6.4.4.3. openSUSE 11

Jump to:

Configuring Apache2.2 for HTTPS in openSUSE version 11

The goal here is to successfully secure Tomcat with Apache by integrating Tomcat's abilities into an existing Apache installation using the mod_jk and Ajp13Connector. At this point we assume that apache2, apache2-prefork, and apache2-mod_jk packages are already installed.

Download the gria-services.conf sample file and place it in /etc/apache2/vhosts.d
Edit gria-services.conf so that the file locations of the following settings give the locations of the files you exported from your keystore on the previous page.
- SSLCertificateFile
- SSLCertificateKeyFile
- SSLCACertificateFile
- SSLCARevocationFile
Edit the /etc/sysconfig/apache2 file and do the following:
- Add "-D SSL" to the APACHE_SERVER_FLAGS variable to allow SSL to be enabled when the Apache Sever is started:
```
APACHE_SERVER_FLAGS="-D SSL"
```
- Set a reasonable value for the time required to enter the password when starting apache:
```
APACHE_START_TIMEOUT="30"
```
- Include the modules "jk", "proxy" and "proxy_ajp" to the list of apache2 modules within the APACHE_MODULES variable, e.g.:
```
APACHE_MODULES="access actions alias auth auth_dbm dir env expires include log_config mime negotiation setenvif ssl jk proxy proxy_ajp"
```
Copy the file /usr/share/doc/packages/apache2-mod_jk/jk.conf to /etc/apache2/conf.d:
```
# cp /usr/share/doc/packages/apache2-mod_jk/jk.conf /etc/apache2/conf.d
```

Copy the file /usr/share/doc/packages/apache2-mod_jk/workers.properties to /etc/tomcat6:
```
# cp /usr/share/doc/packages/apache2-mod_jk/workers.properties /etc/tomcat6
```
Stop the Tomcat server with the following command:
```
# rctomcat6 stop
```

Edit the file /etc/apache2/conf.d/jk.conf and add the following pieces of code to the file within the <IfModule> tag:

For GRIA Basic App Services add the following section:

# The following line mounts /GRIA basic app services/ uri (and all files) to tomcat
JkMount /gria-basic-app-services/* ajp13
	
Alias /gria-basic-app-services "/usr/share/tomcat6/webapps/gria-basic-app-services"
<Directory "/usr/share/tomcat6/webapps/gria-basic-app-services">
 Options Indexes FollowSymLinks
 allow from all
</Directory>
#To prevent users from listing contents
<Location "/gria-basic-app-services/WEB-INF/">
 AllowOverride None
 deny from all
</Location>

For GRIA Service Provider Management add the following section:

# The following line mounts /GRIA service provider management / uri (and all files) to tomcat
JkMount /gria-service-provider-mgt/* ajp13
	
Alias /gria-service-provider-mgt "/usr/share/tomcat6/webapps/gria-service-provider-mgt"
<Directory "/usr/share/tomcat6/webapps/gria-service-provider-mgt">
 Options Indexes FollowSymLinks
 allow from all
</Directory>
#To prevent users from listing contents
<Location "/gria-service-provider-mgt/WEB-INF/">
 AllowOverride None
 deny from all
</Location>

For GRIA Client Management add the following section:

# The following line mounts /GRIA client management / uri (and all files) to tomcat
JkMount /gria-client-mgt/* ajp13
	
Alias /gria-client-mgt "/usr/share/tomcat6/webapps/gria-client-mgt"
<Directory "/usr/share/tomcat6/webapps/gria-client-mgt">
 Options Indexes FollowSymLinks
 allow from all
</Directory>
#To prevent users from listing contents
<Location "/gria-client-mgt/WEB-INF/">
 AllowOverride None
 deny from all
</Location>

Start the Tomcat server with the command:
```
# rctomcat6 start
```
Restart the apache2 server with the following command:
```
# rcapache2 restart
```
Access the GRIA admin pages through HTTPS, eg using https://localhost/gria-basic-app-services.
Ensure that access to port 443 is not blocked by the system's firewall. N.B. the default settings for openSuSE 11 is to run the firewall, which by default blocks acccess for HTTP and HTTPS.

Previous: Windows

Sections

Personal tools

6.4.4.3. openSUSE 11