Apache in front of Glassfish: mod_jk on https(443)

Question

After the recommendation of using Apache http server in front of glassfish ( check question ), i used the following tutorial and made it work but only on port 80.
What i mean is now i can type:

www.mydomain.com

and it runs. However if i run an application that requires https, ie having in web.xml (a J2EE application)

<transport-guarantee>CONFIDENTIAL</transport-guarantee>

When i type:

www.mydomain.com

it automatically loads:

https://www.mydomain.com:8181

I do not want to show port 8181, i want just :https://www.mydomain.com.

PS: I will be using only ONE application which runs in context "/" .

Following are my configurations:

*workers.properties file:

worker.list=ajp13unsecure, ajp13secure

worker.ajp13unsecure.type=ajp13
worker.ajp13unsecure.host=localhost
worker.ajp13unsecure.port=8009

worker.ajp13secure.type=ajp13
worker.ajp13secure.host=localhost
worker.ajp13secure.port=8009

*httpd.conf file i added:

Listen 443

# Load mod_jk module
# Update this path to match your modules location
LoadModule    jk_module  modules/mod_jk.so

# Where to find workers.properties
# Update this path to match your conf directory location (put workers.properties next to httpd.conf)
JkWorkersFile conf/workers.properties

# Where to put jk logs
# Update this path to match your logs directory location (put mod_jk.log next to  access_log)
# This can be commented out, to disable logging
JkLogFile     logs/mod_jk.log

# Set the jk log level [debug/error/info]
# Only matters if JkLogFile is being used.
JkLogLevel    debug

# Select the timestamp log format
JkLogStampFormat "[%a %b %d %H:%M:%S %Y] "

# JkOptions indicate to send SSL KEY SIZE
JkOptions +ForwardKeySize +ForwardURICompat -ForwardDirectories

# JkRequestLogFormat set the request format
JkRequestLogFormat "%w %V %T"

# Send everything for context /examples to worker named worker1 (ajp13)
# /examples would most likely be the name of your WebApp (c:/tomcat/webapps/example)
JkMount  /* ajp13secure

# Should mod_jk send SSL information (default is On)
JkExtractSSL On
# What is the indicator for SSL (default is HTTPS)
JkHTTPSIndicator HTTPS
# What is the indicator for SSL session (default is SSL_SESSION_ID)
JkSESSIONIndicator SSL_SESSION_ID
# What is the indicator for client SSL cipher suit (default is SSL_CIPHER)
JkCIPHERIndicator SSL_CIPHER
# What is the indicator for the client SSL certificated? (default is SSL_CLIENT_CERT)
JkCERTSIndicator SSL_CLIENT_CERT

Questions:
What am i missing so that port 8181 doesn't appear in the URL anymore?

Also as i said SSL certificate is already installed in glassfish, do i have to install it in Apache or its ok like that?

PS:i am using

• glassfish v3.0.1
• windows server 2008 r2
• Apache v2.2
• I already installed a godaddy SSL certificate IN glassfish keystore. It works and is running well.

Answer 1

This is the result of a redirect issued by your application to force you to connect through SSL. The issue is that because glassfish is now behind a proxy, the app doesn't know that the port it's running on isn't the port people are supposed to be using. Somewhere, there should be configuration to override the port to use.

The easy solution for this specific problem is to use Apache instead of Java to handle forcing people to use SSL, which you can do with mod_rewrite:

RewriteEngine On
RewriteCond %{HTTPS} !=on    
RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L]

That said, the real solution is to figure out where that URL redirect is coming from and what can be done to reconfigure it. It's likely that this issue will show up in other places where your app creates URLs, such as user registration emails.

(Disclaimer: I know nothing about how Glassfish/J2EE/all these fiddly little Java bits fit together, so I'm not sure where exactly in that stack this URL is being constructed or what you have to change to fix it)