Tomcat with AutoSSL using EasyApache 3 with mod_jk

Raj Janorkar

Member
Jun 21, 2018
9
0
1
Brisbane, Australia
cPanel Access Level
Root Administrator
Hi Team,

SSL is more like default requirement now for any website owner, also google pushing hard on it.

My scenario is something like below :

I am using EasyApache 3 with Tomcat 7 (i will migrate to EasyApache 4 as soon as it is supported here)

So my main website is php which and i run tomcat and use mod_jk to serve tomcat app, so in general how it works

- Removed - - served by apache (php app)
- Removed - - served by tomcat 7 (java app)

as cpanel provide AutoSSL so i do not have problem migrating my php website and start serving it on - Removed - - it works perfectly fine.

I was expecting my tomcat app will also work but it does not (- Removed -) this don't work, in general if i migrate to HTTPS my whole app does not work.

(currently i am doing htaccess redirect to HTTP, just to keep it running, but i have to migrate both php and java app to HTTPS)

I am actually looking for guidance from someone who know how to fix this, i don't want to buy another third party ssl certificate, as Cpanel provide AutoSSL for free so just want to use that.

Thank you in advance.
 
Last edited by a moderator:

Raj Janorkar

Member
Jun 21, 2018
9
0
1
Brisbane, Australia
cPanel Access Level
Root Administrator
Code:
<IfModule mod_rewrite.c>
    <IfModule mod_negotiation.c>
        Options -MultiViews
    </IfModule>

    Options -Indexes
    RewriteEngine On

    # Apache Shindig
RewriteCond %{REQUEST_URI} !^/[0-9]+\..+\.cpaneldcv$
RewriteCond %{REQUEST_URI} !^/\.well-known/pki-validation/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$
    RewriteRule ^(shindig) - [L]


    # Redirect without www to www
    RewriteCond %{HTTP_HOST} ^example\.com$ [NC]
RewriteCond %{REQUEST_URI} !^/[0-9]+\..+\.cpaneldcv$
   RewriteCond %{HTTP_HOST} ^example\.com$ [NC]
RewriteCond %{REQUEST_URI} !^/[0-9]+\..+\.cpaneldcv$
RewriteCond %{REQUEST_URI} !^/\.well-known/pki-validation/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$
    RewriteRule ^(.*)$ iGoogle Portal [L,R=301]


    # Redirect all trafic from https to http
#    RewriteCond %{HTTPS} on
#RewriteCond %{REQUEST_URI} !^/[0-9]+\..+\.cpaneldcv$
#RewriteCond %{REQUEST_URI} !^/\.well-known/pki-validation/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$
#    RewriteRule ^ http://%{HTTP_HOST}%{REQUEST_URI} [L]


    # Redirect Trailing Slashes If Not A Folder...
    RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_URI} !^/[0-9]+\..+\.cpaneldcv$
RewriteCond %{REQUEST_URI} !^/\.well-known/pki-validation/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$
    RewriteRule ^(.*)/$ /$1 [L,R=301]


    # Handle Front Controller...
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_URI} !^/[0-9]+\..+\.cpaneldcv$
RewriteCond %{REQUEST_URI} !^/\.well-known/pki-validation/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$
RewriteCond %{REQUEST_URI} !^/[0-9]+\..+\.cpaneldcv$
RewriteCond %{REQUEST_URI} !^/\.well-known/pki-validation/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$
    RewriteRule ^ index.php [L]

    # Handle Authorization Header
    RewriteCond %{HTTP:Authorization} .
RewriteCond %{REQUEST_URI} !^/[0-9]+\..+\.cpaneldcv$
RewriteCond %{REQUEST_URI} !^/\.well-known/pki-validation/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$
    RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]

</IfModule>
Michael,

Without SSL normal http you can see my tomcat app is returning js

PHP:
http://www.example.com/shindig/gadgets/js/core:open-views:opensearch:container:rpc:selection:views:actions:opensocial:xmlutil.js?c=1&debug=0&container=default
but with SSL : HTTPS it is not working

PHP:
https://www.example.com/shindig/gadgets/js/core:open-views:opensearch:container:rpc:selection:views:actions:opensocial:xmlutil.js?c=1&debug=0&container=default
so in my app if url content "/shindig/" then it should serve tomcat app content.

cp_jkmount.conf in ssl & std setup is same as it is working on std.

not sure whats going on..

Thank you for your help
 
Last edited by a moderator:

Raj Janorkar

Member
Jun 21, 2018
9
0
1
Brisbane, Australia
cPanel Access Level
Root Administrator
It started working when i copy - cp_jkmount.conf file from std to ssl below.

  • /usr/local/apache/conf/userdata/std/2/$user/$domain/
  • /usr/local/apache/conf/userdata/ssl/2/$user/$domain/

now i have mixed contents issues apache is blocking all css/js served over http. Does anybody have idea how to allow to serve both https/http content.
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,913
2,205
363
Hello @Raj Janorkar,

I believe the issue you notice relates to an older internal case (EAL-43) that notes SSL reliability issues with mod_jk when using Tomcat with EasyApache 3. There's no planned solution on that case due to EasyApache 3's impending end-of-life. In the meantime, the following third-party URL offers a potential workaround for the mixed-content warnings:

HTTPS issue with TOMCAT running behind Apache

Additionally, note that while it's not considered ready for production servers, we've released the ea-tomcat85 RPM to the EasyApache 4 experimental repo:

The Experimental Repository - EasyApache 4 - cPanel Documentation

Thank you.