

This is my server.xml:

    <Host name="localhost"  appBase="/Library/ApacheTomcat/apache-tomcat-6.0.33/webapps"
        unpackWARs="true" autoDeploy="true"
        xmlValidation="false" xmlNamespaceAware="false">
      <Context path="" docBase="/Library/ApacheTomcat/apache-tomcat-6.0.33/webapps/MyTomcatAppName" />

With this configuration I correctly surf MyTomcatAppName when I visit http:// www.mydomain.com or http:// domain.com... My issue now is to visit the same website using an https connection, so https:// www.mydomain.com or https:// domain.com. I also have a GoDaddy certificate installed on my Mac Mini Server (Lion osx), so if I type https:// www.mydomain.com (or https:// domain.com) the browser correctly inform me about the presence of a certificate for "mydomain.com", but it also says:

Forbidden

You don't have permission to access / on this server.
Apache/2.2.20 (Unix) mod_ssl/2.2.20 OpenSSL/0.9.8r DAV/2 mod_jk/1.2.30 Server at mydomain.com Port 443

I'm sure this is because I missed something in Virtual Host tag.... So how can I fix it?

Codi answered 6/12, 2011 at 15:47 Comment(0)
C
7

I found the solution, so my Apache and Tomcat work fine... I' going to summarize the steps to solve the problem:

Considering, you have mydomain certificate (signed by GoDaddy) correctly installed and stored within Apple KeyChain of my Mac Server.

  1. Open KeyChain App (with root), expand mydomain certificate label, so you see the private key too.
  2. Save both with p12 extension, then generate .pem file from .p12

  3. Private Key:

    umask 0077
  openssl pkcs12 -in pkfilename.p12 -nocerts -nodes -out filename-key.pem
umask 0022

  4. Certificate:

    openssl pkcs12 -in certfilename.p12 -clcerts -nokeys -out filename-cert.pem

  5. Copy filename-key.pem and filename-cert.pem within /etc/apache2/ directory

  6. Considering you have the same httpd.conf configuration showed above, you just need to add 2 more VirtualHost for 443 (https port) connection.

  7. Anyway, add 1 VirtualHost for each ServerName you wish to secure, for instance I just want to secure mydomain.com incoming connection:

    <VirtualHost _default_:443>
    DocumentRoot "/Library/ApacheTomcat/apache-tomcat-6.0.33/webapps/MyServerAppName"
    ServerName mydomain.com
    ErrorLog "/private/var/log/apache2/https_mydomain.com-error_log"
    CustomLog "/private/var/log/apache2/https_mydomain.com-access_log" common
    SSLEngine On
    SSLCertificateFile /etc/apache2/filename-cert.pem
    SSLCertificateKeyFile /etc/apache2/filename-key.pem
    JkMountCopy On
    JkMount /* ajp13
</VirtualHost>

  8. Add Listen 443 in httpd.conf file, just add this line under Listen 80 you find at beginning of it.

You now can surf both http:// mydomain.com and https:// mydomain.com. In case of error you can read the log files within /var/log/apache2/.

Special thanks to Bruno user, how help me on creating privatekey and certificate file (step 3 and 4).

I hope this guideline can help you configuring Apache and Tomcat on mod_jk for Secure SSL connections.

Codi answered 7/12, 2011 at 7:52 Comment(0)
H
2

You've configured mod_jk in your virtual hosts for plain HTTP requests (VirtualHost *:80). You need to configure these Jk* options in the HTTPS virtual hosts too (VirtualHost *:443), where you have configured your SSL settings.

Hoicks answered 6/12, 2011 at 17:1 Comment(3)
If, when you go to https://www.mydomain.com/, you get an HTTP response (forbidden), HTTPS is already working, so you must somehow have configured the SSL* options somewhere. Try to set the virtual host where they are (or create one with VirtualHost *:443 if it doesn't already exist) and put the Jk* options there.Hoicks
I forgot to add Certificate and Private Key within VirtualHost, you help me creating them on other post, so now I've summarized the steps in my Answer... Thank you so much...Codi
I am also facing the same problem, after this setting too, it was not solved. I have added my question as #21309428Retinitis

© 2022 - 2024 — McMap. All rights reserved.