Tomcat GCP stack - not routing http request to https after making updates to apache - bitnami.conf file as per guide

Keywords: Tomcat - Google Cloud Platform - Technical issue - Secure Connections (SSL/HTTPS)
bnsupport ID: 4c21c51a-2c16-6771-b04f-99fb65d35f8b
Description:
4c21c51a-2c16-6771-b04f-99fb65d35f8b support tool case #. I have made updates as per instruction in force http to https where in apache - bitnami.conf file is updated. no updates made to server.xml of tomcat. Still http/server-ip stays http & does go to https

Hi @bedekarvivek

Thanks for using Bitnami Tomcat!

Have you checked the following guide that covers how to force redirection?
https://docs.bitnami.com/google/infrastructure/tomcat/administration/force-https-apache/

Unfortunately, the bnsupport-tool failed to retrieve the apache configuration files. Could you please execute the following commands in order see the modifications you have performed?

$ cat /opt/bitnami/apache/conf/bitnami/bitnami.conf

Best regards,
Jose Antonio Carmona


Was my answer helpful? Click on :heart:

Yes, I have made updates as per those instructions. Here is the bitnami.conf file. I have restarted service, then rebooted node too. I have tried with {SERVER_NAME} too as in documentation.

# Default Virtual Host configuration.

# Let apache know we're behind a SSL reverse proxy
SetEnvIf X-Forwarded-Proto https HTTPS=on

<VirtualHost _default_:80>
  
  DocumentRoot "/opt/bitnami/apache/htdocs"
  RewriteEngine On
  RewriteCond %{HTTPS} !=on
  RewriteCond %{HTTP_HOST} !^(localhost|127.0.0.1)
  RewriteRule ^/(.*) https://35.233.251.188/$1 [R,L]
  <Directory "/opt/bitnami/apache/htdocs">
    Options Indexes FollowSymLinks
    AllowOverride All
    Require all granted
  </Directory>

  # Error Documents
  ErrorDocument 503 /503.html

</VirtualHost>

Include "/opt/bitnami/apache/conf/bitnami/bitnami-ssl.conf"

Hi @bedekarvivek

I have modified the file using your exact same configuration and it works, don’t really know what is causing this:

$ curl -I 34.65.936.995
HTTP/1.1 302 Found
Date: Thu, 26 Nov 2020 11:50:19 GMT
Server: Apache/2.4.46 (Unix) OpenSSL/1.1.1d mod_wsgi/4.7.1 Python/3.8
Location: https://34.65.936.995/
Content-Type: text/html; charset=iso-8859-1

Could you please try restarting the service again just in case? Also, it’d be nice if you could attach the contents of your Apache error log:

$ sudo /opt/bitnami/ctlscript.sh restart apache
Restarted apache

$ tail -n 40 /opt/bitnami/apache/logs/error_log 

Best regards,
Jose Antonio Carmona


Was my answer helpful? Click on :heart:

[quote=“jcarmona, post:4, topic:89112”]
curl -I 34.65.936.995
[/quote] Here are the logs

