Tomcat with AutoSSL using EasyApache 3 with mod_jk

[Raj Janorkar]

Hi Team,

SSL is more like default requirement now for any website owner, also google pushing hard on it.

My scenario is something like below :

I am using EasyApache 3 with Tomcat 7 (i will migrate to EasyApache 4 as soon as it is supported here)

So my main website is php which and i run tomcat and use mod_jk to serve tomcat app, so in general how it works

- Removed - - served by apache (php app)
- Removed - - served by tomcat 7 (java app)

as cpanel provide AutoSSL so i do not have problem migrating my php website and start serving it on - Removed - - it works perfectly fine.

I was expecting my tomcat app will also work but it does not (- Removed -) this don't work, in general if i migrate to HTTPS my whole app does not work.

(currently i am doing htaccess redirect to HTTP, just to keep it running, but i have to migrate both php and java app to HTTPS)

I am actually looking for guidance from someone who know how to fix this, i don't want to buy another third party ssl certificate, as Cpanel provide AutoSSL for free so just want to use that.

Thank you in advance.

 

[Raj Janorkar]

'Removed' URLS like below :

"http: //example.com" - served by apache (php app)
"http: //example.com/tomcat" - served by tomcat 7 (java app)

 

[cPanelMichael]

Hello @Raj Janorkar,

Can you let us know the contents of the .htaccess file in the directory where the Java application is stored?

Thank you.

 

[Raj Janorkar]

<IfModule mod_rewrite.c>
    <IfModule mod_negotiation.c>
        Options -MultiViews
    </IfModule>

    Options -Indexes
    RewriteEngine On

    # Apache Shindig
RewriteCond %{REQUEST_URI} !^/[0-9]+\..+\.cpaneldcv$
RewriteCond %{REQUEST_URI} !^/\.well-known/pki-validation/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$
    RewriteRule ^(shindig) - [L]


    # Redirect without www to www
    RewriteCond %{HTTP_HOST} ^example\.com$ [NC]
RewriteCond %{REQUEST_URI} !^/[0-9]+\..+\.cpaneldcv$
   RewriteCond %{HTTP_HOST} ^example\.com$ [NC]
RewriteCond %{REQUEST_URI} !^/[0-9]+\..+\.cpaneldcv$
RewriteCond %{REQUEST_URI} !^/\.well-known/pki-validation/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$
    RewriteRule ^(.*)$ iGoogle Portal [L,R=301]


    # Redirect all trafic from https to http
#    RewriteCond %{HTTPS} on
#RewriteCond %{REQUEST_URI} !^/[0-9]+\..+\.cpaneldcv$
#RewriteCond %{REQUEST_URI} !^/\.well-known/pki-validation/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$
#    RewriteRule ^ http://%{HTTP_HOST}%{REQUEST_URI} [L]


    # Redirect Trailing Slashes If Not A Folder...
    RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_URI} !^/[0-9]+\..+\.cpaneldcv$
RewriteCond %{REQUEST_URI} !^/\.well-known/pki-validation/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$
    RewriteRule ^(.*)/$ /$1 [L,R=301]


    # Handle Front Controller...
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_URI} !^/[0-9]+\..+\.cpaneldcv$
RewriteCond %{REQUEST_URI} !^/\.well-known/pki-validation/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$
RewriteCond %{REQUEST_URI} !^/[0-9]+\..+\.cpaneldcv$
RewriteCond %{REQUEST_URI} !^/\.well-known/pki-validation/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$
    RewriteRule ^ index.php [L]

    # Handle Authorization Header
    RewriteCond %{HTTP:Authorization} .
RewriteCond %{REQUEST_URI} !^/[0-9]+\..+\.cpaneldcv$
RewriteCond %{REQUEST_URI} !^/\.well-known/pki-validation/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$
    RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]

</IfModule>

Michael,

Without SSL normal http you can see my tomcat app is returning js

http://www.example.com/shindig/gadgets/js/core:open-views:opensearch:container:rpc:selection:views:actions:opensocial:xmlutil.js?c=1&debug=0&container=default

but with SSL : HTTPS it is not working

https://www.example.com/shindig/gadgets/js/core:open-views:opensearch:container:rpc:selection:views:actions:opensocial:xmlutil.js?c=1&debug=0&container=default

so in my app if url content "/shindig/" then it should serve tomcat app content.

cp_jkmount.conf in ssl & std setup is same as it is working on std.

not sure whats going on..

Thank you for your help

 

[Raj Janorkar]

It started working when i copy - cp_jkmount.conf file from std to ssl below.

• /usr/local/apache/conf/userdata/std/2/$user/$domain/
• /usr/local/apache/conf/userdata/ssl/2/$user/$domain/

now i have mixed contents issues apache is blocking all css/js served over http. Does anybody have idea how to allow to serve both https/http content.

 

[cPanelMichael]

Hello @Raj Janorkar,

I believe the issue you notice relates to an older internal case (EAL-43) that notes SSL reliability issues with mod_jk when using Tomcat with EasyApache 3. There's no planned solution on that case due to EasyApache 3's impending end-of-life. In the meantime, the following third-party URL offers a potential workaround for the mixed-content warnings:

HTTPS issue with TOMCAT running behind Apache

Additionally, note that while it's not considered ready for production servers, we've released the ea-tomcat85 RPM to the EasyApache 4 experimental repo:

The Experimental Repository - EasyApache 4 - cPanel Documentation

Thank you.