This content has been marked as final.
Show 2 replies
-
1. Re: SSL configuration
erik777 Apr 15, 2004 10:14 AM (in response to pagomen)There are two ways you can do this. One is through Apache HTTPD, and another is directly in Tomcat. I use the former.
To use Apache as your HTTPD, you use Tomcat's JK to forward requests from Apache to Tomcat.
http://johnturner.com/howto/apache-tomcat-howto.html
Then you setup Apache to use SSL:
http://httpd.apache.org/docs-2.0/ssl/
I found the FAQ to be the most useful, giving step-by-step instructions for creating and deploying a certificate. I had to Google search to create the sign.sh.
Then you simply define a virtual host that both enables SSL and defines your JK forwarding request. Here is an example:<VirtualHost 192.168.1.56:443> ServerName secure-webserver.com ServerAlias *.webserver.com DocumentRoot "/usr/local/www/data" ErrorLog /var/log/httpd-secure-error.log TransferLog /var/log/httpd-secure-access.log SSLEngine on SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL SSLCertificateFile /usr/local/etc/apache/ssl.crt/sitessl.crt SSLCertificateKeyFile /usr/local/etc/apache/ssl.key/sitessl.key #################### osnet:/ #################### # # Static files # Alias /moredocs "/usr/local/www/moredocs" <Directory "/usr/local/www/osnet"> Options Indexes FollowSymLinks DirectoryIndex index.jsp index.html index.htm </Directory> # Forwards ALL requests to Tomcat JkMount /* ajp13 # Optional limitted forwarding examples: # JkMount /*.jsp ajp13 # JkMount /servlet/* ajp13 </VirtualHost>
Keep in mind that named virtual hosting doesn't work with SSL as it can't read the header in the HTML. Thus, the ServerAlias is kinda useless. You can, however, use IP or port based virtual hosting, which, of course, can be mapped to subdomains. Otherwise, when using SSL, it will grab the first virtual hosting entry you have for a given IP/port. -