I would warmly recommend you to terminate the SSL at the apache, and simply only run HTTP on the application server, and forward the SSL/NON-SSL to internal NON-SSL like this:
<VirtualHost *:80> ServerName jira.our.fqdn.goes.here ServerAlias jira jira.our.external.domain.com <Directory /> AllowOverride None Order allow,deny allow from all </Directory> RewriteEngine On RewriteRule ^/(.*)$ https://jira.our.fqdn.goes.here%{REQUEST_URI} [R,L] ProxyPass / http://jira.our.fqdn.goes.here:8081/ ProxyPassReverse / http://jira.our.fqdn.goes.here:8081/ </VirtualHost> <VirtualHost *:443> ServerName jira.our.fqdn.goes.here ServerAlias jira jira.our.external.domain.com SSLProxyEngine on RewriteEngine On RewriteCond %{HTTP_HOST} !^jira\.our\.fqdn\.goes\.here [NC] RewriteRule ^/(.*)$ https://jira.our.fqdn.goes.here%{REQUEST_URI} [R,L] ProxyRequests Off ProxyPreserveHost On ProxyPass / http://jira.our.fqdn.goes.here:8081/ ProxyPassReverse / http://jira.our.fqdn.goes.here:8081/ ErrorLog /var/log/httpd/jira_ssl_error_log MaxKeepAliveRequests 500 KeepAlive On SSLEngine on SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL SSLCertificateFile /root/shared.cer SSLCertificateKeyFile /root/shared.key SSLProxyVerify none SSLProxyCheckPeerCN off SSLProxyCheckPeerName off </VirtualHost>
Reason you see a shared key is because we use alt_name configured SSL certs, allowing several tomcats applications to be hosted on the same server.
In server.xml you would only have one http port, 8081 in this case.
Hi,
I am getting this error in error_log:
[Wed Jan 25 06:49:40.735436 2017] [suexec:notice] [pid 11229] AH01232: suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Wed Jan 25 06:49:40.736348 2017] [ssl:warn] [pid 11229] AH02292: Init: Name-based SSL virtual hosts only work for clients with TLS server name indication support (RFC 4366)
[Wed Jan 25 06:49:40.749484 2017] [so:warn] [pid 11229] AH01574: module ssl_module is already loaded, skipping
[Wed Jan 25 06:49:40.750297 2017] [so:warn] [pid 11229] AH01574: module proxy_module is already loaded, skipping
[Wed Jan 25 06:49:40.750372 2017] [so:warn] [pid 11229] AH01574: module proxy_connect_module is already loaded, skipping
[Wed Jan 25 06:49:40.750388 2017] [so:warn] [pid 11229] AH01574: module proxy_http_module is already loaded, skipping
(98)Address already in use: AH00072: make_sock: could not bind to address 0.0.0.0:443
[Wed Jan 25 06:49:40.752510 2017] [mpm_prefork:alert] [pid 11229] no listening sockets available, shutting down
[Wed Jan 25 06:49:40.752515 2017] [:emerg] [pid 11229] AH00019: Unable to open logs, exiting
When i did netstat, there is nothing running on 443 port. Can you please tell me if anything else is reason?
Nikhil
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hello Jonas,
Kindly help us in setting up HTTPS over a Webex or a call as it very critical now. We are planning for Upgrade next month and we are running out of tinme.
Nikhil
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.