How to configure apache and mod_proxy_ajp in order to forward ssl client certificate

Question

I've developed a java application that need a ssl client certificate and in the staging environment with apache 2.2 and mod_jk it is working fine. In production the configuration is not using mod_jk but mod_proxy_ajp. I'm looking for an apache configuration example that configure ssl and mod_proxy_ajp for sending the ssl client certificate to the java application server (which listens with the ajp protocol). Thanks a lot

score 1 · Answer 1 · answered May 02 '10 at 09:30

1

Using mod_proxy_ajp, you will need to set the RequestHeader directive to pass through the SSL parameters. Just refer to the Apache docs for examples on setting the directive either in a <Location> or <VirtualHost> section.

answered May 02 '10 at 09:30

sybreon

7,455

score 0 · Answer 2 · edited Sep 20 '24 at 20:30

I setup an apache web server and I found that mod_ajp forwards the client certificate without explicit configuration. my apache configurations is

SSLEngine on
SSLOptions +StdEnvVars +ExportCertData
ProxyRequests Off
SSLVerifyClient optional_no_ca
<Proxy />
        Allow from All
</Proxy>
ProxyPass /sportellosociale ajp://localhost:8009/sportellosociale 
ProxyPassReverse /sportellosociale ajp://localhost:8009/sportellosociale*

I omitted the SSLCertificate directives

score 0 · Answer 3 · answered Apr 28 '11 at 02:30

Mine is configured like so (although this configuration breaks any additional mod_rewrite rules that I create... and i dont know why):

<Location />
    ProxyPass ajp://localhost:8009/
    ProxyPassReverse ajp://localhost:8009/
</Location>
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} 
Redirect permanent / https://mysite.com/myapp?user=

How to configure apache and mod_proxy_ajp in order to forward ssl client certificate

3 Answers3