配置Apache SSL,然后重定向到Tomcat的mod_jk [英] Configure Apache SSL and then redirect to Tomcat with mod_jk
问题描述
我想配置我的家庭服务器接受端口443上的SSL连接。
I'm trying to configure my home server to accept SSL Connection on port 443.
我www.mydomain.com域,我刚刚联系的Apache2和Tomcat,使用mod_jk的,现在我还要接受HTTPS从Web请求。
I've www.mydomain.com domain, I've just linked Apache2 and Tomcat, using mod_jk, now I wish to accept also https request from the web.
这是我的配置:
的httpd.conf
httpd.conf
<IfModule mod_jk.c>
JKWorkersFile /etc/apache2/workers.properties
JkShmFile /var/log/apache2/mod_jk.shm
JKLogFile /var/log/apache2/mod_jk.log
JkLogLevel debug
JkLogStampFormat "[%a %b %d %H:%M:%S %Y] "
</IfModule>
<VirtualHost *:80>
DocumentRoot "/Library/ApacheTomcat/apache-tomcat-6.0.33/webapps/MyTomcatAppName"
ServerName www.mydomain.com
ErrorLog "/private/var/log/apache2/www.mydomain.com-error_log"
CustomLog "/private/var/log/apache2/www.mydomain.com-access_log" common
JkMountCopy On
JkMount /* ajp13
</VirtualHost>
<VirtualHost *:80>
DocumentRoot "/Library/ApacheTomcat/apache-tomcat-6.0.33/webapps/MyTomcatAppName"
ServerName mydomain.com
ErrorLog "/private/var/log/apache2/mydomain.com-error_log"
CustomLog "/private/var/log/apache2/mydomaino.com-access_log" common
JkMountCopy On
JkMount /* ajp13
</VirtualHost>
然后,这是我的Worker.properties文件:
Then this is my Worker.properties file:
worker.list=ajp13
worker.ajp13.type=ajp13
worker.ajp13.host=localhost
worker.ajp13.port=8009
这是我的server.xml:
This is my server.xml:
<Host name="localhost" appBase="/Library/ApacheTomcat/apache-tomcat-6.0.33/webapps"
unpackWARs="true" autoDeploy="true"
xmlValidation="false" xmlNamespaceAware="false">
<Context path="" docBase="/Library/ApacheTomcat/apache-tomcat-6.0.33/webapps/MyTomcatAppName" />
使用这个配置我正确上网MyTomcatAppName当我访问http:// www.mydomain.com或http:// domain.com ...
我现在的问题是使用HTTPS连接访问相同的网站,这样https://开头www.mydomain.com或https:// domain.com。
我也有安装在我的Mac Mini的服务器(狮子OSX)上GoDaddy的证书,所以如果我输入https:// www.mydomain.com(或https:// domain.com)浏览器中正确通知我关于$ P $为mydomain.com证书psence,但它也表示:
With this configuration I correctly surf MyTomcatAppName when I visit http:// www.mydomain.com or http:// domain.com... My issue now is to visit the same website using an https connection, so https:// www.mydomain.com or https:// domain.com. I also have a GoDaddy certificate installed on my Mac Mini Server (Lion osx), so if I type https:// www.mydomain.com (or https:// domain.com) the browser correctly inform me about the presence of a certificate for "mydomain.com", but it also says:
Forbidden
You don't have permission to access / on this server.
Apache/2.2.20 (Unix) mod_ssl/2.2.20 OpenSSL/0.9.8r DAV/2 mod_jk/1.2.30 Server at mydomain.com Port 443
我敢肯定,这是因为我错过了在虚拟主机标签的东西....所以,我怎么能解决这个问题?
I'm sure this is because I missed something in Virtual Host tag.... So how can I fix it?
推荐答案
我找到了解决办法,所以我的Apache和Tomcat做工精细...
我要总结的步骤来解决问题:
I found the solution, so my Apache and Tomcat work fine... I' going to summarize the steps to solve the problem:
考虑,你已经MYDOMAIN证书(由GoDaddy的签字)正确安装和储存的苹果钥匙串我的Mac服务器。
Considering, you have mydomain certificate (signed by GoDaddy) correctly installed and stored within Apple KeyChain of my Mac Server.
- 开启钥匙链应用程序(带根),展开MYDOMAIN证书标签,让你看到私有密钥了。
- 与P12的扩展名保存两者,然后从生成名为.p12 .pem文件
-
私有密钥:
- Open KeyChain App (with root), expand mydomain certificate label, so you see the private key too.
- Save both with p12 extension, then generate .pem file from .p12
Private Key:
umask 0077
openssl pkcs12 -in pkfilename.p12 -nocerts -nodes -out filename-key.pem
umask 0022
证书:
Certificate:
openssl pkcs12 -in certfilename.p12 -clcerts -nokeys -out filename-cert.pem
复制文件名 - key.pem和/ etc / apache2的/目录中的文件名-cert.pem
Copy filename-key.pem and filename-cert.pem within /etc/apache2/ directory
总之,您要确保每个服务器名称加1虚拟主机,比如我只想保护mydomain.com传入连接:
Anyway, add 1 VirtualHost for each ServerName you wish to secure, for instance I just want to secure mydomain.com incoming connection:
<VirtualHost _default_:443>
DocumentRoot "/Library/ApacheTomcat/apache-tomcat-6.0.33/webapps/MyServerAppName"
ServerName mydomain.com
ErrorLog "/private/var/log/apache2/https_mydomain.com-error_log"
CustomLog "/private/var/log/apache2/https_mydomain.com-access_log" common
SSLEngine On
SSLCertificateFile /etc/apache2/filename-cert.pem
SSLCertificateKeyFile /etc/apache2/filename-key.pem
JkMountCopy On
JkMount /* ajp13
</VirtualHost>
添加听443
在httpd.conf文件中,只要加入这一项目下的 80收听
你发现在它开始。
Add Listen 443
in httpd.conf file, just add this line under Listen 80
you find at beginning of it.
您现在可以上网冲浪都HTTP:// mydomain.com和https:// mydomain.com。
在错误的情况下,你可以内读取日志文件 /无功/日志/的Apache2 /
。
You now can surf both http:// mydomain.com and https:// mydomain.com.
In case of error you can read the log files within /var/log/apache2/
.
特别感谢布鲁诺的用户,怎样帮助我创造privatekey和证书文件(步骤3和4)。
Special thanks to Bruno user, how help me on creating privatekey and certificate file (step 3 and 4).
我希望这个指南能帮助你的mod_jk安全的SSL连接配置Apache和Tomcat。
I hope this guideline can help you configuring Apache and Tomcat on mod_jk for Secure SSL connections.
这篇关于配置Apache SSL,然后重定向到Tomcat的mod_jk的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!