0

i have apache 2.2.3 and jboss 5.1 installed in my server, in apache i have 2 apps in php+mysql and in jboss i have in the root app (/) liferay portal. i used mod_proxy to reach the jboss app :

<VirtualHost server_ip:80> ServerName intranet.mycompany.com ProxyPreserveHost On ProxyPass / balancer://jbosscluster/ ProxyPassReverse / http://server_ip:8080 </VirtualHost>

but now i have to enable https only in intranet.mycompany.com, and i dont know where configure the ssl, in apache, jboss, both. i tried in jboss in the server.xml, generating a selfsigned certificate with keytool, but apache doesnt forward to https://server_ip:8443

i will appreciate your help.

Improve this question

2 Answers 2

Reset to default
1

If everything is on the same server, all you need to do is set up SSL in Apache - you make sure mod_ssl is installed and pretty much use the default config style to make it run. The Apache <=> JBoss communication will happen internally on the same server as usual and be unencrypted.

Given a standard linux (CentOS, e.g.) box with the mod_ssl package installed:

# SSL Basics LoadModule ssl_module modules/mod_ssl.so Listen 443 NameVirtualHost *:443 AddType application/x-x509-ca-cert .crt AddType application/x-pkcs7-crl .crl SSLPassPhraseDialog builtin SSLSessionCache shmcb:/var/cache/mod_ssl/scache(512000) SSLSessionCacheTimeout 300 SSLMutex default SSLRandomSeed startup file:/dev/urandom 256 SSLRandomSeed connect builtin SSLCryptoDevice builtin <VirtualHost _default_:443> ...config stuff... ServerName intranet.mycompany.com ProxyPreserveHost On ProxyPass / balancer://jbosscluster/ ProxyPassReverse / http://127.0.0.1:8080 SSLEngine on SSLProtocol all -SSLv2 SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW SSLCertificateFile /path/to/server.pem SSLCertificateKeyFile /path/to/server.pem <Files ~ "\.(cgi|shtml|phtml|php3?)$"> SSLOptions +StdEnvVars </Files> SetEnvIf User-Agent ".*MSIE.*" \ nokeepalive ssl-unclean-shutdown \ downgrade-1.0 force-response-1.0 CustomLog logs/ssl_request_log \ "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" ...more config stuff... </VirtualHost>

The file server.pem contains both the unencrypted server key and the server cert returned from the upstream authority.

/usr/bin/openssl genrsa -des3 1024 > server.key.encrypted /usr/bin/openssl rsa -in server.key.encrypted -out server.key /usr/bin/openssl req -new -key server.key -out server.csr cat server.key > server.pem cat server.crt >> server.pem

That's the basic idea -- server.crt is the file given back to you from Thawte, etc. after you gave them the server.csr file (and money).

Improve this answer
2
  • thanks for the answer. i will try to configure ssl in apache then. Commented Jan 29, 2010 at 1:14
  • hi, i configured ssl in apache, and there is no messages in the ssl erro log, but the explorer never gets the page, 'an error ocurred: the connection to te server was reseted while the page was loaded.' so what colud be the problem Commented Jan 29, 2010 at 16:27
0

troyengel's answer will give you the HTTPS access through your Apache configuration but if I understood your question correctly you need intranet.mycompany.com to be accessible via HTTPS only and not by HTTP?

If that's the case I would modify your existing VirtualHost declaration to be something along the lines of:

<VirtualHost server_ip:80> ServerName intranet.mycompany.com RewriteEngine On RewriteCond %{HTTPS} !=on RewriteRule ^.*$ https://%{SERVER_NAME}%{REQUEST_URI} [L,R] </VirtualHost>

This is in addition to troyengel's SSL VirtualHost configuration. This should then redirect anything going to http://intranet.mycompany.com -> https://intranet.mycompany.com automatically keeping the requested URI.

Improve this answer
0

You must log in to answer this question.