[jboss-user] [Security & JAAS/JBoss] - Apache mod_jk / JBoss SSL question

bezdomny do-not-reply at jboss.com
Tue Jul 11 16:15:28 EDT 2006 

I've seen this asked many times and I think I have an answer that works for my particular situation. 
Please tell me if I'm right or wrong as I need to get my app deployed by next week.
I have a site that MUST be SSL enabled for all pages, including login. Instead of enabling SSL in JBoss, I'm using my site's existing cert that is used by Apache. I'm using mod_rewrite  like this inside both virtual hosts:

<VirtualHost blah.mysite.com:443>
	ServerAdmin webmaster at dummy-host.example.com
	DocumentRoot "D:/usr/dev/web/mypath"
	ServerName blah.mysite.com
	DirectoryIndex index.html
	ErrorLog logs/blah-error_log
	CustomLog logs/blah-access_log common
	SSLEngine on
	SSLCertificateFile "C:\Program Files\Apache Group\Apache2\ssl\mycert.cert"
  	SSLCertificateKeyFile "C:\Program Files\Apache Group\Apache2\ssl\mykey.key"
	SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
RewriteEngine on 

RewriteCond %{SERVER_PORT} !^443$ 
RewriteRule ^/(.*)$ https://blah.mysite.com/$1 [L,R] 
	



<VirtualHost blah.mysite.com:80>
	ServerAdmin webmaster at dummy-host.example.com
	DocumentRoot "D:/usr/dev/web/mypath"
	ServerName blah.mysite.com
	DirectoryIndex index.html
	ErrorLog logs/blah-error_log
	CustomLog logs/blah-access_log common
RewriteEngine on 

RewriteCond %{SERVER_PORT} !^443$ 
RewriteRule ^/(.*)$ https://blah.mysite.com/$1 [L,R] 


So this says that any request to any of these virtual hosts that ISN'T on port 443 is then redirected using the https: scheme.

Is this an exceptable way to require SSL when Jboss is used with Apache and mod_jk?

Thanks for the help. The reason why I don't want to enable SSL in JBoss directly is complicated. I work in a big corp environment and they don't like making changes from regular certs to java keystores and the like.

B



View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3957132#3957132

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3957132

More information about the jboss-user mailing list