Tomcat Config Question
Tom Poage
tfpoage at ucdavis.edu
Mon Mar 12 17:34:12 GMT 2012
If this helps, I use mod_proxy_ajp for ports 443 and 8443, and the
following connector declaration (i.e. we don't use the 'dta-ssl' jar).
We do it this way is largely for historical reasons. I also tend to find
some things easier to do in httpd configuration than Tomcat's. I plan to
dust off Jetty in the (hopefully) not too distant future.
server.xml:
> <Connector port="8009" protocol="AJP/1.3" address="127.0.0.1" enableLookups="false" tomcatAuthentication="false" />
There is an 8080 connector, as well, but it's firewalled off to all but
localhost and a handful of internal addresses for testing.
httpd config:
> Listen 443
> Listen 8443
...
> NameVirtualHost *:443
> NameVirtualHost *:8443
...
> <VirtualHost *:443>
> ServerName shibboleth.ucdavis.edu:443
...
> <Location /idp/Authn/RemoteUser>
...
> Require valid-user
> </Location>
...
> ProxyPass /idp/ ajp://localhost:8009/idp/
> </VirtualHost>
> <VirtualHost *:8443>
> ServerName shibboleth.ucdavis.edu:8443
...
> ProxyPass /idp/ ajp://localhost:8009/idp/
> </VirtualHost>
Tom.
On 03/12/2012 10:03 AM, Christopher Bland wrote:
> Hello All,
>
> I am in the process of tracing a login context/previous session issue
> and Chad suggests it an enviroment issue. My question is, there are two
> sets of docs for Tomcat setup and I am not sure of the differences.
>
> https://wiki.shibboleth.net/confluence/display/SHIB2/IdPApacheTomcatPrepare
> Download tomcat6-dta-ssl-1.0.0.jar
> <http://shibboleth.internet2.edu/downloads/maven2/edu/internet2/middleware/security/tomcat6/tomcat6-dta-ssl/1.0.0/tomcat6-dta-ssl-1.0.0.jar> (asc
> <http://shibboleth.internet2.edu/downloads/maven2/edu/internet2/middleware/security/tomcat6/tomcat6-dta-ssl/1.0.0/tomcat6-dta-ssl-1.0.0.jar.asc>)
> in to /TOMCAT_HOME/lib//.
>
> <Connector port="8443"
> protocol="org.apache.coyote.http11.Http11Protocol"
> SSLImplementation="edu.internet2.middleware.security.tomcat6.DelegateToApplicationJSSEImplementation"
> scheme="https"
> SSLEnabled="true"
> clientAuth="true"
> keystoreFile="IDP_HOME/credentials/idp.jks"
> keystorePass="PASSWORD" />
>
>
> https://spaces.internet2.edu/display/ShibInstallFest/IdP+Step-by-Step
>
> <Connector port="8443"
> address="10.0.1.#"
> maxHttpHeaderSize="8192"
> maxSpareThreads="75"
> scheme="https"
> secure="true"
> clientAuth="want"
> sslProtocol="TLS"
> SSLEnabled="true"
> keystoreFile="/opt/shibboleth-idp/credentials/idp.jks"
> keystorePass="password"
> truststoreFile="/opt/shibboleth-idp/credentials/idp.jks"
> truststorePass="password"
> truststoreAlgorithm="DelegateToApplication" />
>
>
> I am unsure of what tomcat6-dta-ssl-1.0.0.jar does and the that mean
> that I don't need the extra parameters?
>
> Also I am using an Apache front-end with mod_proxy configured as
> ProxyPass /idp ajp://localhost:8009/idp. Are ProxyPassReverse or
> ProxyPassReverseCookiePath required as part of setup also?
>
> Any additional light anyone can shed on the subject would be helpful.
>
> Thanks in advance,
>
> -Chris
> --
>
>
> --
> To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net
More information about the users
mailing list