3

I have a need to run Apache httpd in front of my JBoss so I can leave the JBoss ports in place (8080/8443) but have Apache/80 forward to Jboss/8080 and Apache/443 forward to Jboss/8443. I have the HTTP forwarding working but I can't get HTTPS forwarding to work. To get HTTP forwarding to work I simply loaded the correct proxy modules:

LoadModule proxy_module modules/mod_proxy.so

LoadModule proxy_ajp_module modules/mod_proxy_ajp.so

Then added these new directives:

ProxyPass / ajp://localhost:8009/

ProxyPassReverse / ajp://localhost:8009/

If all I want to do is forward port 443 to 8443 to I have to enable SSL? I don't need Apache to load and process a certificate.

Improve this question
1
  • Voting to move to ServerFault.
    – Bruno
    Commented Jul 25, 2012 at 18:55

1 Answer 1

Reset to default
4

You're confusing two things.

If you want port forwarding from port 443 to 8443, don't go via Apache Httpd, just forward the port (for example, via iptables). In this case your JBoss container must be configured to handle the SSL/TLS connection (all the certificate settings).

If you want a reverse proxy from Apache Httpd (listening on port 443) to your JBoss container, you don't need to enable SSL/TLS on your JBoss container (especially on localhost), just proxy the request to Apache Httpd in plain HTTP (or via AJP). For this, you'll need to configure Apache Httpd to handle the SSL/TLS connection.

Improve this answer
7
  • Bruno, is mod_proxy_http really a better solution for reverse proxying than AJP? Can you elaborate?
    – user207421
    Commented Jul 26, 2012 at 2:33
  • @EJP, I thought I had read on an Apache ML that some where considering AJP as deprecated (even via mod_proxy), but that might just have been an idea thrown into a discussion more than anything else. I've removed this from my answer, no point starting a rumour...
    – Bruno
    Commented Jul 26, 2012 at 13:52
  • I think you're thinking of mod_jk, which is one of the AJP implementations, and for some reason isn't part of the Apache HTTP distrib: I think it may have originated in the Tomcat project and then been spun out. There is still mod_proxy_ajp which is miles easier to configure and works flawlessly for me. I like AJP because I can remove the HTTP connectors completely from Tomcat and mediate all access to say the Tomcat Manager app much more easily too. It is also supposedly faster but I could not possibly comment.
    – user207421
    Commented Jul 26, 2012 at 14:24
  • Is there an equivalent to iptables in Windows? I have JBoss configured to handle SSL already and it works fine. My issue is just needing to forward 443 to 8443. Thanks for all the responses so far!
    – CTOMarc
    Commented Jul 26, 2012 at 17:08
  • @CTOMarc, not sure, but netsh interface portproxy add v4tov4 listenport=443 connectport=8443 (or something like that) sounds worth trying.
    – Bruno
    Commented Jul 26, 2012 at 17:15

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Not the answer you're looking for? Browse other questions tagged or ask your own question.