tomcat 7.0.23无法从apache服务器建立SSL连接。
嗨,我有以下server.xml设置。tomcat 7.0.23无法从apache服务器建立SSL连接。
Server port="7005" shutdown="SHUTDOWN-TOMCAT-C">
<Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" />
<Listener className="org.apache.catalina.core.JasperListener" />
<Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener" />
<Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" />
<Listener className="org.apache.catalina.core.ThreadLocalLeakPreventionListener" />
<Service name="Catalina">
<Connector port="7070" protocol="org.apache.coyote.http11.Http11NioProtocol"
connectionTimeout="20000"
redirectPort="7443" />
<Connector port="7443" protocol="org.apache.coyote.http11.Http11NioProtocol" maxThreads="150"
SSLEnabled="true" scheme="https" secure="true" clientAuth="want" sslProtocol="TLS"
keystoreFile="${key.path}\compresskey.bin" keystorePass="${keystorePass}"
compression="on" compressableMimeType="text/html,text/xml,text/plain,text/javascript,text/css"/>
<Connector port="7009" protocol="org.apache.coyote.ajp.AjpProtocol" redirectPort="7443" enableLookups="false" />
<Engine name="Catalina" defaultHost="localhost" jvmRoute="tomcat-c">
<Cluster className="org.apache.catalina.ha.tcp.SimpleTcpCluster"
channelSendOptions="10">
<Manager className="org.apache.catalina.ha.session.BackupManager"
expireSessionsOnShutdown="false"
notifyListenersOnReplication="true"
mapSendOptions="10"/>
<Valve className="org.apache.catalina.ha.tcp.ReplicationValve"
filter=".*\.gif;.*\.js;.*\.jpg;.*\.png;.*\.htm;.*\.html;.*\.css;.*\.txt;"/>
<ClusterListener className="org.apache.catalina.ha.session.ClusterSessionListener"/>
</Cluster>
<Context path="/mvc2_app1"
docBase="${user.home}\webapps\mvc2_app1"
cookies="true"
override="true"
reloadable="false"
swallowOutput="true"
distributable="true"
logEffectiveWebXml="true"
xmlNamespaceAware="false"
xmlValidation="false"
className="org.apache.catalina.core.StandardContext">
</context>
</service>
</host>
我worker.properties
worker.tomcat-c.port=7009
worker.tomcat-c.host=localhost
worker.tomcat-c.type=ajp13
worker.tomcat-c.lbfactor=1
这里是我的httpd.conf设置。
<VirtualHost ${host}:443>
SSLEngine On ServerName ${host}
ErrorLog "logs/error.log"
LogLevel warn
SSLCertificateFile conf/ssl/server.crt
SSLCertificateKeyFile conf/ssl/server.key
SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
SSLProxyEngine On
ServerAdmin [email protected]
RewriteEngine On
ProxyPreserveHost On #applications on 5443
ProxyPass /mvc2_app1 https://${host}:7443/mvc2_app1
ProxyPassReverse /mvc2_app1 https://${host}:7443/mvc2_app1
</virtual_host>
当我尝试连接到https://localhost/mvc2_app1,我得到一个错误500代理错误。
这里是我的error.log 代理:SSL握手期间遭/ mvc2_app1 代理返回远程服务器错误:从$ {本地IP 7443($ {HOST}):通过请求体未能$ {本地IP} }
任何建议或提示?
谢谢。
- update - 我可以连接到Apache服务器没有问题。 https://localhost有效,但https://localhost/mvc2_app1没有。
所以我的tomcat日志是这样的。
Dec 25, 2011 10:21:57 PM org.apache.coyote.AbstractProtocol init
INFO: Initializing ProtocolHandler ["http-nio-7070"]
Dec 25, 2011 10:21:57 PM org.apache.tomcat.util.net.NioSelectorPool getSharedSelector
INFO: Using a shared selector for servlet write/read
Dec 25, 2011 10:21:57 PM org.apache.coyote.AbstractProtocol init
INFO: Initializing ProtocolHandler ["http-nio-7443"]
Dec 25, 2011 10:21:58 PM org.apache.tomcat.util.net.NioSelectorPool getSharedSelector
INFO: Using a shared selector for servlet write/read
Dec 25, 2011 10:21:58 PM org.apache.coyote.AbstractProtocol init
INFO: Initializing ProtocolHandler ["ajp-bio-7009"]
Dec 25, 2011 10:21:58 PM org.apache.catalina.tribes.membership.McastServiceImpl setupSocket
INFO: Setting cluster mcast soTimeout to 500
Dec 25, 2011 10:21:58 PM org.apache.catalina.tribes.membership.McastServiceImpl waitForMembers
INFO: Sleeping for 1000 milliseconds to establish cluster membership, start level:4
Dec 25, 2011 10:21:59 PM org.apache.catalina.tribes.membership.McastServiceImpl waitForMembers
INFO: Done sleeping, membership established, start level:4
Dec 25, 2011 10:21:59 PM org.apache.catalina.tribes.membership.McastServiceImpl waitForMembers
INFO: Sleeping for 1000 milliseconds to establish cluster membership, start level:8
Dec 25, 2011 10:22:00 PM org.apache.catalina.tribes.membership.McastServiceImpl waitForMembers
INFO: Done sleeping, membership established, start level:8
Dec 25, 2011 10:22:00 PM org.apache.catalina.tribes.tipis.AbstractReplicatedMap init
INFO: Initializing AbstractReplicatedMap with context name:/mvc2_app1
Dec 25, 2011 10:22:00 PM org.apache.catalina.tribes.tipis.AbstractReplicatedMap init
INFO: Initializing AbstractReplicatedMap with context name:/mvc2_app2
所以我更新到tomcat 7.0.25和我的应用程序运行。我至少在我的spring 3应用程序中看到了配置错误,并且能够修复它们。
你混淆了mod_jk
和mod_proxy
。
的worker.properties
参数是mod_jk
,它使用AJP,但他们没有被mod_proxy_ajp
使用(这是时下建议在mod_jk
的AJP连接)。
你ProxyPassReverse
配置使用mod_proxy_http
(一https://
URL,不ajp://
),不mod_jk
或mod_proxy_ajp
。为此,在Tomcat上启用AJP毫无意义。
您可能不需要在Apache Httpd服务器和Apache Tomcat服务器(从本地主机到本地主机)之间使用HTTPS。但是,如果您觉得需要,请使用SSLProxy*
指令,如mod_proxy
文档顶部所述。
感谢布鲁诺。我认为我的问题与tomcat而不是Apache有关。 我尝试点击https:// $ {host}:7443/mvc2_app1,它只是加载并加载并超时。我改变了配置,以便原来的tomcat实例会为我加载https:// $ {host}:7443 /仍然没有任何响应。 –
此外,我有开放端口,当我开始它。'TCP [::]:7009 [::]:0 LISTENING' 'TCP [::]:7070 [::]:0 LISTENING' 'TCP [::]:7443 [::]:0 LISTENING ' 我认为我的问题是这样的: SEVERE:没有为服务器定义全局命名上下文 –
我得到的错误是[错误]代理:通过请求身体未能$ {ip_addrsss}:$ {tomcat_port}($ {host})from .... –
这不是一个编程问题,btw:不适用于* 。 – Bruno