Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations biv343 on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Apache + Tomcat + SSL

Status
Not open for further replies.
neltan

neltan

Programmer
Nov 4, 2002
82
AU
Hi,
I have 2 questions.

1. mod_ssl has been setup in apache, how can I block http and force all connection to https?

2. tomcat has been added into apache, how can tomcat use https also?

Best Regards,
neltan
 
Sort by date Sort by votes
Did you ever get any help with this? I am having the same issue with getting a system with both Tomcat and Apache to use SSL.

Right now I am getting this error:
Only one usage of each socket address (protocol/network address/port) is normally permitted. : make_sock: could not bind to address 0.0.0.0:80 Unable to open logs

Any help would be appreciated.

Thanks

AJ
SA
HS
 
Upvote 0 Downvote
I got this error heaps when i set mine up, but was able to eventually figure it out.

What version of Apache are you running and what OS?

Tracey
Remember... True happiness is not getting what you want...

Its wanting what you have got!
 
Upvote 0 Downvote
The following are my installation script, deriving from the flashguide.

step1: install postgresql + openssl + php + apache
step2: install tomcat + mod_jk, config tomcat & apache
============================================================
Here is step1:


+-------------+
| Apache |
+-------------+
| PHP | +-------------+
+-------------+ --> | PostgreSQL |
+-------------+
+-------------+
| mod_ssl |
+-------------+
+-------------+
--> | Openssl |
+-------------+
===============================================
Download these file first
===============================================
postgresql-7.3.2.tar.gz
apache_1.3.27.tar.gz
php-4.2.3.tar.gz
mod_ssl-2.8.12-1.3.27.tar.gz
openssl-0.9.7.tar.gz


===============================================
PostgreSQL
===============================================
tar -xvzf postgresql_xxx.tar.gz
cd postgresql_xxx
./configure --prefix=/usr/local/pgsql make
make install

===============================================
postgresql config
===============================================

------------------------------------------------
Initialise PostgreSQL
------------------------------------------------
root# adduser pgsql
root# passwd pgsql
root# mkdir /usr/local/pgsql/data
root# chown pgsql:pgsql /usr/local/pgsql/data
root# su pgsql
pgsql# cd /usr/local/pgsql/bin
pgsql# ./initdb -D /usr/local/pgsql/data

------------------------------------------------
Start the database server
------------------------------------------------
exit (return to root user)
root# vi /usr/local/pgsql/data/logfile (create file)
root# chown pgsql:pgsql /usr/local/pgsql/data/logfile
root# vi /usr/local/pgsql/pg_hba.conf
(add IP: 172.18.0.0 Mask: 255.255.0.0)
root# chown -R pgsql:pgsql /usr/local/pgsql

root# su pgsql
pgsql# cd /usr/local/pgsql/bin
pgsql# ./postmaster -i -D /usr/local/pgsql/data > /usr/local/pgsql/data/logfile 2>&1
(allow remote server access)
or
pgsql# ./pg_ctl -D /usr/local/pgsql/data -l logfile start
(start in background and with logfile)
(only local server access)

------------------------------------------------
Stop the database server
------------------------------------------------
root# kill (pid)


------------------------------------------------
Create Database
------------------------------------------------
pgsql# createdb dbname
pgsql# psql -l



===============================================
Openssl
===============================================
cd /usr/src/openssl-0.9.7
./config --prefix=/usr/local/openssl
make
make test
make install

===============================================
apache_1.3.28
===============================================
Download Apache 1.3.28 source
at
cd /usr/src/apache_1.3.28
(if RH9+ the following line)
export CFLAGS="-I/usr/kerberos/include"
./configure --prefix=/usr/local/apache

===============================================
mod_ssl-2.8.12-1.3.27
===============================================
cd mod_ssl-2.8.15-1.3.28
./configure --with-apache=../apache_1.3.28

===============================================
php-4.3.2
===============================================

cd /usr/src2/php-4.3.2
./configure --prefix=/usr/local/php --with-apache=/usr/src2/apache_1.3.28 --with-pgsql=/usr/local/pgsql --enable-trans-sid --enable-track-vars --enable-sysvshm=yes --enable-sysvsem=yes --enable-versioning
make
make install
cp php.ini-dist /usr/local/php/lib/php.ini

edit /usr/local/php/lib/php.ini
register_globals = On

===============================================
apache_1.3.27
===============================================
./configure --prefix=/usr/local/apache --enable-module=ssl --enable-module=so --activate-module=src/modules/php4/libphp4.a --enable-rule=SSL_SDBM --enable-module=rewrite
make
make certificate TYPE=custom <---- this line willl generate CA Cert & Server Cert
make install

