问题
I'm trying to configure my home server to accept SSL Connection on port 443.
I've www.mydomain.com domain, I've just linked Apache2 and Tomcat, using mod_jk, now I wish to accept also https request from the web.
This is my configuration:
httpd.conf
<IfModule mod_jk.c>
JKWorkersFile /etc/apache2/workers.properties
JkShmFile /var/log/apache2/mod_jk.shm
JKLogFile /var/log/apache2/mod_jk.log
JkLogLevel debug
JkLogStampFormat "[%a %b %d %H:%M:%S %Y] "
</IfModule>
<VirtualHost *:80>
DocumentRoot "/Library/ApacheTomcat/apache-tomcat-6.0.33/webapps/MyTomcatAppName"
ServerName www.mydomain.com
ErrorLog "/private/var/log/apache2/www.mydomain.com-error_log"
CustomLog "/private/var/log/apache2/www.mydomain.com-access_log" common
JkMountCopy On
JkMount /* ajp13
</VirtualHost>
<VirtualHost *:80>
DocumentRoot "/Library/ApacheTomcat/apache-tomcat-6.0.33/webapps/MyTomcatAppName"
ServerName mydomain.com
ErrorLog "/private/var/log/apache2/mydomain.com-error_log"
CustomLog "/private/var/log/apache2/mydomaino.com-access_log" common
JkMountCopy On
JkMount /* ajp13
</VirtualHost>
Then this is my Worker.properties file:
worker.list=ajp13
worker.ajp13.type=ajp13
worker.ajp13.host=localhost
worker.ajp13.port=8009
This is my server.xml:
<Host name="localhost" appBase="/Library/ApacheTomcat/apache-tomcat-6.0.33/webapps"
unpackWARs="true" autoDeploy="true"
xmlValidation="false" xmlNamespaceAware="false">
<Context path="" docBase="/Library/ApacheTomcat/apache-tomcat-6.0.33/webapps/MyTomcatAppName" />
With this configuration I correctly surf MyTomcatAppName when I visit http:// www.mydomain.com or http:// domain.com... My issue now is to visit the same website using an https connection, so https:// www.mydomain.com or https:// domain.com. I also have a GoDaddy certificate installed on my Mac Mini Server (Lion osx), so if I type https:// www.mydomain.com (or https:// domain.com) the browser correctly inform me about the presence of a certificate for "mydomain.com", but it also says:
Forbidden
You don't have permission to access / on this server.
Apache/2.2.20 (Unix) mod_ssl/2.2.20 OpenSSL/0.9.8r DAV/2 mod_jk/1.2.30 Server at mydomain.com Port 443
I'm sure this is because I missed something in Virtual Host tag.... So how can I fix it?
回答1:
I found the solution, so my Apache and Tomcat work fine... I' going to summarize the steps to solve the problem:
Considering, you have mydomain certificate (signed by GoDaddy) correctly installed and stored within Apple KeyChain of my Mac Server.
- Open KeyChain App (with root), expand mydomain certificate label, so you see the private key too.
- Save both with p12 extension, then generate .pem file from .p12
Private Key:
umask 0077 openssl pkcs12 -in pkfilename.p12 -nocerts -nodes -out filename-key.pem umask 0022
Certificate:
openssl pkcs12 -in certfilename.p12 -clcerts -nokeys -out filename-cert.pem
Copy filename-key.pem and filename-cert.pem within /etc/apache2/ directory
- Considering you have the same httpd.conf configuration showed above, you just need to add 2 more
VirtualHost
for 443 (https port) connection. Anyway, add 1 VirtualHost for each ServerName you wish to secure, for instance I just want to secure mydomain.com incoming connection:
<VirtualHost _default_:443> DocumentRoot "/Library/ApacheTomcat/apache-tomcat-6.0.33/webapps/MyServerAppName" ServerName mydomain.com ErrorLog "/private/var/log/apache2/https_mydomain.com-error_log" CustomLog "/private/var/log/apache2/https_mydomain.com-access_log" common SSLEngine On SSLCertificateFile /etc/apache2/filename-cert.pem SSLCertificateKeyFile /etc/apache2/filename-key.pem JkMountCopy On JkMount /* ajp13 </VirtualHost>
Add
Listen 443
in httpd.conf file, just add this line underListen 80
you find at beginning of it.
You now can surf both http:// mydomain.com and https:// mydomain.com.
In case of error you can read the log files within /var/log/apache2/
.
Special thanks to Bruno user, how help me on creating privatekey and certificate file (step 3 and 4).
I hope this guideline can help you configuring Apache and Tomcat on mod_jk for Secure SSL connections.
回答2:
You've configured mod_jk in your virtual hosts for plain HTTP requests (VirtualHost *:80
). You need to configure these Jk*
options in the HTTPS virtual hosts too (VirtualHost *:443
), where you have configured your SSL settings.
来源:https://stackoverflow.com/questions/8402689/configure-apache-ssl-and-then-redirect-to-tomcat-with-mod-jk