Configure Apache SSL and then redirect to Tomcat with mod

I'm trying to configure my home server to accept SSL Connection on port 443.

I've www.mydomain.com domain, I've just linked Apache2 and Tomcat, using mod_jk, now I wish to accept also https request from the web.

This is my configuration:

httpd.conf

<IfModule mod_jk.c>
    JKWorkersFile /etc/apache2/workers.properties
    JkShmFile /var/log/apache2/mod_jk.shm
    JKLogFile /var/log/apache2/mod_jk.log
    JkLogLevel debug
    JkLogStampFormat "[%a %b %d %H:%M:%S %Y] "
</IfModule>


<VirtualHost *:80>
    DocumentRoot "/Library/ApacheTomcat/apache-tomcat-6.0.33/webapps/MyTomcatAppName"
    ServerName www.mydomain.com
    ErrorLog "/private/var/log/apache2/www.mydomain.com-error_log"
    CustomLog "/private/var/log/apache2/www.mydomain.com-access_log" common
    JkMountCopy On
    JkMount /* ajp13
</VirtualHost>


<VirtualHost *:80>
    DocumentRoot "/Library/ApacheTomcat/apache-tomcat-6.0.33/webapps/MyTomcatAppName"
    ServerName mydomain.com
    ErrorLog "/private/var/log/apache2/mydomain.com-error_log"
    CustomLog "/private/var/log/apache2/mydomaino.com-access_log" common
    JkMountCopy On
    JkMount /* ajp13
</VirtualHost>

Then this is my Worker.properties file:

worker.list=ajp13

worker.ajp13.type=ajp13
worker.ajp13.host=localhost
worker.ajp13.port=8009

This is my server.xml:

    <Host name="localhost"  appBase="/Library/ApacheTomcat/apache-tomcat-6.0.33/webapps"
        unpackWARs="true" autoDeploy="true"
        xmlValidation="false" xmlNamespaceAware="false">
      <Context path="" docBase="/Library/ApacheTomcat/apache-tomcat-6.0.33/webapps/MyTomcatAppName" />

With this configuration I correctly surf MyTomcatAppName when I visit http:// www.mydomain.com or http:// domain.com... My issue now is to visit the same website using an https connection, so https:// www.mydomain.com or https:// domain.com. I also have a GoDaddy certificate installed on my Mac Mini Server (Lion osx), so if I type https:// www.mydomain.com (or https:// domain.com) the browser correctly inform me about the presence of a certificate for "mydomain.com", but it also says:

Forbidden

You don't have permission to access / on this server.
Apache/2.2.20 (Unix) mod_ssl/2.2.20 OpenSSL/0.9.8r DAV/2 mod_jk/1.2.30 Server at mydomain.com Port 443

I'm sure this is because I missed something in Virtual Host tag.... So how can I fix it?

I found the solution, so my Apache and Tomcat work fine... I' going to summarize the steps to solve the problem:

Considering, you have mydomain certificate (signed by GoDaddy) correctly installed and stored within Apple KeyChain of my Mac Server.

umask 0077
  openssl pkcs12 -in pkfilename.p12 -nocerts -nodes -out filename-key.pem
umask 0022

openssl pkcs12 -in certfilename.p12 -clcerts -nokeys -out filename-cert.pem

<VirtualHost _default_:443>
    DocumentRoot "/Library/ApacheTomcat/apache-tomcat-6.0.33/webapps/MyServerAppName"
    ServerName mydomain.com
    ErrorLog "/private/var/log/apache2/https_mydomain.com-error_log"
    CustomLog "/private/var/log/apache2/https_mydomain.com-access_log" common
    SSLEngine On
    SSLCertificateFile /etc/apache2/filename-cert.pem
    SSLCertificateKeyFile /etc/apache2/filename-key.pem
    JkMountCopy On
    JkMount /* ajp13
</VirtualHost>

You now can surf both http:// mydomain.com and https:// mydomain.com. In case of error you can read the log files within /var/log/apache2/ .

Special thanks to Bruno user, how help me on creating privatekey and certificate file (step 3 and 4).

I hope this guideline can help you configuring Apache and Tomcat on mod_jk for Secure SSL connections.

You've configured mod_jk in your virtual hosts for plain HTTP requests ( VirtualHost *:80 ). You need to configure these Jk* options in the HTTPS virtual hosts too ( VirtualHost *:443 ), where you have configured your SSL settings.

上一篇: Tomcat将用户重定向到域外

下一篇: 配置Apache SSL，然后使用mod重定向到Tomcat