您的位置: 首页  >  技术问答  >  tomcat 7.0.23无法从apache服务器建立SSL连接。

tomcat 7.0.23无法从apache服务器建立SSL连接。

分类: 技术问答 2022-05-11 23:20:46
问题描述:

嗨,我有以下server.xml设置。tomcat 7.0.23无法从apache服务器建立SSL连接。

Server port="7005" shutdown="SHUTDOWN-TOMCAT-C"> 
    <Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" /> 
    <Listener className="org.apache.catalina.core.JasperListener" /> 
    <Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener" /> 
    <Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" /> 
    <Listener className="org.apache.catalina.core.ThreadLocalLeakPreventionListener" /> 

    <Service name="Catalina"> 
     <Connector port="7070" protocol="org.apache.coyote.http11.Http11NioProtocol" 
        connectionTimeout="20000" 
        redirectPort="7443" /> 
     <Connector port="7443" protocol="org.apache.coyote.http11.Http11NioProtocol" maxThreads="150" 
        SSLEnabled="true" scheme="https" secure="true" clientAuth="want" sslProtocol="TLS" 
        keystoreFile="${key.path}\compresskey.bin" keystorePass="${keystorePass}" 
        compression="on" compressableMimeType="text/html,text/xml,text/plain,text/javascript,text/css"/> 
     <Connector port="7009" protocol="org.apache.coyote.ajp.AjpProtocol" redirectPort="7443" enableLookups="false" /> 

     <Engine name="Catalina" defaultHost="localhost" jvmRoute="tomcat-c"> 
      <Cluster className="org.apache.catalina.ha.tcp.SimpleTcpCluster" 
        channelSendOptions="10"> 
       <Manager className="org.apache.catalina.ha.session.BackupManager" 
         expireSessionsOnShutdown="false" 
         notifyListenersOnReplication="true" 
         mapSendOptions="10"/> 
       <Valve className="org.apache.catalina.ha.tcp.ReplicationValve" 
         filter=".*\.gif;.*\.js;.*\.jpg;.*\.png;.*\.htm;.*\.html;.*\.css;.*\.txt;"/> 
       <ClusterListener className="org.apache.catalina.ha.session.ClusterSessionListener"/> 
      </Cluster> 

<Context path="/mvc2_app1" 
         docBase="${user.home}\webapps\mvc2_app1" 
         cookies="true" 
         override="true" 
         reloadable="false" 
         swallowOutput="true" 
         distributable="true" 
         logEffectiveWebXml="true" 
         xmlNamespaceAware="false" 
         xmlValidation="false" 
         className="org.apache.catalina.core.StandardContext"> 
</context> 
</service> 

</host>

我worker.properties

worker.tomcat-c.port=7009 
worker.tomcat-c.host=localhost 
worker.tomcat-c.type=ajp13 
worker.tomcat-c.lbfactor=1

这里是我的httpd.conf设置。

<VirtualHost ${host}:443> 
SSLEngine On ServerName ${host} 
ErrorLog "logs/error.log" 
LogLevel warn 
SSLCertificateFile conf/ssl/server.crt 
SSLCertificateKeyFile conf/ssl/server.key 
SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown 
SSLProxyEngine On 
ServerAdmin [email protected] 
RewriteEngine On 

ProxyPreserveHost On #applications on 5443 
ProxyPass /mvc2_app1 https://${host}:7443/mvc2_app1 

ProxyPassReverse /mvc2_app1 https://${host}:7443/mvc2_app1 
</virtual_host>

当我尝试连接到https://localhost/mvc2_app1,我得到一个错误500代理错误。

这里是我的error.log 代理:SSL握手期间遭/ mvc2_app1 代理返回远程服务器错误:从$ {本地IP 7443($ {HOST}):通过请求体未能$ {本地IP} }

任何建议或提示?

