Ssl with jboss

From Initq

Jump to: navigation, search

Contents

Issue

We were running our app on port 8080 with http. We were told that we needed to have ssl and use https. We decided to use apache for this rather than make changes to JBoss. So we installed apache and then edited the following configs.

Changes to httpd.conf

Make sure that you are reading an external virtual host file. 

Listen 80
Listen 443
Include conf/extra/httpd-vhosts.conf

Changes to vhosts.conf

We created two virtual hosts in our file. One is for port 80 and the second is for port 443. 

AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl    .crl
 
SSLPassPhraseDialog  builtin
SSLSessionCache        "shmcb:/opt/apache2.2/logs/ssl_scache(512000)"
SSLSessionCacheTimeout  300
SSLMutex default
 
<VirtualHost *:80>
        ServerName dominion.google.com
        Redirect / https://dominion.google.com/public_html/controller
        DocumentRoot "/opt/apache2.2/htdocs"
</VirtualHost>
 
<VirtualHost *:443>
 
DocumentRoot "/opt/apache2.2/htdocs"
ServerName dominion.google.com:443
ServerAdmin qasket@gmail.com
ErrorLog "/opt/apache2.2/logs/error_log"
TransferLog "/opt/apache2.2/logs/access_log"
SSLEngine on
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateFile "/opt/apache2.2/certs/server.crt"
SSLCertificateKeyFile "/opt/apache2.2/certs/server.key"
 
<FilesMatch "\.(cgi|shtml|phtml|php)$">
    SSLOptions +StdEnvVars
</FilesMatch>
<Directory "/opt/apache2.2/cgi-bin">
    SSLOptions +StdEnvVars
</Directory>
 
BrowserMatch ".*MSIE.*" \
         nokeepalive ssl-unclean-shutdown \
         downgrade-1.0 force-response-1.0
 
CustomLog "/opt/apache2.2/logs/ssl_request_log" \
          "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
 
ProxyPreserveHost On
ProxyPass  /   http://dominion.google.com:8080/
ProxyPassReverse /   http://dominion.google.com:8080/
 
</VirtualHost>

Enable SSL module

Please enable the SSL Module in the httpd.conf file. 

LoadModule ssl_module modules/mod_ssl.so

Enable Proxy module

Please enable the Proxy Module in the httpd.conf file. 

LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_ajp_module modules/mod_proxy_ajp.so
LoadModule proxy_balancer_module modules/mod_proxy_balancer.so
LoadModule proxy_connect_module modules/mod_proxy_connect.so
LoadModule proxy_ftp_module modules/mod_proxy_ftp.so
LoadModule proxy_http_module modules/mod_proxy_http.so

What really happens

Our JBoss runs on port 8080 and our application's URL is /public_html/controller. We had to pass all this information through https. So after the vhosts here is what happens step by step.

  1. You type http://dominion.google.com or https://dominion.google.com.
  2. The virtual host for port 80 takes the request if it comes on http.
  3. It looks at the redirect and sends it to https port 443. It also saves the URL /public_html/controller/
  4. Virtual host for 443 gets the request, does the SSL negotiation and then looks at the proxypass and forwards it to port 8080 through https.
  5. The URL /public/controller is also forwarded during the proxypass.
  6. The address bar on your browser will look like https://dominion.google.com/public_html/controller
  7. The port 8080 will not show and you will always be going through https for all your traffic.
Retrieved from "http://initq.com/index.php/Ssl_with_jboss"
Personal tools