1

I am trying to front my tomcat installation with Apache 2 webserver. The idea is to let apache handle the SSL/https part and then forward the normal request to the tomcat on same machine running on port 8080.

As mentioned here, I am using the following configuration :

<VirtualHost *:*> ProxyPreserveHost On ProxyPass / http://127.0.0.1:8080/ ProxyPassReverse / http://127.0.0.1:8080/ ServerName my-server-name.com </VirtualHost> Listen 443 NameVirtualHost *:443 <VirtualHost *:443> SSLEngine On SSLCertificateFile /etc/letsencrypt/archive/my-server-name.com/cert-file SSLCertificateKeyFile /etc/letsencrypt/archive/my-server-name.com/key-file SSLCertificateChainFile /etc/letsencrypt/archive/my-server-name.com/chain-file ProxyPass / http://127.0.0.1:8080/ ProxyPassReverse / http://127.0.0.1:8080/ </VirtualHost>

The above configuration is resulting in :

  1. Visiting http://my-server-name.com is opening the tomcat landing page
  2. Visiting https://my-server-name.com is opening the apache landing page

But what I expect is to always redirect to https://my-server-name.com which should open the tomcat landing page (which will evantually be replaced by my application deployed on the ROOT)

Can someone please guide me or any pointer to a step by step guide to front tomcat with apache for https to http handling

Improve this question
2
  • Aren't there any other VirtualHosts listening on port 443? Commented Apr 2, 2017 at 13:33
  • @Lacek: no, just the ones I mentioned above Commented Apr 2, 2017 at 13:34

2 Answers 2

Reset to default
1

The first vhost isn't needed as it seems and the NameVirtualHost directive can also be dropped, resulting in:

Listen 80 Listen 443 <VirtualHost *:80> RewriteEngine On RewriteCond %{HTTP_HOST} ^(.*)$ RewriteRule ^(.*)$ https://%1$1 [R=Permanent,L,QSA] </VirtualHost> <VirtualHost *:443> SSLEngine On SSLCertificateFile /etc/letsencrypt/archive/my-server-name.com/cert-file SSLCertificateKeyFile /etc/letsencrypt/archive/my-server-name.com/key-file SSLCertificateChainFile /etc/letsencrypt/archive/my-server-name.com/chain-file ProxyPreserveHost On ProxyPass / http://127.0.0.1:8080/ ProxyPassReverse / http://127.0.0.1:8080/ </VirtualHost>
Improve this answer
7
  • This didn't work and the result is : 1. http://my-server-name.com mapped to apache webserver and not the tomcat 2. https://my-server-name.com mapped to apache webserver and not the tomcat Commented Apr 4, 2017 at 15:12
  • But the Apache doesn't listen on 8080 and Tomcat does? - edited my answer to force HTTPS on HTTP-requests Commented Apr 4, 2017 at 15:23
  • And you should have Apache modules proxy, proxy_http and rewrite activated... Commented Apr 4, 2017 at 15:28
  • I've the modeules activated. Also, the above mentioned updated changes just made http to be https; but the request is still not being transferred to tomcat. I can see the apache2 welcome page and not tomcat Commented Apr 4, 2017 at 16:09
  • But the Apache doesn't listen on 8080 and Tomcat does? It seems like Apache still 'wins' the fight for port 8080...Myb turn up the errorlog to see more of what is happening LogLevel debug rewrite:trace2 should show you more than enough info, provide the relevant (if you can distinguish it^^) as an update of your post, if necessary clean up IPs and servernames... Commented Apr 4, 2017 at 16:13
0

On my server I have this configuration for your question:

Listen 80 Listen 443 <VirtualHost *:80> ErrorLog /var/log/apache2/myserver.error.log CustomLog /var/log/apache2/myserver.log combined #settings for AJP to tomcat ProxyPass / ajp://localhost:8009/ ProxyPassReverse / ajp://localhost:8009/ </VirtualHost> <VirtualHost *:443> ErrorLog /var/log/apache2/myserver.error.log CustomLog /var/log/apache2/myserver.log combined <Proxy *> AddDefaultCharset Off Order deny,allow Allow from all </Proxy> SSLEngine on SSLCertificateKeyFile /etc/letsencrypt/live/myserver.com/privkey.pem SSLCertificateFile /etc/letsencrypt/live/myserver.com/cert.pem #settings for AJP to tomcat ProxyPass / ajp://localhost:8009/ ProxyPassReverse / ajp://localhost:8009/ </VirtualHost>

I forward via AJP 8009, this is usually activated in tomcat. In apache the mod_proxy_ajp has to be enabled. But the configuration would work with http too. Difference from my config to your's: I don't have 

<VirtualHost *:*>

and 

NameVirtualHost *:443
Improve this answer
2
  • This again didn't work and resulted in the similar behavior as earlier Commented Apr 5, 2017 at 16:42
  • what's logged, if you add the ErrorLog and CustomLog like in my example? On what OS are you running that? <br> Today I tested a similar installation on Debian, I had to disable the default site of apache a2dissite 000-default Commented Apr 5, 2017 at 17:08

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.