All geek questions in one place

Configure Apache SSL and then redirect Tomcat with mod_jk

I am trying to configure a home server to accept an SSL connection on port 443.

I have a domain www.mydomain.com, I just linked Apache2 and Tomcat using mod_jk, now I want to accept also an https request from the Internet.

This is my configuration:

httpd.conf

<IfModule mod_jk.c> JKWorkersFile /etc/apache2/workers.properties JkShmFile /var/log/apache2/mod_jk.shm JKLogFile /var/log/apache2/mod_jk.log JkLogLevel debug JkLogStampFormat "[%a %b %d %H:%M:%S %Y] " </IfModule> <VirtualHost *:80> DocumentRoot "/Library/ApacheTomcat/apache-tomcat-6.0.33/webapps/MyTomcatAppName" ServerName www.mydomain.com ErrorLog "/private/var/log/apache2/www.mydomain.com-error_log" CustomLog "/private/var/log/apache2/www.mydomain.com-access_log" common JkMountCopy On JkMount /* ajp13 </VirtualHost> <VirtualHost *:80> DocumentRoot "/Library/ApacheTomcat/apache-tomcat-6.0.33/webapps/MyTomcatAppName" ServerName mydomain.com ErrorLog "/private/var/log/apache2/mydomain.com-error_log" CustomLog "/private/var/log/apache2/mydomaino.com-access_log" common JkMountCopy On JkMount /* ajp13 </VirtualHost>

Then this is my Worker.properties file:

 worker.list=ajp13 worker.ajp13.type=ajp13 worker.ajp13.host=localhost worker.ajp13.port=8009

This is my server.xml:

  <Host name="localhost" appBase="/Library/ApacheTomcat/apache-tomcat-6.0.33/webapps" unpackWARs="true" autoDeploy="true" xmlValidation="false" xmlNamespaceAware="false"> <Context path="" docBase="/Library/ApacheTomcat/apache-tomcat-6.0.33/webapps/MyTomcatAppName" />

With this configuration, I view MyTomcatAppName correctly when I visit http://www.mydomain.com or http: //domain.com ... My problem now is to visit the same site using an https connection, so https: // www.mydomain.com or https://domain.com. I also have a GoDaddy certificate installed on my Mac Mini Server (Lion osx), so if I find https://www.mydomain.com (or https://domain.com), the browser correctly informs me of the certificate for "mydomain.com", but it also says:

 Forbidden You don't have permission to access / on this server. Apache/2.2.20 (Unix) mod_ssl/2.2.20 OpenSSL/0.9.8r DAV/2 mod_jk/1.2.30 Server at mydomain.com Port 443

I'm sure this is because I missed something in the Virtual Host tag .... So how can I fix this?

+4
source share
2 answers

I found a solution, so my Apache and Tomcat are working fine ... I am going to summarize the steps to solve the problem:

Given that you have a mydomain certificate (signed by GoDaddy) that is correctly installed and stored in the Apple KeyChain of my Mac server.

  • Open the KeyChain application (using root), expand the mydomain certificate shortcut so that you also see the private key.
  • Save both with the extension p12, then generate the .pem file from .p12

  • Private Key:

     umask 0077 openssl pkcs12 -in pkfilename.p12 -nocerts -nodes -out filename-key.pem umask 0022

  • Certificate:

     openssl pkcs12 -in certfilename.p12 -clcerts -nokeys -out filename-cert.pem

  • Copy filename-key.pem and filename-cert.pem to the / etc / apache 2 / directory

  • Given that you have the same httpd.conf configuration as shown above, you just need to add 2 more VirtualHost to connect 443 (https port).

  • In any case, add 1 VirtualHost for each server name you want to protect, for example, I just want to protect the incoming connection mydomain.com:

     <VirtualHost _default_:443> DocumentRoot "/Library/ApacheTomcat/apache-tomcat-6.0.33/webapps/MyServerAppName" ServerName mydomain.com ErrorLog "/private/var/log/apache2/https_mydomain.com-error_log" CustomLog "/private/var/log/apache2/https_mydomain.com-access_log" common SSLEngine On SSLCertificateFile /etc/apache2/filename-cert.pem SSLCertificateKeyFile /etc/apache2/filename-key.pem JkMountCopy On JkMount /* ajp13 </VirtualHost>

  • Add Listen 443 to the httpd.conf file, just add this line under Listen 80 , which you'll find at the beginning.

Now you can view both http://mydomain.com and https://mydomain.com. In case of an error, you can read the log files in /var/log/apache2/ .

Special thanks to Bruno for helping me create the private key and certificate file (steps 3 and 4).

Hope this guide helps you configure Apache and Tomcat on mod_jk for SSL connections.

+7
source

You have configured mod_jk on your virtual hosts for simple HTTP requests ( VirtualHost *:80 ). You also need to configure these Jk* settings on the HTTPS virtual hosts ( VirtualHost *:443 ), where you configured your SSL settings.

+3
source

Source: https://habr.com/ru/post/1384939/

More articles:


All Articles