<$BlogRSDUrl$>

Tuesday, April 01, 2008

Apache Web Server, 2 Tomcat instance dan SSL

Aik? Lagi?

Ya, lagi. :D

Kali ini kita tambah satu instance Tomcat lagi. Step2nya:

1. Ikut sampai berjaya step2 "Apache Web Server, Tomcat dan SSL".

2. Copy & paste satu lagi dir Tomcat.

3. Ubah file <dir tomcat kedua>\conf\server.xml:
a. Tukar
<Server port="8005" shutdown="SHUTDOWN">
Kepada
<Server port="8105" shutdown="SHUTDOWN">
b. Tukar
<Connector port="8080" protocol="HTTP/1.1" connectionTimeout="20000" redirectPort="8443" />
Kepada
<Connector port="8180" protocol="HTTP/1.1" connectionTimeout="20000" redirectPort="8543" />
c. Tukar
<Connector port="8009" protocol="AJP/1.3" redirectPort="8443" />
Kepada
<Connector port="8109" protocol="AJP/1.3" redirectPort="8543" />

4. Buka file C:\xampp\tomcat\conf\workers.properties
a. Tambah
worker.list=worker1
worker.worker1.port=8109
# change this line to match apache ServerName and Host name in server.xml
worker.worker1.host=192.168.82.82
worker.worker1.type=ajp13
worker.worker1.lbfactor=1
# END workers.properties

dihujung file. Dapat diperhatikan, ajp13 telah pun dideclare utk kita. Baik hati apache friends ni.

5. Rename <dir tomcat kedua>\webapps\examples kepada <dir tomcat kedua>\webapps\examples2

Ok, Tomcat settle. Apache Web Server pula.

6. Kita hubungkan non-ssl connection kat file C:\xampp\apache\conf\extra\mod_jk.conf. Selepas
JkMount /examples/* ajp13
Tambah
JkMount /examples2/* worker1

7. Kita hubungkan ssl connection kat file C:\xampp\apache\conf\extra\httpd-ssl.conf.
Selepas
JkMount /examples/* ajp13
Tambah
JkMount /examples2/* worker1

8. Uji:
a. http://192.168.82.82:8080/examples/jsp/jsp2/el/basic-comparisons.jsp - pastikan Tomcat instance 1 hidup.
b. http://192.168.82.82:8180/examples2/jsp/jsp2/el/basic-comparisons.jsp - pastikan Tomcat instance 2 hidup.
c. http://192.168.82.82/examples/jsp/jsp2/el/basic-arithmetic.jsp - pastikan Apache forward non-ssl request kpd Tomcat 1.
d. https://192.168.82.82/examples/jsp/jsp2/el/basic-arithmetic.jsp - pastikan Apache forward ssl request kpd Tomcat 1.
e. http://192.168.82.82/examples2/jsp/jsp2/el/basic-comparisons.jsp - pastikan Apache forward non-ssl request kpd Tomcat 2.
f. https://192.168.82.82/examples2/jsp/jsp2/el/basic-comparisons.jsp - pastikan Apache forward ssl request kpd Tomcat 2.

Selamat mencuba!


Apache Web Server, Tomcat dan SSL

Seterusnya, macam mana nak setup Apache Web Server supaya menyerahkan semua permohonan kepada Tomcat dengan cara perhubungan SSL. SSL dilakukan oleh Apache Web Server, bukan Tomcat yg handle.

1. Pastikan langkah2 dalam "Apache Web Server dan SSL" dibawah telah berjaya.

2. Download Xampp Add-Ons. Saya download "xampp-win32-tomcat-addon-6.0.14-2.2.8-installer.exe". Install ke c:\xampp.

3. File C:\xampp\tomcat\conf\server.xml:
a. Tukar
<Host name="localhost" appBase="webapps"
kepada
<Host name="192.168.82.82" appBase="webapps"

4. File C:\xampp\apache\conf\httpd.conf
a. Tambah
Include conf/extra/mod_jk.conf
di akhir file.
b. Tukar
ServerName localhost:80
kepada
ServerName 192.168.82.82:80

5. File C:\xampp\apache\conf\extra\httpd-ssl.conf
a. Tukar
<VirtualHost _default_:443>
kepada
<VirtualHost 192.168.82.82:443>
b. Tukar
ServerName localhost:443
kepada
#ServerName localhost:443
c. Tambah
JkMount /*.jsp ajp13
JkMount /examples/* ajp13
selepas
ServerAdmin admin@localhost

6. Rename mod_jk.conf.new kpd mod_jk.conf

7. Ganti IP "192.168.82.82" kepada IP sebenar anda.

8. Untuk memudahkan test, tambah
set JAVA_HOME=C:\Program Files\Java\jdk1.5.0_12
ke dalam file C:\xampp\tomcat\bin\startup.bat dan C:\xampp\tomcat\bin\shutdown.bat

9. Run Tomcat, spt double click file startup.bat. Selepas Tomcat up dgn jayanya, run Apache Web Server dpd Xampp Control Panel Application dgn tekan start button.

