CODEWITHSUNDEEP
tomcatmod-proxymod-jksap-commerce-cloud
rakiarchana
rakiarchana

Reputation: 5

Configure mod_proxy apache https server with tomcat 7 https server

I am new to web server configurations, here is the scenario, we have a hybris tomcat server which is running on 9002 for https and 9001 for http. I need to configure apache web server with mod_proxy server which will open https and http through 80 port. I tried to configure mod_proxy for tomcat https and http site, but the site worked in http only. customer only allowed 80 port, Can anyone help me about scenario.




LoadModule headers_module modules/mod_headers.so
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_balancer_module modules/mod_proxy_balancer.so
LoadModule proxy_connect_module modules/mod_proxy_connect.so
LoadModule proxy_http_module modules/mod_proxy_http.so
LoadModule ssl_module  modules/mod_ssl.so

<VirtualHost *:80>
DocumentRoot /var/www/html
ProxyPreserveHost On
ProxyPass / http://tomcatserver.ip:9001/
ProxyPassReverse /  http://tomcatserver.ip:9001/
</VirtualHost>

<VirtualHost *:443>
DocumentRoot /var/www/html
ProxyPreserveHost On
ServerName webserver.ip
SSLEngine on
SSLProxyEngine On
ProxyPass / https://tomcatserver.ip:9002/
ProxyPassReverse /  https://tomcatserver.ip:9002

SSLCertificateFile /etc/ssl/certs/webserverdomain.crt
SSLCertificateKeyFile  /etc/ssl/certs/webserverdomain.key

</VirtualHost>







server.xml configuration


  <Connector port="${tomcat.http.port}"
                maxHttpHeaderSize="8192"
           maxThreads="${tomcat.maxthreads}"
           protocol="org.apache.coyote.http11.Http11Protocol"
           executor="hybrisExecutor"
           enableLookups="false"
           acceptCount="100"
           connectionTimeout="20000"
           URIEncoding="UTF-8"
           disableUploadTimeout="true"
           proxyName="webserverdomainname" proxyPort="80" /> />

<Connector port="${tomcat.ssl.port}"
                maxHttpHeaderSize="8192"
           maxThreads="150"
           protocol="org.apache.coyote.http11.Http11Protocol"
           executor="hybrisExecutor"
           enableLookups="false"
           acceptCount="${tomcat.acceptcount}"
           connectionTimeout="20000"
           disableUploadTimeout="true"
           URIEncoding="UTF-8"
           SSLEnabled="true"
           proxyName="webserverdomainname" 
           proxyPort="443"                  
                scheme="https"
                secure="true"
                clientAuth="false"
            sslProtocol = "TLS"
            keystoreFile="${catalina.home}/lib/keystore"
            keystorePass="123456"

here is the tomcat server.xml file Thank you @christopher @Benoit

Upvotes: 0

Views: 1843

Answers (1)

Benoit Vanalderweireldt
Benoit Vanalderweireldt

Reputation: 2989

What is happening here is that SSLProxyEngine is detecting a non valid ssl certificate, so you need to explicitly tell him not to check anything !

This configuration is fine for development but not for production, in production you should unload the ssl certificate and send all traffic to http with a flag like 'RequestHeader set X-Forwarded-Proto "https"' and add a valve into Tomcat configuration

Change your Apache configuration for this :

<VirtualHost *:443>
DocumentRoot /var/www/html
ProxyPreserveHost On
ServerName webserver.ip
SSLEngine on
SSLProxyEngine On
SSLProxyVerify none
SSLProxyCheckPeerCN off
SSLProxyCheckPeerName off
SSLProxyCheckPeerExpire off
ProxyPass / https://tomcatserver.ip:9002/
ProxyPassReverse /  https://tomcatserver.ip:9002

SSLCertificateFile /etc/ssl/certs/webserverdomain.crt
SSLCertificateKeyFile  /etc/ssl/certs/webserverdomain.key    
</VirtualHost>

Upvotes: 1

Related Questions