× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. WEB400
  3. October 2005

RE: SSL TOMCAT 5 on iSeries

For whoever has been reading this string. We were able to use the Tomcat wizard 
to setup the out-of-process tomcat server using the IBM connector and it worked 
using the tomcat 5 app server. The wizard points to port 8009 by default which 
is the one tomcat listens on by default and we selected the newer AJP13 worker 
type. We do get a warning in the Apache web server configuration screen that 
says
 Note: The port specified for worker ENGINE1 does not match any defined servlet 
engine on the local host.
but that does not appear to cause any problems. We did disable the built in 
listener on tomcat 5 so port 8080 is not live. 
 
I have attached the Apache config if anyone is courious. It is a setup for both 
inprocess and out-of-process tomcat in the same http instance.

>>> Matt.Haas@xxxxxxxxxxx 10/13/2005 9:43:10 AM >>>

Mike,

It looks like I referenced the IBM provided connector in the article so
you'll want to change the path to where ever you put the one you
downloaded from apache.org.

I'm not sure if using the wizard buys you anything or not. Since the
connectors are different, there may be changes (besides path changes)
you'd have to make anyway (I'm not implying that there are changes, just
that you'd need to check). Personally, I'd check the connector docs and
just follow along with them.

Matt

-----Original Message-----
From: web400-bounces+matt.haas=thomson.com@xxxxxxxxxxxx
[mailto:web400-bounces+matt.haas=thomson.com@xxxxxxxxxxxx] On Behalf Of
Mike Cunningham
Sent: Wednesday, October 12, 2005 10:32 PM
To: web400@xxxxxxxxxxxx; Haas, Matt
Subject: RE: [WEB400] SSL TOMCAT 5 on iSeries

Thanks Matt. What you sent got me close. I have the mod_jk service
program installed. And I read
http://www.ignite400.org/news/pdf/news2002030304.pdf on how to install
tomcat 4. 

your article talks about adding this to the Apache config.
LoadModule jk_module /QSYS.LIB/QHTTPSVR.LIB/QZTCJK.SRVPGM
I would assume I need to change the QZTCJK.SRVPGM to the newer
MOD_JK.SRVPGM

The rest of the directives look fairly simple. Do you think it would be
of any benefit to use the Apache tomcat wizard to setup the IBM
recommended directives for tomcat and then modify the Apache config to
point to the new connector /


>>> Matt.Haas@xxxxxxxxxxx 10/12/2005 10:11:51 AM >>>

Mike,

Unless you want to mess with OpenSSL (I don't even know if this has been
ported to OS/400), the path of least resistance is to set up an HTTP
server running SSL in front of it. You will not be able to use the
wizard to do this but it isn't all that difficult. The first thing
you'll need to do is download the connector from
http://www.apache.org/dist/jakarta/tomcat-connectors/jk/binaries/iseries
/ and install it. Once it's installed, just follow the documentation at
http://jakarta.apache.org/tomcat/connectors-doc/ to configure it. I
wrote an article on doing this for Tomcat 4 (I think it's available from
http://www.ignite400.org) a while back but it's pretty easy if you can't
find the article.

Matt

-----Original Message-----
From: web400-bounces+matt.haas=thomson.com@xxxxxxxxxxxx
[mailto:web400-bounces+matt.haas=thomson.com@xxxxxxxxxxxx] On Behalf Of
Mike Cunningham
Sent: Wednesday, October 12, 2005 9:48 AM
To: web400@xxxxxxxxxxxx
Subject: [WEB400] SSL TOMCAT 5 on iSeries

We have a tomcat 5 engine running on our iSeries (V5R3) and are
currently using the built in HTTP server to serve applications (i.e. the
default port 8080 server) . We would like to setup SSL on this tomcat 5
server but it does not appear in the IBM Certificate manager as an
application to assign a certificate to. We have other Apache HTTP
servers running under SSL and one Apache server running SSL and using
the inprocess tomcat server. We have done some investigation and appear
to have two options. Setting up SSL manually for the tomcat HTTP server
as per instructions on the tomcat site or configuring the existing
Apache SSL HTTP server to use the tomcat 5 server as an out-of-process
server. The second option sounded easier and more logical but when we
tried to the setup using the tomcat wizard setup the Apache server does
not appear to know about the tomcat 5 server. Has anyone setup tomcat 5
to run SSL and if so how did you do it ?


 1    # Configuration originally created by Create HTTP Server wizard on Fri 
Jul 15 12:50:27 EDT 2005 
  2    LoadModule ibm_ssl_module /QSYS.LIB/QHTTPSVR.LIB/QZSRVSSL.SRVPGM 
  3    LoadModule jk_module /QSYS.LIB/QHTTPSVR.LIB/QZTCJK.SRVPGM 
  4    Listen *:81 
  5    Listen *:82 
  6    DocumentRoot /www/jsp/htdocs 
  7    Options -ExecCGI -FollowSymLinks -SymLinksIfOwnerMatch -Includes 
-IncludesNoExec -Indexes -MultiViews 
  8    LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" 
combined 
  9    LogFormat "%{Cookie}n \"%r\" %t" cookie 
  10    LogFormat "%{User-agent}i" agent 
  11    LogFormat "%{Referer}i -> %U" referer 
  12    LogFormat "%h %l %u %t \"%r\" %>s %b" common 
  13    CustomLog logs/access_log combined 
  14    LogMaint logs/access_log 7 0 
  15    LogMaint logs/error_log 7 0 
  16    HotBackup Off 
  17    AccessFileName .htaccess 
  18    SetEnvIf "User-Agent" "Mozilla/2" nokeepalive 
  19    SetEnvIf "User-Agent" "JDK/1\.0" force-response-1.0 
  20    SetEnvIf "User-Agent" "Java/1\.0" force-response-1.0 
  21    SetEnvIf "User-Agent" "RealPlayer 4\.0" force-response-1.0 
  22    SetEnvIf "User-Agent" "MSIE 4\.0b2;" nokeepalive 
  23    SetEnvIf "User-Agent" "MSIE 4\.0b2;" force-response-1.0 
  24    JkMount /TestingServices/* inprocess 
  25    JkMount /manager/html MANAGER 
  26    JkMount /manager/html/* MANAGER 
  27    JkMount /manager/* MANAGER 
  28    JkMount /admin ADMIN 
  29    JkMount /admin/* ADMIN 
  30    JkMount /gradSurvey ENGINE1 
  31    JkMount /gradSurvey/* ENGINE1 
  32    JkMount /Public/* inprocess 
  33    JkWorkersFile /www/jsp/conf/workers.properties 
  34    JkLogFile /www/jsp/logs/jk.log 
  35    JkLogLevel Error 
  36     
  37    DirectoryIndex index.html 
  38    <Directory /> 
  39         Order Deny,Allow 
  40         Deny From all 
  41    </Directory> 
  42    <Location "/TestingServices/"> 
  43         Order Allow,Deny 
  44         Require valid-user 
  45         Allow From all 
  46         PasswdFile %%SYSTEM%% 
  47         AuthType Basic 
  48         AuthName TestingServices 
  49    </Location> 
  50    <Location /Public/> 
  51         Allow From all 
  52    </Location> 
  53    <VirtualHost *:82> 
  54         SSLEngine On 
  55         SSLAppName QIBM_HTTP_SERVER_JSP 
  56         SetEnv HTTPS_PORT 82 
  57    </VirtualHost>

As an Amazon Associate we earn from qualifying purchases.

This thread ...
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.