---------------------------
if only apache+php
---------------------------
./configure --prefix=/usr/local/apache --activate-module=src/modules/php4/libphp4.a --enable-module=so make
make install
===============================================
apache config
===============================================
------------------------------------------------
Add This: in /usr/local/apache/conf/httpd.conf
------------------------------------------
AddType application/x-httpd-php .php
DirectoryIndex index.html index.php
ServerName 172.18.1.22
DocumentRoot /usr/local/apache/htdocs (Optional)
User www
Group www

------------------------------------------------
Start Apache server
------------------------------------------------
/usr/local/apache/bin/apachectl start
/usr/local/apache/bin/apachectl startssl


===============================================
start when boot up
===============================================
edit /etc/rc.d/rc.local
add these line:

# Start Tomcat
/usr/local/jakarta-tomcat-4.1.24/bin/startup.sh
# Start Apache
/usr/local/apache/bin/apachectl startssl
# Start Pgsql
su - pgsql -c &quot;/usr/local/pgsql/bin/postmaster -i -D /usr/local/pgsql/data > /usr/local/pgsql/data/logfile 2>&1&quot; - pgsql &
 
Upvote 0 Downvote
============================================================
Here is step2:

Reference:
====================================================================
Add Fonts for Chinese
====================================================================
add /usr/local/fonts/
add kaiu.ttf (from CWin)
add ming_uni.ttf (from info.gov.hk)

====================================================================
J2sdk
====================================================================
cd /usr/src2/
./j2sdk-1_4_1_01-linux-i586.bin

====================================================================
Jakarta-Tomcat-4.1.24
====================================================================
download Tomcat 4.1.24 from
tar zxvf jakatar-tomcat-xx.xx.xx

====================================================================
Set Environment variable
====================================================================
edit /usr/local/jakarta-tomcat-4.1.24/conf/catalina.sh

JAVA_HOME=/usr/local/j2sdk1.4.2 ; export JAVA_HOME
CATALINA_HOME=/usr/local/jakarta-tomcat-4.1.24 ; export CATALINA_HOME
CATALINA_OPTS=&quot;-Djava.awt.headless=true&quot; ; export CATALINA_OPTS


#download from #save in $JAVA_HOME/lib/pg73jdbc3.jar
#edit /root/.bash_profile

---------------------------------
PATH=$PATH:$HOME/bin:$JAVA_HOME/bin:$CATALINA_HOME/bin:
BASH_ENV=$HOME/.bashrc
USERNAME=&quot;root&quot;
JDK_HOME=/usr/local/j2sdk1.4.1_01
JAVA_HOME=/usr/local/j2sdk1.4.1_01
CATALINA_HOME=/usr/local/jakarta-tomcat-4.1.18
TOMCAT_HOME=/usr/local/jakarta-tomcat-4.1.18
CLASSPATH=.:$JAVA_HOME/lib/tools.jar:$JAVA_HOME/lib/pg73jdbc3.jar:$JAVA_HOME/lib/htmlconverter.jar:$CATALINA_HOME/common/lib/servlet.jar:$CATALINA_HOME/common/lib

export USERNAME BASH_ENV PATH JDK_HOME JAVA_HOME CATALINA_HOME TOMCAT_HOME CLASSPATH




====================================================================
mod_jk
====================================================================
download mod_jk-1.3-eapi.so (with ssl) from
copy to /usr/local/apache/libexec
rename to mod_jk.so

====================================================================
Configure Tomcat
====================================================================

====================================================================
Create a directory called &quot;jk&quot; under $CATALINA_HOME/conf
Add workers.properties to the jk directory:
====================================================================
(change tomcat version, change host)

workers.CATALINA_HOME=/usr/local/jakarta-tomcat-4.1.24
workers.java_home=$(JAVA_HOME)
ps=/

worker.list=ajp13
worker.ajp13.port=8009
worker.ajp13.host=172.18.1.22
worker.ajp13.type=ajp13
worker.ajp13.lbfactor=1

worker.loadbalancer.type=lb
worker.loadbalancer.balanced_workers=ajp13
worker.inprocess.type=jni
worker.inprocess.class_path=$(workers.CATALINA_HOME)$(ps)lib$(ps)tomcat.jar
worker.inprocess.cmd_line=start
worker.inprocess.jvm_lib=$(workers.java_home)$(ps)jre$(ps)bin$(ps)classic$(ps)libjvm.so
worker.inprocess.stdout=$(workers.CATALINA_HOME)$(ps)logs$(ps)inprocess.stdout
worker.inprocess.stderr=$(workers.CATALINA_HOME)$(ps)logs$(ps)inprocess.stderr