谢谢。

- update - 我可以连接到Apache服务器没有问题。 https://localhost有效,但https://localhost/mvc2_app1没有。

所以我的tomcat日志是这样的。

Dec 25, 2011 10:21:57 PM org.apache.coyote.AbstractProtocol init 
INFO: Initializing ProtocolHandler ["http-nio-7070"] 
Dec 25, 2011 10:21:57 PM org.apache.tomcat.util.net.NioSelectorPool getSharedSelector 
INFO: Using a shared selector for servlet write/read 
Dec 25, 2011 10:21:57 PM org.apache.coyote.AbstractProtocol init 
INFO: Initializing ProtocolHandler ["http-nio-7443"] 
Dec 25, 2011 10:21:58 PM org.apache.tomcat.util.net.NioSelectorPool getSharedSelector 
INFO: Using a shared selector for servlet write/read 
Dec 25, 2011 10:21:58 PM org.apache.coyote.AbstractProtocol init 
INFO: Initializing ProtocolHandler ["ajp-bio-7009"] 
    Dec 25, 2011 10:21:58 PM org.apache.catalina.tribes.membership.McastServiceImpl setupSocket 
    INFO: Setting cluster mcast soTimeout to 500 
    Dec 25, 2011 10:21:58 PM org.apache.catalina.tribes.membership.McastServiceImpl waitForMembers 
    INFO: Sleeping for 1000 milliseconds to establish cluster membership, start level:4 
    Dec 25, 2011 10:21:59 PM org.apache.catalina.tribes.membership.McastServiceImpl waitForMembers 
    INFO: Done sleeping, membership established, start level:4 
    Dec 25, 2011 10:21:59 PM org.apache.catalina.tribes.membership.McastServiceImpl waitForMembers 
    INFO: Sleeping for 1000 milliseconds to establish cluster membership, start level:8 
    Dec 25, 2011 10:22:00 PM org.apache.catalina.tribes.membership.McastServiceImpl waitForMembers 
    INFO: Done sleeping, membership established, start level:8 
    Dec 25, 2011 10:22:00 PM org.apache.catalina.tribes.tipis.AbstractReplicatedMap init 
    INFO: Initializing AbstractReplicatedMap with context name:/mvc2_app1 
    Dec 25, 2011 10:22:00 PM org.apache.catalina.tribes.tipis.AbstractReplicatedMap init 
    INFO: Initializing AbstractReplicatedMap with context name:/mvc2_app2
+0

我得到的错误是[错误]代理:通过请求身体未能$ {ip_addrsss}:$ {tomcat_port}($ {host})from .... –

+0

这不是一个编程问题,btw:不适用于* 。 – Bruno

所以我更新到tomcat 7.0.25和我的应用程序运行。我至少在我的spring 3应用程序中看到了配置错误,并且能够修复它们。

你混淆了mod_jkmod_proxy

worker.properties参数是mod_jk,它使用AJP,但他们没有被mod_proxy_ajp使用(这是时下建议在mod_jk的AJP连接)。

ProxyPassReverse配置使用mod_proxy_http(一https:// URL,不ajp://),不mod_jkmod_proxy_ajp。为此,在Tomcat上启用AJP毫无意义。

您可能不需要在Apache Httpd服务器和Apache Tomcat服务器(从本地主机到本地主机)之间使用HTTPS。但是,如果您觉得需要,请使用SSLProxy*指令,如mod_proxy文档顶部所述。

+0

感谢布鲁诺。我认为我的问题与tomcat而不是Apache有关。 我尝试点击https:// $ {host}:7443/mvc2_app1,它只是加载并加载并超时。我改变了配置,以便原来的tomcat实例会为我加载https:// $ {host}:7443 /仍然没有任何响应。 –

+0

此外,我有开放端口,当我开始它。'TCP [::]:7009 [::]:0 LISTENING' 'TCP [::]:7070 [::]:0 LISTENING' 'TCP [::]:7443 [::]:0 LISTENING ' 我认为我的问题是这样的: SEVERE:没有为服务器定义全局命名上下文 –

相关推荐