开发者

Apache in front of Glassfish v3 with SSL using mod_proxy_ajp

I hope here are some cracks around that can easily solve the issue I am struggling with even after searching in several forums: I need to place a Glassfish v3 application server behind an Apache 2.2.x webserver as some pieces my webhoster provides, such as webmail, are running on the webserver (so I cannot shut this down). Consequently, I have decided to use the newer solution “mod_proxy_ajp” (which ships with Apache out of the box) instead of more complex “mod_jk” to pass requests through Apache to Glassfish. What I did until now is this:

Apache includes “/etc/httpd/conf.d/proxy_ajp.conf” which contains:

  • LoadModule proxy_aj开发者_Python百科p_module modules/mod_proxy_ajp.so
  • ProxyPass /mail !
  • ProxyPass / ajp://localhost:8080/
  • ProxyPassReverse / ajp://localhost:8080/

Glassfish:

  • http-listener-1 is listening on 8080 with “JK listener” enabled
  • http-listener-2 is listening on 8181 and has security enabled using my SSL-certificate

But what I would like to do is this:

  1. Route all requests for “https://webmail.mydomain.com” to Apache (webhoster email web-frontend)
  2. Route all other requests HTTP and HTTPS to Glassfish. For HTTP to my Glassfish http-listener-1 on 8080 or 8009, for HTTPS using my SSL-certificate registered with my Glassfish http-listener-2 on 8181 (in both directions, pass and reverse these ports should not be visible to the user)
  3. Either force all requests to Glassfish to be redirected/switched to HTTPS, or based on web.xml security configuration for specific resources (somefile.html) force to switch from HTTP to HTTPS (or any another solution to do this)

If someone could provide a short description for solving these 3 tasks I would be really happy as I am not this deep into Java web administration.

Thanks in advance and cheers

~limubai


That is a lot of questions! It sounds like you're trying to proxy GlassFish through Apache so users can access your applications on standard ports (80 and 443), and you've got multiple applications, multiple domains, and you want to use SSL.

Well, you've got a lot of work ahead of you then! You're probably going to need to look into virtual hosting on Apache; in particular, one virtual host for webmail.mydomain.com and then another for mydomain.com.

If you don't have two IP addresses (two NICs) on your webserver then you'll have to use name-based virtual hosting. Be aware that name-based virtual hosting and SSL don't work together easily; you'll probably have to use an SSL certificate with common name mydomain.com and alias webmail.mydomain.com (altSubjectName extension).

Information on configuring Apache can be found here:

http://httpd.apache.org/docs/2.2/vhosts/

Information on using name-based virtual hosting with SSL can be found here:

http://wiki.apache.org/httpd/NameBasedSSLVHosts

Information on configuring GlassFish can be found here:

http://download.oracle.com/docs/cd/E18930_01/html/821-2416/gfaad.html

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