配置Apache SSL,然后重定向到Tomcat的mod_jk [英] Configure Apache SSL and then redirect to Tomcat with mod_jk

查看:1159
本文介绍了配置Apache SSL,然后重定向到Tomcat的mod_jk的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我想配置我的家庭服务器接受端口443上的SSL连接。

I'm trying to configure my home server to accept SSL Connection on port 443.

我www.mydomain.com域,我刚刚联系的Apache2和Tomcat,使用mod_jk的,现在我还要接受HTTPS从Web请求。

I've www.mydomain.com domain, I've just linked Apache2 and Tomcat, using mod_jk, now I wish to accept also https request from the web.

这是我的配置:

的httpd.conf

httpd.conf

<IfModule mod_jk.c>
    JKWorkersFile /etc/apache2/workers.properties
    JkShmFile /var/log/apache2/mod_jk.shm
    JKLogFile /var/log/apache2/mod_jk.log
    JkLogLevel debug
    JkLogStampFormat "[%a %b %d %H:%M:%S %Y] "
</IfModule>


<VirtualHost *:80>
    DocumentRoot "/Library/ApacheTomcat/apache-tomcat-6.0.33/webapps/MyTomcatAppName"
    ServerName www.mydomain.com
    ErrorLog "/private/var/log/apache2/www.mydomain.com-error_log"
    CustomLog "/private/var/log/apache2/www.mydomain.com-access_log" common
    JkMountCopy On
    JkMount /* ajp13
</VirtualHost>


<VirtualHost *:80>
    DocumentRoot "/Library/ApacheTomcat/apache-tomcat-6.0.33/webapps/MyTomcatAppName"
    ServerName mydomain.com
    ErrorLog "/private/var/log/apache2/mydomain.com-error_log"
    CustomLog "/private/var/log/apache2/mydomaino.com-access_log" common
    JkMountCopy On
    JkMount /* ajp13
</VirtualHost>

然后,这是我的Worker.properties文件:

Then this is my Worker.properties file:

worker.list=ajp13

worker.ajp13.type=ajp13
worker.ajp13.host=localhost
worker.ajp13.port=8009

这是我的server.xml:

This is my server.xml:

    <Host name="localhost"  appBase="/Library/ApacheTomcat/apache-tomcat-6.0.33/webapps"
        unpackWARs="true" autoDeploy="true"
        xmlValidation="false" xmlNamespaceAware="false">
      <Context path="" docBase="/Library/ApacheTomcat/apache-tomcat-6.0.33/webapps/MyTomcatAppName" />

使用这个配置我正确上网MyTomcatAppName当我访问http:// www.mydomain.com或http:// domain.com ...
我现在的问题是使用HTTPS连接访问相同的网站,这样https://开头www.mydomain.com或https:// domain.com。
我也有安装在我的Mac Mini的服务器(狮子OSX)上GoDaddy的证书,所以如果我输入https:// www.mydomain.com(或https:// domain.com)浏览器中正确通知我关于$ P $为mydomain.com证书psence,但它也表示:

With this configuration I correctly surf MyTomcatAppName when I visit http:// www.mydomain.com or http:// domain.com... My issue now is to visit the same website using an https connection, so https:// www.mydomain.com or https:// domain.com. I also have a GoDaddy certificate installed on my Mac Mini Server (Lion osx), so if I type https:// www.mydomain.com (or https:// domain.com) the browser correctly inform me about the presence of a certificate for "mydomain.com", but it also says:

Forbidden

You don't have permission to access / on this server.
Apache/2.2.20 (Unix) mod_ssl/2.2.20 OpenSSL/0.9.8r DAV/2 mod_jk/1.2.30 Server at mydomain.com Port 443

我敢肯定,这是因为我错过了在虚拟主机标签的东西....所以,我怎么能解决这个问题?

I'm sure this is because I missed something in Virtual Host tag.... So how can I fix it?

推荐答案

我找到了解决办法,所以我的Apache和Tomcat做工精细...
我要总结的步骤来解决问题:

I found the solution, so my Apache and Tomcat work fine... I' going to summarize the steps to solve the problem:

考虑,你已经MYDOMAIN证书(由GoDaddy的签字)正确安装和储存的苹果钥匙串我的Mac服务器。

Considering, you have mydomain certificate (signed by GoDaddy) correctly installed and stored within Apple KeyChain of my Mac Server.


  1. 开启钥匙链应用程序(带根),展开MYDOMAIN证书标签,让你看到私有密钥了。

  2. 与P12的扩展名保存两者,然后从生成名为.p12 .pem文件

  3. 私有密钥:

  1. Open KeyChain App (with root), expand mydomain certificate label, so you see the private key too.
  2. Save both with p12 extension, then generate .pem file from .p12

  3. Private Key:

umask 0077
  openssl pkcs12 -in pkfilename.p12 -nocerts -nodes -out filename-key.pem
umask 0022


  • 证书:

  • Certificate:

    openssl pkcs12 -in certfilename.p12 -clcerts -nokeys -out filename-cert.pem


  • 复制文件名 - key.pem和/ etc / apache2的/目录中的文件名-cert.pem

  • Copy filename-key.pem and filename-cert.pem within /etc/apache2/ directory

    总之,您要确保每个服务器名称加1虚拟主机,比如我只想保护mydomain.com传入连接:

    Anyway, add 1 VirtualHost for each ServerName you wish to secure, for instance I just want to secure mydomain.com incoming connection:

    <VirtualHost _default_:443>
    DocumentRoot "/Library/ApacheTomcat/apache-tomcat-6.0.33/webapps/MyServerAppName"
    ServerName mydomain.com
    ErrorLog "/private/var/log/apache2/https_mydomain.com-error_log"
    CustomLog "/private/var/log/apache2/https_mydomain.com-access_log" common
    SSLEngine On
    SSLCertificateFile /etc/apache2/filename-cert.pem
    SSLCertificateKeyFile /etc/apache2/filename-key.pem
    JkMountCopy On
    JkMount /* ajp13
</VirtualHost>


  • 添加听443 在httpd.conf文件中,只要加入这一项目下的 80收听你发现在它开始。

  • Add Listen 443 in httpd.conf file, just add this line under Listen 80 you find at beginning of it.

    您现在可以上网冲浪都HTTP:// mydomain.com和https:// mydomain.com。
    在错误的情况下,你可以内读取日志文件 /无功/日志/的Apache2 /

    You now can surf both http:// mydomain.com and https:// mydomain.com. In case of error you can read the log files within /var/log/apache2/.

    特别感谢布鲁诺的用户,怎样帮助我创造privatekey和证书文件(步骤3和4)。

    Special thanks to Bruno user, how help me on creating privatekey and certificate file (step 3 and 4).

    我希望这个指南能帮助你的mod_jk安全的SSL连接配置Apache和Tomcat。

    I hope this guideline can help you configuring Apache and Tomcat on mod_jk for Secure SSL connections.

    这篇关于配置Apache SSL,然后重定向到Tomcat的mod_jk的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

    • 查看全文
    相关文章
    服务器开发最新文章
    热门教程
    热门工具
    登录 关闭
    扫码关注1秒登录
    发送“验证码”获取 | 15天全站免登陆