| Summary: | apache2: module mod_jk does not work with SSL | ||
|---|---|---|---|
| Product: | Gentoo Linux | Reporter: | Dietrich Schmidt <gentoo> |
| Component: | New packages | Assignee: | Java team <java> |
| Status: | VERIFIED WONTFIX | ||
| Severity: | normal | ||
| Priority: | High | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Package list: | Runtime testing required: | --- | |
Portage 2.1-r2 (default-linux/x86/2006.0, gcc-3.4.6, glibc-2.3.6-r4, 2.6.16-gentoo-r13 i686) ================================================================= System uname: 2.6.16-gentoo-r13 i686 Intel(R) Pentium(R) M processor 1.80GHz Gentoo Base System version 1.6.15 app-admin/eselect-compiler: [Not Present] dev-lang/python: 2.3.5, 2.4.3-r1 dev-python/pycrypto: 2.0.1-r5 dev-util/ccache: [Not Present] dev-util/confcache: [Not Present] sys-apps/sandbox: 1.2.17 sys-devel/autoconf: 2.13, 2.59-r7 sys-devel/automake: 1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2 sys-devel/binutils: 2.16.1-r3 sys-devel/gcc-config: 1.3.13-r3 sys-devel/libtool: 1.5.22 virtual/os-headers: 2.6.11-r2 ACCEPT_KEYWORDS="x86" AUTOCLEAN="yes" CBUILD="i686-pc-linux-gnu" CFLAGS="-march=pentium-m -O2 -fomit-frame-pointer" CHOST="i686-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/kde/3.4/env /usr/kde/3.4/share/config /usr/kde/3.4/shutdown /usr/kde/3.5/env /usr/kde/3.5/share/config /usr/kde/3.5/shutdown /usr/share/X11/xkb /usr/share/config /usr/share/texmf/dvipdfm/config/ /usr/share/texmf/dvips/config/ /usr/share/texmf/tex/generic/config/ /usr/share/texmf/tex/platex/config/ /usr/share/texmf/xdvi/" CONFIG_PROTECT_MASK="/etc/env.d /etc/env.d/java/ /etc/gconf /etc/java-config/vms/ /etc/revdep-rebuild /etc/terminfo" CXXFLAGS="-march=pentium-m -O2 -fomit-frame-pointer" DISTDIR="/usr/portage/distfiles" FEATURES="autoconfig distlocks metadata-transfer sandbox sfperms strict" GENTOO_MIRRORS="ftp://pandemonium.tiscali.de/pub/gentoo ftp://ftp.uni-erlangen.de/pub/mirrors/gentoo/" LANG="de_DE.utf8" LC_ALL="de_DE.utf8" MAKEOPTS="-j2" PKGDIR="/usr/portage/packages" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --delete-after --stats --timeout=180 --exclude='/distfiles' --exclude='/local' --exclude='/packages'" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" PORTDIR_OVERLAY="/usr/local/portage" SYNC="rsync://rsync.gentoo.org/gentoo-portage" USE="x86 X acpi alsa apache2 apm arts avi berkdb bitmap-fonts cdr cli crypt cups dlloader doc dri dvb dvd dvdr eds emboss encode esd foomaticdb fortran gdbm gif gpm gstreamer gtk gtk2 imlib ipv6 isdnlog ithreads java jpeg kde libg++ libwww mad mikmod mmx motif mp3 mpeg ncurses nls nptl oci8 ogg opengl oss pam pcmcia pcre pdflib perl png pppd python qt qt3 qt4 quicktime readline reflection sdl session source spell spl sse sse2 ssl tcpd threads truetype truetype-fonts type1-fonts udev unicode usb userlocales vorbis xml xmms xorg xv zlib elibc_glibc input_devices_keyboard input_devices_mouse kernel_linux userland_GNU video_cards_radeon video_cards_vesa" Unset: CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LDFLAGS, LINGUAS, PORTAGE_RSYNC_EXTRA_OPTS No and no. Try using it without -D SSL_DEFAULT_VHOST in /etc/conf.d/apache2. Anyway: that's a sample/minimum configuration file - you need to customize it for your needs. You can create vhosts.d/<high-number>_my_mod_jk_ssl_vhost.conf. Now, at last, I understand: running a website with http and https, I must NOT modify vhosts.d/00_default_vhost.conf and modules.d/41_mod_ssl.default-vhost.conf but rather remove DEFAULT_VHOST and SSL_DEFAULT_VHOST from /etc/conf.d/apache2 and create my own vhost config files in vhosts.d. |
I use the mod_jk module for apache-tomcat connection, and mod_jk comes with config file modules.d/88_mod_jk.conf. I use mod_jk with my SSL vhost, which contains <VirtualHost *:443> <IfModule mod_jk.c> # include mod_jk as tomcat connector Include /etc/apache2/jk.conf </IfModule> </VirtualHost> This configuration does not work with 41_mod_ssl.default-vhost.conf being in modules.d - at the time, where 41_mod_ssl.default-vhost.conf gets loaded, 88_mod_jk.conf has not been loaded and the connector does not work. I see 2 solutions: (1) move modules.d/41_mod_ssl.default-vhost.conf to the directory vhosts.d - that's what I do on my setup (2) rename 88_mod_jk.conf such that it will be loaded before 41_mod_ssl.default-vhost.conf Following Michael Stewart (vericgar) (see bug #142446) Solution (1) is not the preferred way. Therefore, solution (2) might be the best way to go.