OFBiz OFBiz - User
Login  Register

Re: Users - Apache, mod_jk, SSL Cert - Why do I see OFBiz Test Cert?

Posted by Vinay Agarwal on May 30, 2006; 2:45pm
URL: http://ofbiz.116.s1.nabble.com/Users-Apache-mod-jk-SSL-Cert-Why-do-I-see-OFBiz-Test-Cert-tp139503p139513.html

After doing further research, I found that http traffic is mapped to the
default port but the https traffic is still on port 8443. Do I need two
ajp13 workers one for http traffic and one for https traffic?

The relevant config files are below.
Thanks a lot.
Vinay Agarwal

Workers.properties
----------------
# Setting Java Home
workers.java_home=/usr/local/java/java
ps=/
worker.list=ajp13
worker.ajp13.port=8009
worker.ajp13.host=localhost
worker.ajp13.type=ajp13

mod_jk.conf
-----------
JkWorkersFile "/etc/httpd/conf/workers.properties"
JkLogFile "/var/log/httpd/mod_jk.log"

        JkMount /images/* ajp13
        JkMount /static/* ajp13
        JkMount /webtools/* ajp13
        JkMount /partymgr/* ajp13
        JkMount /content/* ajp13
        JkMount /catalog/* ajp13
        JkMount /accounting/* ajp13
        JkMount /ordermgr/* ajp13
        JkMount /marketing/* ajp13
        JkMount /financials/* ajp13
        JkMount /control/* ajp13

JkLogLevel emerg
#JkLogLevel info
#JkLogLevel debug

# Should mod_jk send SSL information to Tomcat (default is On)
JkExtractSSL On
# What is the indicator for SSL (default is HTTPS)
JkHTTPSIndicator HTTPS
# What is the indicator for SSL session (default is SSL_SESSION_ID)
JkSESSIONIndicator SSL_SESSION_ID
# What is the indicator for client SSL cipher suit (default is SSL_CIPHER)
JkCIPHERIndicator SSL_CIPHER
# What is the indicator for the client SSL certificated (default is
SSL_CLIENT_CERT)
JkCERTSIndicator SSL_CLIENT_CERT

Httpd.conf
----------
<VirtualHost 72.29.99.94:80>
        ServerName www.grayzilla.com
        ServerAlias www.grayzilla.com grayzilla.com
        ServerAdmin [hidden email]
        DocumentRoot /home/grayzilla/domains/grayzilla.com/public_html
        ScriptAlias /cgi-bin/
/home/grayzilla/domains/grayzilla.com/public_html/cgi-bin/

        UseCanonicalName OFF

        SuexecUserGroup grayzilla grayzilla
        CustomLog /var/log/httpd/domains/grayzilla.com.bytes bytes
        CustomLog /var/log/httpd/domains/grayzilla.com.log combined
        ErrorLog /var/log/httpd/domains/grayzilla.com.error.log

        <Directory /home/grayzilla/domains/grayzilla.com/public_html>
                Options -Indexes FollowSymLinks
                AllowOverride None
                Order allow,deny
                Allow from all
        </Directory>
</VirtualHost>
<VirtualHost 72.29.99.94:443>
        SSLEngine on
        SSLCipherSuite
ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
        SSLCertificateFile
/usr/local/directadmin/data/users/grayzilla/domains/grayzilla.com.cert
        SSLCertificateKeyFile
/usr/local/directadmin/data/users/grayzilla/domains/grayzilla.com.key
        SSLOptions +StdEnvVars +ExportCertData

        ServerName www.grayzilla.com
        ServerAlias www.grayzilla.com grayzilla.com
        ServerAdmin [hidden email]
        DocumentRoot /home/grayzilla/domains/grayzilla.com/public_html
        ScriptAlias /cgi-bin/
/home/grayzilla/domains/grayzilla.com/public_html/cgi-bin/

        UseCanonicalName OFF

        SuexecUserGroup grayzilla grayzilla
        CustomLog /var/log/httpd/domains/grayzilla.com.bytes bytes
        CustomLog /var/log/httpd/domains/grayzilla.com.log combined
        ErrorLog /var/log/httpd/domains/grayzilla.com.error.log

        <Directory /home/grayzilla/domains/grayzilla.com/public_html>
                Options -Indexes FollowSymLinks
                AllowOverride None
                Order allow,deny
                Allow from all
        </Directory>
</VirtualHost>

-----Original Message-----
From: [hidden email] [mailto:[hidden email]]
On Behalf Of Ray Barlow
Sent: Tuesday, May 30, 2006 12:58 AM
To: OFBiz Users / Usage Discussion
Subject: Re: [OFBiz] Users - Apache, mod_jk, SSL Cert - Why do I see OFBiz
Test Cert?

If Tomcat is serving up the ofbiz cert then there is a configuration issue
with your Apache conf file and mod_jk. Maybe you could post the two sections
from Apache related to port 80 and port 443 for the domain, as well as the
worker properties file and the tomcat server conf file.
If you want to change IP address etc to protect any sensitive information
then please make it clear and consistent as IP addresses tend to be crucial
factors in getting mod_jk to work so it's easy to disguise the problem when
trying to hide your information.

I seem to remember someone talking about mod_jk the other week and they said
something about changing to port 8080 and 8443 and it all worked!?
Seemed a little odd to me and if that was yourself then I would suggest
you've not correctly configured mod_jk but have somehow just routed the
whole request over to Tomcat to handle. I use Apache, mod_jk and Tomcat and
have never even looked at, disabled or deleted the ofbiz cert.

Ray


Vinay Agarwal wrote:

>BJ,
>Thanks for taking time. I will play with it a bit more in the mean time.
>Vinay
>
>-----Original Message-----
>From: [hidden email] [mailto:[hidden email]]
>On Behalf Of BJ Freeman
>Sent: Monday, May 29, 2006 1:40 PM
>To: OFBiz Users / Usage Discussion
>Subject: Re: [OFBiz] Users - Apache, mod_jk, SSL Cert - Why do I see OFBiz
>Test Cert?
>
>may be later this week, I will dig into my setup and see what I did.
>Kinda busy to take a chunk of time out right now.
>
>
>Vinay Agarwal sent the following on 5/29/2006 1:11 PM:
>  
>
 
_______________________________________________
Users mailing list
[hidden email]
http://lists.ofbiz.org/mailman/listinfo/users
 
_______________________________________________
Users mailing list
[hidden email]
http://lists.ofbiz.org/mailman/listinfo/users
Free forum by Nabble Edit this page