====================================================================
edit /usr/local/jakarta-tomcat-4.1.24/conf/server.xml
====================================================================
(The Listener tags are what causes Tomcat to automatically create the conf/auto/mod_jk.conf file on startup)
1. Verify that the following lines are immediately after the <Server port=&quot;8005&quot; ...> declaration:


<Listener className=&quot;org.apache.ajp.tomcat4.config.ApacheConfig&quot;
modJk=&quot;/usr/local/apache/libexec/mod_jk.so&quot; jkDebug=&quot;info&quot;
workersConfig=&quot;/usr/local/jakarta-tomcat-4.1.24/conf/jk/workers.properties&quot;
jkLog=&quot;/usr/local/jakarta-tomcat-4.1.24/logs/mod_jk.log&quot;/>



2. Add the following lines after the <Service name=&quot;Tomcat-Standalone&quot;> declaration:


<!-- Define an AJP 1.3 Connector on port 8009 -->
<Connector className=&quot;org.apache.ajp.tomcat4.Ajp13Connector&quot;
port=&quot;8009&quot; minProcessors=&quot;5&quot; maxProcessors=&quot;75&quot;
acceptCount=&quot;10&quot; debug=&quot;0&quot;/>



3. Finally, after any <Host name=&quot;localhost&quot;> declarations, add a listener:
(The append attribute means to append to the existing conf/auto/mod_jk.conf file)


<Listener className=&quot;org.apache.ajp.tomcat4.config.ApacheConfig&quot;
append=&quot;true&quot; />


4. Start or restart Tomcat. If everything worked correctly, you will now have a mod_jk.conf file in $CATALINA_HOME/conf/auto.
If not, better look over this section again :)


====================================================================
edit /usr/local/apache/conf/httpd.conf
====================================================================
-----------------------------------------------
hard code the mod_jk
-----------------------------------------------
1. Add the following to the LoadModules section:

<IfModule !mod_jk.c>
LoadModule jk_module libexec/mod_jk.so
</IfModule>


2. Add the following to the end of httpd.conf:
(This is all an example. You will have to set the paths for JkWorkersFile and JkLogFile as approriate.
You should make one entry for each webapp you want to expose via mod_jk.)

<IfModule mod_jk.c>
JkWorkersFile &quot;/usr/local/jakarta-tomcat-4.1.24/conf/jk/workers.properties&quot;
JkLogFile &quot;/usr/local/jakarta-tomcat-4.1.24/logs/mod_jk.log&quot;

JkLogLevel debug

JkMount /examples ajp13
JkMount /examples/* ajp13
</IfModule>

3. Change Port & Listen

#Port 80
Port 443

<IfDefine SSL>
#Listen 80
Listen 443
</IfDefine>

4. edit your httpd.conf
look for this directive &quot;SSLPassPhraseDialog builtin&quot; and change to
SSLPassPhraseDialog exec:/root/passphrase
or wherever your passphrase file is the contents of the file passphrase is:
#!/bin/sh
echo &quot;your passphrase&quot;

and then chmod 500 the file for security
----------------------------------------------------------

====================================================================
Test httpd.conf configuration
====================================================================
/usr/local/apache/bin/apachectl configtest

====================================================================
Testing
====================================================================
*** Always
start Tomcat first
start Apache.
stop Apache first
stop or restart Tomcat

1. (show tomcat)
2. (show apache)
3. (show apache+ssl)

(PHP)
place index.php in /usr/local/apache/htdocs/test
content of index.php:
<?phpinfo();?>
4. 5.
(JSP)
6. 7. 8. (should be blank, )


====================================================================
SSL + JSP (====================================================================

 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

AbidingDude
  • Locked
  • Question
Newbie Apache Cache Question
Replies
5
Views
483
AbidingDude
AbidingDude
daniel.warner
  • Locked
  • Question
Desperately need help setting up wildcard certs on Apache/Tomcat
Replies
2
Views
303
daniel.warner
daniel.warner
Frank DBA
  • Locked
  • Question
Apache XForwardedFor Header
Replies
1
Views
228
RhythmAce
RhythmAce
webamol
  • Locked
  • Question
Apache with mod jk maintenance page when tomcat goes down
Replies
7
Views
275
webamol
webamol
johngiggs
  • Locked
  • Question
Apache RewriteRule or RewriteCond
Replies
4
Views
274
feherke
feherke

Part and Inventory Search

Sponsor

Back
Top