2

I've developed a java application that need a ssl client certificate and in the staging environment with apache 2.2 and mod_jk it is working fine. In production the configuration is not using mod_jk but mod_proxy_ajp. I'm looking for an apache configuration example that configure ssl and mod_proxy_ajp for sending the ssl client certificate to the java application server (which listens with the ajp protocol). Thanks a lot

  • You should keep staging and production the same. Otherwise you will get more of these problems. – Christian Sep 07 '10 at 07:56
  • I can't get the mod_jk configuration working. Can you help? https://stackoverflow.com/questions/58240796/pass-username-and-client-certificate-from-apache-to-tomcat-using-mod-jk – user157726 Oct 05 '19 at 07:39

3 Answers3

1

Using mod_proxy_ajp, you will need to set the RequestHeader directive to pass through the SSL parameters. Just refer to the Apache docs for examples on setting the directive either in a <Location> or <VirtualHost> section.

sybreon
  • 7,357
  • 1
  • 19
  • 19
0

I setup an apache web server and I found that mod_ajp forwards the client certificate without explicit configuration. my apache configurations is SSLEngine on SSLOptions +StdEnvVars +ExportCertData ProxyRequests Off SSLVerifyClient optional_no_ca Allow from All ProxyPass /sportellosociale ajp://localhost:8009/sportellosociale ProxyPassReverse /sportellosociale ajp://localhost:8009/sportellosociale*

I omitted the SSLCertificate directives

0

Mine is configured like so (although this configuration breaks any additional mod_rewrite rules that I create... and i dont know why):

<Location />
    ProxyPass ajp://localhost:8009/
    ProxyPassReverse ajp://localhost:8009/
</Location>
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} 
Redirect permanent / https://mysite.com/myapp?user=
djangofan
  • 4,172
  • 10
  • 45
  • 59