[Wed Nov 25 12:18:19.653951 2020] [ssl:warn] [pid 3152] AH01909: 127.0.0.1:443:0 server certificate does NOT include an ID which matches the server name
[Wed Nov 25 12:18:19.655344 2020] [mpm_prefork:notice] [pid 3152] AH00163: Apache/2.4.46 (Unix) OpenSSL/1.1.1d configured -- resuming normal operations
[Wed Nov 25 12:18:19.655379 2020] [core:notice] [pid 3152] AH00094: Command line: '/opt/bitnami/apache/bin/httpd -f /opt/bitnami/apache/conf/httpd.conf'
[Wed Nov 25 12:37:59.077900 2020] [mpm_prefork:notice] [pid 3152] AH00169: caught SIGTERM, shutting down
[Wed Nov 25 20:40:01.688756 2020] [ssl:warn] [pid 1226] AH01909: 127.0.0.1:443:0 server certificate does NOT include an ID which matches the server name
[Wed Nov 25 20:40:01.690648 2020] [ssl:warn] [pid 1226] AH01909: 127.0.0.1:443:0 server certificate does NOT include an ID which matches the server name
[Wed Nov 25 20:40:01.704140 2020] [ssl:warn] [pid 1230] AH01909: 127.0.0.1:443:0 server certificate does NOT include an ID which matches the server name
[Wed Nov 25 20:40:01.704498 2020] [ssl:warn] [pid 1230] AH01909: 127.0.0.1:443:0 server certificate does NOT include an ID which matches the server name
[Wed Nov 25 20:40:01.705696 2020] [mpm_prefork:notice] [pid 1230] AH00163: Apache/2.4.46 (Unix) OpenSSL/1.1.1d configured -- resuming normal operations
[Wed Nov 25 20:40:01.705725 2020] [core:notice] [pid 1230] AH00094: Command line: '/opt/bitnami/apache/bin/httpd -f /opt/bitnami/apache/conf/httpd.conf'
[Thu Nov 26 00:28:40.059705 2020] [mpm_prefork:notice] [pid 1230] AH00169: caught SIGTERM, shutting down
[Thu Nov 26 07:22:08.344669 2020] [ssl:warn] [pid 1230] AH01909: 127.0.0.1:443:0 server certificate does NOT include an ID which matches the server name
[Thu Nov 26 07:22:08.364754 2020] [ssl:warn] [pid 1230] AH01909: 127.0.0.1:443:0 server certificate does NOT include an ID which matches the server name
[Thu Nov 26 07:22:08.379270 2020] [ssl:warn] [pid 1238] AH01909: 127.0.0.1:443:0 server certificate does NOT include an ID which matches the server name
[Thu Nov 26 07:22:08.379658 2020] [ssl:warn] [pid 1238] AH01909: 127.0.0.1:443:0 server certificate does NOT include an ID which matches the server name
[Thu Nov 26 07:22:08.385625 2020] [mpm_prefork:notice] [pid 1238] AH00163: Apache/2.4.46 (Unix) OpenSSL/1.1.1d configured -- resuming normal operations
[Thu Nov 26 07:22:08.385678 2020] [core:notice] [pid 1238] AH00094: Command line: '/opt/bitnami/apache/bin/httpd -f /opt/bitnami/apache/conf/httpd.conf'
[Thu Nov 26 08:26:19.516399 2020] [proxy:error] [pid 1240] (111)Connection refused: AH00957: AJP: attempt to connect to 127.0.0.1:8009 (localhost) failed
[Thu Nov 26 08:26:19.516456 2020] [proxy_ajp:error] [pid 1240] [client 174.26.244.181:56262] AH00896: failed to make connection to backend: localhost
[Thu Nov 26 08:28:50.000304 2020] [mpm_prefork:notice] [pid 1238] AH00169: caught SIGTERM, shutting down
[Thu Nov 26 08:32:01.730189 2020] [ssl:warn] [pid 594] AH01909: 127.0.0.1:443:0 server certificate does NOT include an ID which matches the server name
[Thu Nov 26 08:32:01.779582 2020] [ssl:warn] [pid 594] AH01909: 127.0.0.1:443:0 server certificate does NOT include an ID which matches the server name
[Thu Nov 26 08:32:01.788122 2020] [ssl:warn] [pid 596] AH01909: 127.0.0.1:443:0 server certificate does NOT include an ID which matches the server name
[Thu Nov 26 08:32:01.788498 2020] [ssl:warn] [pid 596] AH01909: 127.0.0.1:443:0 server certificate does NOT include an ID which matches the server name
[Thu Nov 26 08:32:01.789838 2020] [mpm_prefork:notice] [pid 596] AH00163: Apache/2.4.46 (Unix) OpenSSL/1.1.1d configured -- resuming normal operations
[Thu Nov 26 08:32:01.789874 2020] [core:notice] [pid 596] AH00094: Command line: '/opt/bitnami/apache/bin/httpd -f /opt/bitnami/apache/conf/httpd.conf'
[Thu Nov 26 08:33:21.898536 2020] [proxy_ajp:error] [pid 600] (70007)The timeout specified has expired: AH01030: ajp_ilink_receive() can't receive header
[Thu Nov 26 08:33:21.898649 2020] [proxy_ajp:error] [pid 600] [client 174.26.244.181:56358] AH00992: ajp_read_header: ajp_ilink_receive failed
[Thu Nov 26 08:33:21.898668 2020] [proxy_ajp:error] [pid 600] (70007)The timeout specified has expired: [client 174.26.244.181:56358] AH00878: read response failed from [::1]:8009 (localhost)
[Thu Nov 26 08:34:22.208811 2020] [proxy_ajp:error] [pid 601] (70007)The timeout specified has expired: AH01030: ajp_ilink_receive() can't receive header
[Thu Nov 26 08:34:22.208892 2020] [proxy_ajp:error] [pid 601] [client 174.26.244.181:56370] AH00992: ajp_read_header: ajp_ilink_receive failed
[Thu Nov 26 08:34:22.208906 2020] [proxy_ajp:error] [pid 601] (70007)The timeout specified has expired: [client 174.26.244.181:56370] AH00878: read response failed from [::1]:8009 (localhost)
[Thu Nov 26 09:44:25.666251 2020] [mpm_prefork:error] [pid 596] AH00161: server reached MaxRequestWorkers setting, consider raising the MaxRequestWorkers setting
[Fri Nov 27 07:06:05.405737 2020] [mpm_prefork:notice] [pid 596] AH00169: caught SIGTERM, shutting down
[Fri Nov 27 07:06:07.345474 2020] [ssl:warn] [pid 9638] AH01909: 127.0.0.1:443:0 server certificate does NOT include an ID which matches the server name
[Fri Nov 27 07:06:07.345911 2020] [ssl:warn] [pid 9638] AH01909: 127.0.0.1:443:0 server certificate does NOT include an ID which matches the server name
[Fri Nov 27 07:06:07.354648 2020] [ssl:warn] [pid 9640] AH01909: 127.0.0.1:443:0 server certificate does NOT include an ID which matches the server name
[Fri Nov 27 07:06:07.354995 2020] [ssl:warn] [pid 9640] AH01909: 127.0.0.1:443:0 server certificate does NOT include an ID which matches the server name
[Fri Nov 27 07:06:07.356159 2020] [mpm_prefork:notice] [pid 9640] AH00163: Apache/2.4.46 (Unix) OpenSSL/1.1.1d configured -- resuming normal operations
[Fri Nov 27 07:06:07.356188 2020] [core:notice] [pid 9640] AH00094: Command line: '/opt/bitnami/apache/bin/httpd -f /opt/bitnami/apache/conf/httpd.conf'

