Showing posts with label tomcat. Show all posts
Showing posts with label tomcat. Show all posts

Wednesday, October 14, 2015

How to enable multiple domains in Apache Server using Name-Based VirtualHosts and SSL

Scenario: I have an Apache Server(SSL enabled) and tomcat running on my machine and there is one application (app1) hosted on tomcat which is only accessible from Apache Server. You cannot access it directly from tomcat.
Now you want to access app1 using multiple domains i.e. domain1.waheedtechblog.com annd domain2.waheedtechblog.com should point to the same application which is hosted on tomcat.

(I want to implement different Authentication mechanism based on different domains)
Solution: The above case can be achieved using NameBased VirtualHosts and SSL.
First you need to uncomment following lines form ${apache}/conf/httpd.conf file
  • LoadModule ssl_module modules/mod_ssl.so
  • LoadModule proxy_module modules/mod_proxy.so
  • LoadModule proxy_ajp_module modules/mod_proxy_ajp.so
  • LoadModule rewrite_module modules/mod_rewrite.so
  • LoadModule proxy_http_module modules/mod_proxy_http.so
  • Include conf/extra/httpd-ssl.conf

then goto ${apache}/conf/extra/httpd-ssl.conf file add Virtualhost tag for each domain.

Listen 443
NameVirtualHost *:443

<VirtualHost *:443>

DocumentRoot "c:/Apache2/htdocs"
ServerName domain1.waheedtechblog.com
ServerAdmin admin@example.com
ErrorLog "c:/Apache2/logs/error_domain1.log"
TransferLog "c:/Apache2/logs/access_domain1.log"

SSLEngine on
SSLCertificateFile "C:\Apache2\certificate\domain1.crt"
SSLCertificateKeyFile "C:\Apache2\certificate\domain1.key"

ProxyPass / ajp://sp.domain.com:8009/app1/

BrowserMatch "MSIE [2-5]" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
</VirtualHost>

<VirtualHost *:443>

DocumentRoot "c:/Apache2/htdocs"
ServerName domain2.waheedtechblog.com
ServerAdmin admin@example.com
ErrorLog "c:/Apache2/logs/error_domain2.log"
TransferLog "c:/Apache2/logs/access_domain2.log"

SSLEngine on
SSLCertificateFile "C:\Apache2\certificate\domain2.crt"
SSLCertificateKeyFile "C:\Apache2\certificate\domain2.key"

ProxyPass / ajp://sp.domain.com:8009/app1/

BrowserMatch "MSIE [2-5]" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
</VirtualHost>

Points to remember:
  • Add all DNS entry in system hosts file Eg: for windows (Add “127.0.0.1 domain1.waheedtechblog.com” to “C:\Windows\System32\drivers\etc\hosts”)
  • Make sure you are using different certificates and Key for each domain or else it will always point to default VirtualHost i.e. first one that you have defined. Click here on how to generate key and certificate.
  • In proxyPass, always ends with '/' or else you will see redirect issue.

In case of any issue, You can drop your comment in the comment box.

Reference:

https://wiki.apache.org/httpd/NameBasedSSLVHosts

Thursday, September 10, 2015

How to install and configure Apache Tomcat 7 on Cent OS

Here are the steps to install and configure Apache Tomcat 7 on Cent OS :



  • Stop the tomcat
    • sh /opt/tomcat7/bin/shutdown.sh

  • [Optional] To access admin|manager pages, you need to create user accounts. Add below lines inside <tomcat-users></tomcat-users> tags in ${tomcat7}/conf/tomcat-users.xml file.
    <role rolename="manager-gui"/>
      <user username="manager" password="root123" roles="manager-gui"/>
      <role rolename="admin-gui"/>
      <user username="admin" password="root123" roles="manager-gui,admin-gui"/>




Sunday, December 11, 2011

How to enable SSL on apache Tomcat 7.0

This tutorial shows how to enable SSL support for Apache Tomcat web server.
Requirement

*) Apache Tomcat 5.0
*) JDK 1.5

Note: if you have JDK below 1.4, you need to install Java Secure Socket Extensions (JSSE)

To install and configure SSL support on Tomcat, you need to follow these simple steps.


Generating the KeyStore file:

*) Create a keystore file to store the server's private key and self-signed certificate by executing the following    
    command.
*) Enter command line and change directory to your JAVA\bin folder. (Default path is: C:\Program    
    Files\Java\jre6\bin).
*) Type “keytool –genkey –alias tomcat –keyalg RSA" and press Enter.
        Where tomcat is an alias name and RSA is a key algorithm.
*) Type your password for the keystore. (Default password is: changeit). In this example, I’ll use password as “password"

Enter general information about this Certificate. The example is the image below. In the last line, Enter key password for (tomcat) should be the same as you enter before.Note that this information will be displayed to users who attempt to access a secure page.



*) The file .keystore will be created on your account. (Currently, I use administrator account so it’ll be in  
    C:\Documents and Settings\Administrator).
    I have copied the .keystore file and placed in tomcat folder.

Configure Tomcat:
*) Open server.xml in Tomcat\conf folder. (Default path is: C:\Program Files\Apache Software  
     Foundation\Tomcat x.x\conf).
*) Uncomment the paragraph below this line

<!-- Define a SSL HTTP/1.1 Connector on port 8443 This connector uses the JSSE configuration, when using APR, the connector should be using the OpenSSL style configuration described in the APR documentation -->

Add new attribute 

    keystoreFile="PATH\TO\KEYSTORE\.keystore"
    keystorePass=”password” to the Connector element. If you haven’t change keystore’s password, you    
               don’t have to add this attribute.
   Chnage protocol="org.apache.coyote.http11.Http11NioProtocol"

<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS" keystoreFile="C:\software\apache-tomcat-7.0.23-windows-x64\apache-tomcat-7.0.23\.keystore" keystorePass="password" />

*) Save and restart Apache Tomcat service.

Test the result:

Open browser and navigate to the Apache Tomcat server with https://localhost:8443

How TOPT Works: Generating OTPs Without Internet Connection

Introduction Have you ever wondered how authentication apps like RSA Authenticator generate One-Time Passwords (OTPs) without requiring an i...