3 Replies Latest reply on Jul 12, 2006 10:41 AM by James Rhodes

    Apache mod_jk / JBoss SSL question

    James Rhodes Newbie

      I've seen this asked many times and I think I have an answer that works for my particular situation.
      Please tell me if I'm right or wrong as I need to get my app deployed by next week.
      I have a site that MUST be SSL enabled for all pages, including login. Instead of enabling SSL in JBoss, I'm using my site's existing cert that is used by Apache. I'm using mod_rewrite like this inside both virtual hosts:

      <VirtualHost blah.mysite.com:443>
      ServerAdmin webmaster@dummy-host.example.com
      DocumentRoot "D:/usr/dev/web/mypath"
      ServerName blah.mysite.com
      DirectoryIndex index.html
      ErrorLog logs/blah-error_log
      CustomLog logs/blah-access_log common
      SSLEngine on
      SSLCertificateFile "C:\Program Files\Apache Group\Apache2\ssl\mycert.cert"
      SSLCertificateKeyFile "C:\Program Files\Apache Group\Apache2\ssl\mykey.key"
      SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
      RewriteEngine on

      RewriteCond %{SERVER_PORT} !^443$
      RewriteRule ^/(.*)$ https://blah.mysite.com/$1 [L,R]




      <VirtualHost blah.mysite.com:80>
      ServerAdmin webmaster@dummy-host.example.com
      DocumentRoot "D:/usr/dev/web/mypath"
      ServerName blah.mysite.com
      DirectoryIndex index.html
      ErrorLog logs/blah-error_log
      CustomLog logs/blah-access_log common
      RewriteEngine on

      RewriteCond %{SERVER_PORT} !^443$
      RewriteRule ^/(.*)$ https://blah.mysite.com/$1 [L,R]


      So this says that any request to any of these virtual hosts that ISN'T on port 443 is then redirected using the https: scheme.

      Is this an exceptable way to require SSL when Jboss is used with Apache and mod_jk?

      Thanks for the help. The reason why I don't want to enable SSL in JBoss directly is complicated. I work in a big corp environment and they don't like making changes from regular certs to java keystores and the like.

      B