Apache forwarding tomcat HTTP to HTTPS

Recently in the small program, and the Small program network request required links need to HTTPS security links, before a random configuration can be used, but do not understand.

Then need a PHP project, looked around, need Apache server, and I have only a domain name, has been to Tomcat, if the domain name after the addition of port number is too stupid, but it is impossible to apply for a domain name bar. Reasoning, you can only configure forwarding.

(correction here, in fact, is not the domain name problem, but I only have a server, so I intend to do cluster, and then I know can apply for a class two domain name)

If it's a newly decompressed tomcat, there's no need to configure anything, mostly on Apache.

I am using apache2.4, and the certificate is using the certificate generated by letsencrypt-win-simple.v1.9.8.2.

In apache24/conf/httpd.conf file modification:

Found it

LoadModule ssl_module modules/mod_ssl.so     

LoadModule rewrite_module modules/mod_rewrite.so LoadModule proxy_

Module modules/mod_proxy.so 

LoadModule proxy_http_module modules/mod_proxy_http.so

Include conf/extra/ Httpd-ssl.conf

And get rid of the front #.

Here to say, in Apache automatically with SSL credentials, is

Include conf/extra/httpd-ahssl.conf

Inside it there is a line of Listen 443 HTTPS, which is open 443-Port listening, if you do not need AHSSL configuration, you can put the include conf/extra/ Httpd-ahssl.conf Shield and add listen 443 HTTPS to httpd-ssl.conf file

(Because of the use of Apache with its own credentials, you will be prompted to connect is not a private connection, so use your own credentials bar)

At the end of the httpd.conf file, add

Rewriteengine on
rewritecond%{server_port}
rewriterule ^.*$ Https://%{server_name}%{request_uri} [L,R]
Rewritelog Logs/rewrite.log
Rewriteloglevel 10

This is HTTP to HTTPS, if have encountered Rewritelog and Rewriteloglevel error, put these two shielding (this is the output log, for the moment not to find a solution, mainly not used)

Next is the apache24/conf/extra/httpd-ssl.conf file:

In the above include conf/extra/httpd-ssl.conf is to refer to this file

Put on my configuration.

<virtualhost _default_:443> 
	sslengine
	on ServerName localhost:443 #对应httpd. conf ServerName
	Serveralias www.example.com www.xxx.com  #可以配置多个域名, I don't need
	sslprotocol TLSv1
	TLSv1.1 TLSv1.2 Sslcertificatefile "${srvroot}/conf/ssl/www.example.com-crt.pem" #证书文件地址
	sslcertificatekeyfile "${SRVROOT}/ Conf/ssl/www.example.com-key.pem "#证书密钥地址  #我把这两个文件复制进apache/conf/ssl folder, if in other folders, can write absolute path  DocumentRoot "${srvroot}/htdocs" #项目路径, if only forwarding, you can not need
	customlog "${srvroot}/logs/ssl_request.log" \
          "%t%h% {ssl_protocol}x%{ssl_cipher}x \ "%r\"%b "
	<directory" ${srvroot}/htdocs ">
		Options Indexes Includes FollowSymLinks
		allowoverride authconfig Limit FileInfo Require all
    granted
	</Directory>
	Proxypass		/http://localhost:8080/forwarding configuration
	proxypassreverse 	/http://localhost:8080/
</ Virtualhost>

Above my configuration according to the simple to match, temporarily did not find other problems.

To illustrate Proxypass and Proxypassreverse, the configuration format is:

Proxypass		/Project name http://tomcat Project path: Tomcat port number/url
proxypassreverse 	/project name http://tomcat Project path: Tomcat port number/url

For example, the configuration is:/example http://localhost:8080/example

It means that when I enter the domain name www.example.com, I am accessing the items in the Htdocs under the Apache directory.

And when I entered the www.example.com/example, I visited the example project under Tomcat.

Because I have a default Access project configured in Tomcat/conf/server.xml and I need to use the domain name directly to access the example project, I direct to/represent the root directory of Tomcat and do not need url,url to represent the project or a link

Finally say, remember to open the firewall, the 80 port and 443 port open, otherwise cannot use domain name direct access.

Lower right-> open Network and Sharing Center->windows Network firewall-> Advanced Settings-> Inbound rules-> new rule

Select-> port in open window->TCP: specific Local port: (fill 80 or 443)-> allow link-> naming

As the level of personal skills is limited, if there is anything wrong, please correct me.