10. Uji dgn access URL sedemikian:
a. https://192.168.82.82/xampp/
b. http://192.168.82.82:8080/examples/jsp/jsp2/el/basic-arithmetic.jsp
c. http://192.168.82.82/examples/jsp/jsp2/el/basic-arithmetic.jsp
d. https://192.168.82.82/examples/jsp/jsp2/el/basic-arithmetic.jsp

10.a uji Apache Web Server dan SSL
10.b uji Tomcat
10.c uji Apache Web Server yg forward request kpd Tomcat
10.d uji Apache Web Server yg forward request melalui SSL kpd Tomcat.

Jika berjaya dpt sampai 10.d, maka, berjayalah setup anda.

Semoga berjaya!



Apache Web Server dan SSL

Just nak share camna nak setup Apache dan SSL.

1. Download and install xampp from apache friends. Saya download xampp-win32-1.6.6a-installer.exe

2. Create the certificate:
a. Buka dos window dan pi ke dir xampp/apache/bin
b. openssl genrsa -out server.key 1024
c. openssl req -new -key server.key -out server.csr
d. copy server.key server.key.org
e. openssl rsa -in server.key.org -out server.key
f. openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt

Untuk step 2c, pastikan:
i. file openssl.cnf dlm dir xampp/apache/bin diletakkan dlm dir C:\usr\local\ssl
ii. jawab sekurang2nya soalan "Common Name (eg, your name or your server's hostname) []:" spt "localhost" atau letak ip address atau domain name. Ini sangat penting kerana certificate ini hanya untuk name yang diberi dan akan beri amaran setiap kali user access page jika nama yang diberikan berlainan dgn URL. Katakan kita guna "192.168.82.82".

3. Copy kedua2 file server.key dan server.crt ke, cthnya dir C:\xampp\apache\conf

4. Letak ke dlm file "C:\xampp\apache\conf\extra\httpd-ssl.conf" dua baris berikut:
SSLCertificateFile conf/server.crt
SSLCertificateKeyFile conf/server.key

Elok komen dua line berikut:
SSLCertificateFile conf/ssl.crt/server.crt
SSLCertificateKeyFile conf/ssl.key/server.key

kepada:
#SSLCertificateFile conf/ssl.crt/server.crt
#SSLCertificateKeyFile conf/ssl.key/server.key

kerana kedua2 line ini declare "localhost" sebagai "Common Name" dan akan menggangu test kita kalau kita declare localhost mahupun IP PC yang dilakukan test ini.

5. Run apache dan test kat browser "https://192.168.82.82/xampp". Jika semuanya a ok, web page "XAMPP for Windows" akan keluar. Masalahnya, kita boleh tukar url kpd "http://localhost/xampp", tanpa 's' tu. Akibatnya, web page tu tak lagi secure.

6. Utk paksa sebahagian atau semuanya mesti https, letak ke dlm file "C:\xampp\apache\conf\httpd.conf":
<directory />
SSLRequireSSL
</directory>

Saya cuba letak kat dlm file "C:\xampp\apache\conf\extra\httpd-ssl.conf" tapi tak jalan. Selepas restart balik apache, url http akan keluar "Forbidden" dan kita hanya boleh access web page atau web application kita guna https.

Selamat mencuba!

Comments:
brother no active any more ?
 
dah tak aktif... awal tahun lepas, cuba gak menulis kembali... tiba2 kena slip disc bhgn atas... semangat nak menulis, walaupun byk nak tulis, dah hilang... at least... buat masa ini...

akan cuba lagi... saya nak gak sambung cerita pasal mamat 'D'... ada 1 lagi cerita yg tak dicerita2... tapi... sempena 10 tahun peristiwa itu berlaku kpd D, berminat gak nak ceritakan...
 
Post a Comment

This page is powered by Blogger. Isn't yours?