Hi @bedekarvivek

Thanks for sharing it! It seems there is a mistake in the guides, you should perform the following changes in /opt/bitnami/apache2/conf/vhosts/tomcat-vhost.conf not in /opt/bitnami/apache/conf/bitnami/bitnami.conf

These are the changes I have performed in order to have it working:

  1. Remove the previous modifications to /opt/bitnami/apache/conf/bitnami/bitnami.conf (optional, in principle it would make no difference)
# Default Virtual Host configuration.

# Let apache know we're behind a SSL reverse proxy
SetEnvIf X-Forwarded-Proto https HTTPS=on

<VirtualHost _default_:80>
  
  DocumentRoot "/opt/bitnami/apache/htdocs"
-  RewriteEngine On
-  RewriteCond %{HTTPS} !=on
-  RewriteCond %{HTTP_HOST} !^(localhost|127.0.0.1)
-  RewriteRule ^/(.*) https://35.233.251.188/$1 [R,L]
  <Directory "/opt/bitnami/apache/htdocs">
    Options Indexes FollowSymLinks
    AllowOverride All
    Require all granted
  </Directory>

  # Error Documents
  ErrorDocument 503 /503.html

</VirtualHost>

Include "/opt/bitnami/apache/conf/bitnami/bitnami-ssl.conf"
  1. Perform the following modifications to /opt/bitnami/apache2/conf/vhosts/tomcat-vhost.conf
<VirtualHost 127.0.0.1:80 _default_:80>
  ServerAlias *
  # Support for WebSockets via Tomcat
  RewriteEngine On
+ RewriteCond %{HTTPS} !=on
+ RewriteCond %{HTTP_HOST} !^(localhost|127.0.0.1)
+ RewriteRule ^/(.*) https://YOUR-DOMAIN-OR-IP/$1 [R,L]
  RewriteCond %{HTTP:Upgrade} websocket [NC]
  RewriteCond %{HTTP:Connection} upgrade [NC]
  RewriteRule .* ws://localhost:8080%{REQUEST_URI} [P]
  # Reverse proxy to Tomcat for non-WebSockets requests
  ProxyPass / ajp://localhost:8009/
  ProxyPassReverse / ajp://localhost:8009/
</VirtualHost>

With those changes, I am successfully redirected now :slightly_smiling_face: Can you give it a try and tell me if it works for you?

Best regards,
Jose Antonio Carmona


Was my answer helpful? Click on :heart:

Thanks !! it works now - I was about to do that change - as I did see all config files and also saw that tomcat vhost file is getting referred in apache config file. But it I was not sure to make change or not. Hence raised the topic. I have a follow - up request, if you dont mind answering in same topic.

I am going to modify ROOT - index.jsp to put hard (301) redirect to fwd to my application. Is that the correct way to point your domain URL to app or is there any other way ? Also while putting redirect, should I put with complete URL or on from context path onwards . like https://IP/app_context or only /app_context

Vivek

Hi @bedekarvivek

I am glad to hear you were able to solve your problem!

Regarding your new request, would you mind creating another topic for it? It helps keeping threads organized and making it easier for the community to find solutions for different problems. It would also be nice if you could provide a little bit more context in there, as I was not able to fully understand your issue.

Best regards,
Jose Antonio Carmona


Was my answer helpful? Click on :heart:

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.