Apache Redirect to Jboss SSL

apache-2.2jbossredirectionssl-certificate

I'm trying to have an SSL Connection to an Apache server on port 443 which I want to use to proxy connections to a JBoss server on a different port.

The SSL certificates sit on the Jboss server not on the Apache server. Is it possible to redirect HTTPS traffic from Apache to the Jboss Server and have the JBoss server do the SSL handshake?

The Apache server must be able to redirect HTTPS traffic for two different URLS. One for a secure site. The other for access to web services. By the way I'm using it mutual authentication, if that makes any difference.

What does the Apache config file need to contain? or are there any good example of this out there?

Thanks

Best Answer

The system that negotiates the SSL connection is going to be responsible for performing the keypair handshake.

If your clients are accessing the Apache server, it would serve the SSL certificate. The SSL certificate on JBoss would only be used by the Apache server, as it is the client in that case.

If you want the JBoss server to handle the SSL negotiation on the front-end, consider using NAT (or a PAT) to translate the ports.

Related Solutions

Jetty – Virtualhosting – SSL Certificates

Did you read the Jetty documentation?

Glassfish does it by attaching the certificates to the HTTP(S) listeners, which are then in turn bound to a server instance.

According to the documentation, the way Jetty does it is pretty similar:
http://docs.codehaus.org/display/JETTY/Virtual+hosts

You simply configure your vhosts (make them IP based, SSL is negotiated before host headers are ever sent), and then add multiple connectors, one per IP/HTTPS connector. Each can have its own trust/keystore with the SSL certificate in them.

https://web.archive.org/web/20150509123728/http://docs.codehaus.org/display/JETTY/Ssl+Connector+Guide
newer: https://www.eclipse.org/jetty/documentation/current/configuring-ssl.html

Simply add a connector per certificate. There's no way around it, SSL requires a dedicated IP address, so one connector per SSL site you wish to serve.

According to this document:
https://www.eclipse.org/jetty/documentation/9.4.x/configuring-connectors.html

The "host" directive for connectors will allow you to bind them to a specific address, thus solving your problem.

Hope this helps.

JBoss behind Apache redirecting to localhost

I think I've got it:

    <Location /admin-console>
            Order deny,allow
            Allow from all
            Options -Indexes FollowSymLinks
            ProxyPass http://127.0.0.1:8080/admin-console
            ProxyPassReverse http://127.0.0.1:8080/admin-console
    </Location>

I needed to put the ProxyPass and ProxyPassReverse directives inside the Location directive.

Best Answer

Related Solutions

Jetty – Virtualhosting – SSL Certificates

JBoss behind Apache redirecting to localhost

Related Topic