Configure Apache SSL and then redirect to Tomcat with mod_jk

问题

I'm trying to configure my home server to accept SSL Connection on port 443.

I've www.mydomain.com domain, I've just linked Apache2 and Tomcat, using mod_jk, now I wish to accept also https request from the web.

This is my configuration:

httpd.conf

<IfModule mod_jk.c>
    JKWorkersFile /etc/apache2/workers.properties
    JkShmFile /var/log/apache2/mod_jk.shm
    JKLogFile /var/log/apache2/mod_jk.log
    JkLogLevel debug
    JkLogStampFormat "[%a %b %d %H:%M:%S %Y] "
</IfModule>


<VirtualHost *:80>
    DocumentRoot "/Library/ApacheTomcat/apache-tomcat-6.0.33/webapps/MyTomcatAppName"
    ServerName www.mydomain.com
    ErrorLog "/private/var/log/apache2/www.mydomain.com-error_log"
    CustomLog "/private/var/log/apache2/www.mydomain.com-access_log" common
    JkMountCopy On
    JkMount /* ajp13
</VirtualHost>


<VirtualHost *:80>
    DocumentRoot "/Library/ApacheTomcat/apache-tomcat-6.0.33/webapps/MyTomcatAppName"
    ServerName mydomain.com
    ErrorLog "/private/var/log/apache2/mydomain.com-error_log"
    CustomLog "/private/var/log/apache2/mydomaino.com-access_log" common
    JkMountCopy On
    JkMount /* ajp13
</VirtualHost>

Then this is my Worker.properties file:

worker.list=ajp13

worker.ajp13.type=ajp13
worker.ajp13.host=localhost
worker.ajp13.port=8009

This is my server.xml:

    <Host name="localhost"  appBase="/Library/ApacheTomcat/apache-tomcat-6.0.33/webapps"
        unpackWARs="true" autoDeploy="true"
        xmlValidation="false" xmlNamespaceAware="false">
      <Context path="" docBase="/Library/ApacheTomcat/apache-tomcat-6.0.33/webapps/MyTomcatAppName" />

With this configuration I correctly surf MyTomcatAppName when I visit http:// www.mydomain.com or http:// domain.com... My issue now is to visit the same website using an https connection, so https:// www.mydomain.com or https:// domain.com. I also have a GoDaddy certificate installed on my Mac Mini Server (Lion osx), so if I type https:// www.mydomain.com (or https:// domain.com) the browser correctly inform me about the presence of a certificate for "mydomain.com", but it also says:

Forbidden

You don't have permission to access / on this server.
Apache/2.2.20 (Unix) mod_ssl/2.2.20 OpenSSL/0.9.8r DAV/2 mod_jk/1.2.30 Server at mydomain.com Port 443

I'm sure this is because I missed something in Virtual Host tag.... So how can I fix it?

回答1:

I found the solution, so my Apache and Tomcat work fine... I' going to summarize the steps to solve the problem:

Considering, you have mydomain certificate (signed by GoDaddy) correctly installed and stored within Apple KeyChain of my Mac Server.

1. Open KeyChain App (with root), expand mydomain certificate label, so you see the private key too.
2. Save both with p12 extension, then generate .pem file from .p12

3. Private Key:

   umask 0077
     openssl pkcs12 -in pkfilename.p12 -nocerts -nodes -out filename-key.pem
   umask 0022
   

4. Certificate:

   openssl pkcs12 -in certfilename.p12 -clcerts -nokeys -out filename-cert.pem
   

5. Copy filename-key.pem and filename-cert.pem within /etc/apache2/ directory

6. Considering you have the same httpd.conf configuration showed above, you just need to add 2 more VirtualHost for 443 (https port) connection.

7. Anyway, add 1 VirtualHost for each ServerName you wish to secure, for instance I just want to secure mydomain.com incoming connection:

   <VirtualHost _default_:443>
       DocumentRoot "/Library/ApacheTomcat/apache-tomcat-6.0.33/webapps/MyServerAppName"
       ServerName mydomain.com
       ErrorLog "/private/var/log/apache2/https_mydomain.com-error_log"
       CustomLog "/private/var/log/apache2/https_mydomain.com-access_log" common
       SSLEngine On
       SSLCertificateFile /etc/apache2/filename-cert.pem
       SSLCertificateKeyFile /etc/apache2/filename-key.pem
       JkMountCopy On
       JkMount /* ajp13
   </VirtualHost>
   

8. Add Listen 443 in httpd.conf file, just add this line under Listen 80 you find at beginning of it.

You now can surf both http:// mydomain.com and https:// mydomain.com. In case of error you can read the log files within /var/log/apache2/.

Special thanks to Bruno user, how help me on creating privatekey and certificate file (step 3 and 4).

I hope this guideline can help you configuring Apache and Tomcat on mod_jk for Secure SSL connections.

回答2:

You've configured mod_jk in your virtual hosts for plain HTTP requests (VirtualHost *:80). You need to configure these Jk* options in the HTTPS virtual hosts too (VirtualHost *:443), where you have configured your SSL settings.

来源：https://stackoverflow.com/questions/8402689/configure-apache-ssl-and-then-redirect-to-tomcat-with-mod-jk