10-05-2009 01:35 PM
It is important to note that configuring Tomcat to take advantage of secure sockets is usually only necessary when running it as a stand-alone web server. When running Tomcat primarily as a Servlet/JSP container behind another web server, such as Apache or Microsoft IIS, it is usually necessary to configure the primary web server to handle the SSL connections from users. Typically, this server will negotiate all SSL-related functionality, then pass on any requests destined for the Tomcat container only after decrypting those requests. Likewise, Tomcat will return cleartext responses, that will be encrypted before being returned to the user's browser. In this environment, Tomcat knows that communications between the primary web server and the client are taking place over a secure connection (because your application needs to be able to ask about this), but it does not participate in the encryption or decryption itself.
10-05-2009 01:55 PM
10-05-2009 02:03 PM
<IfModule mod_ssl.c>
NameVirtualHost *:443
####
#### DOCS.DOMAIN.TLD ####
####
<virtualhost *:443>
ServerName docs.domain.tld
ServerAlias alfresco.domain.tld
ServerAdmin webmaster@domain.tld
### ### ### ### ### ###
### Start SSL
SSLEngine On
### Certificates
SSLCertificateFile /etc/apache2/ssl/star_domain_tld.crt
SSLCertificateKeyFile /etc/apache2/ssl/star_domain_tld.key
SSLCertificateChainFile /etc/apache2/ssl/DigiCertCA.crt
### Only allow SSLv3 and TLSv1 and HIGH/MED encryption.
SSLCipherSuite -ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:-LOW:+TLSv1:+SSLv3:-EXP:-eNULL
SSLProtocol -all +SSLv3 +TLSv1
### ### ### ### ### ###
#Dummy folder for virtual host
DocumentRoot /var/www/htdocs/docs.domain.tld/
<directory /var/www/htdocs/docs.domain.tld/>
Options -Indexes -FollowSymLinks MultiViews
AllowOverride All
Order allow,deny
allow from all
</directory>
ErrorLog /var/log/apache2/docs.domain.tld_error.log
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
LogLevel warn
CustomLog /var/log/apache2/docs.domain.tld_access.log combined
### Log to Syslog
LogLevel notice
ErrorLog syslog:local6
#CustomLog "|/usr/bin/logger -t apache -i -p local6.notice" combined
ServerSignature Off
ProxyRequests Off
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
ProxyPass /share http://localhost:8080/share
ProxyPassReverse /share http://localhost:8080/share
ProxyPass /alfresco http://localhost:8080/alfresco
ProxyPassReverse /alfresco http://localhost:8080/alfresco
</virtualhost>
</IfModule>
10-05-2009 02:09 PM
What does the configuration look like?Hi again gronfelt,
Personally I prefer to use mod_jk when proxying Tomcat with Apache, it's very simple to setup and seems to be pretty failsafe:
http://tomcat.apache.org/connectors-doc/generic_howto/quick.html
10-05-2009 03:02 PM
10-05-2009 03:30 PM
10-11-2009 07:04 PM
10-11-2009 07:19 PM
10-12-2009 02:45 AM
I use to have the same problem when running Alfresco with Apache reverse proxy over SSL. When using mod_jk instead, all problems vanished.
I recommend you do the same.
Regards.
10-12-2009 03:16 PM
Tags
Find what you came for
We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.