Https root webapp in jboss 5 through apache mod_proxy with ajp

apache-2.2httpsjbossmod-proxy-ajp

i have apache 2.2.3 and jboss 5.1 installed in my server, in apache i have 2 apps in php+mysql and in jboss i have in the root app (/) liferay portal. i used mod_proxy to reach the jboss app :

<VirtualHost server_ip:80>
ServerName intranet.mycompany.com
ProxyPreserveHost On
ProxyPass / balancer://jbosscluster/
ProxyPassReverse / http://server_ip:8080
</VirtualHost>

but now i have to enable https only in intranet.mycompany.com, and i dont know where configure the ssl, in apache, jboss, both. i tried in jboss in the server.xml, generating a selfsigned certificate with keytool, but apache doesnt forward to https://server_ip:8443

i will appreciate your help.

Best Answer

If everything is on the same server, all you need to do is set up SSL in Apache - you make sure mod_ssl is installed and pretty much use the default config style to make it run. The Apache <=> JBoss communication will happen internally on the same server as usual and be unencrypted.

Given a standard linux (CentOS, e.g.) box with the mod_ssl package installed:

# SSL Basics
LoadModule ssl_module modules/mod_ssl.so
Listen 443
NameVirtualHost *:443
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl    .crl
SSLPassPhraseDialog  builtin
SSLSessionCache         shmcb:/var/cache/mod_ssl/scache(512000)
SSLSessionCacheTimeout  300
SSLMutex default
SSLRandomSeed startup file:/dev/urandom  256
SSLRandomSeed connect builtin
SSLCryptoDevice builtin

<VirtualHost _default_:443>
  ...config stuff...
  ServerName intranet.mycompany.com
  ProxyPreserveHost On
  ProxyPass / balancer://jbosscluster/
  ProxyPassReverse / http://127.0.0.1:8080

  SSLEngine on
  SSLProtocol all -SSLv2
  SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW
  SSLCertificateFile /path/to/server.pem
  SSLCertificateKeyFile /path/to/server.pem

  <Files ~ "\.(cgi|shtml|phtml|php3?)$">
    SSLOptions +StdEnvVars
  </Files>

  SetEnvIf User-Agent ".*MSIE.*" \
    nokeepalive ssl-unclean-shutdown \
    downgrade-1.0 force-response-1.0

  CustomLog logs/ssl_request_log \
    "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"

  ...more config stuff...
</VirtualHost>

The file server.pem contains both the unencrypted server key and the server cert returned from the upstream authority.

/usr/bin/openssl genrsa -des3 1024 > server.key.encrypted
/usr/bin/openssl rsa -in server.key.encrypted -out server.key

/usr/bin/openssl req -new -key server.key -out server.csr

cat server.key > server.pem
cat server.crt >> server.pem

That's the basic idea -- server.crt is the file given back to you from Thawte, etc. after you gave them the server.csr file (and money).

Related Solutions

Mod_Rewrite Apache ProxyPass

If Apache can't find a VirtualHost with a matching ServerName or ServerAlias, it uses the first VirtualHost found in the config file as a default. With the configuration above, I think that for example "www.newsite.com" would end up being handled by the oldsite.com VirtualHost.

Have you tried adding a ServerAlias line to each of the two main VirtualHosts - i.e.

<VirtualHost *>
    ServerName oldsite.com
    ServerAlias *.oldsite.com
    ...
</VirtualHost>
<VirtualHost *>
    ServerName newsite.com
    ServerAlias *.newsite.com
    ...
</VirtualHost>

Centos – JBoss thrown error looking up local address when starting

You can check your /etc/hosts file, there you should find such lines:

127.0.0.1       localhost localhost.localdomain
::1             localhost6 localhost6.localdomain6

These lines are used to resolv your localhost name.

Best Answer

Related Solutions

Mod_Rewrite Apache ProxyPass

Centos – JBoss thrown error looking up local address when starting

Related Topic