logo
Apache Lounge
Webmasters

 

About Forum Index Downloads Search Register Log in RSS X


Keep Server Online

If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.

or

Bitcoin

A donation makes a contribution towards the costs, the time and effort that's going in this site and building.

Thank You! Steffen

Your donations will help to keep this site alive and well, and continuing building binaries. Apache Lounge is not sponsored.
Post new topic   Forum Index -> Apache View previous topic :: View next topic
Reply to topic   Topic: Apache proxy using Java connect question
Author
tnzeibig



Joined: 10 Sep 2015
Posts: 4
Location: USA, Bellingham

PostPosted: Thu 10 Sep '15 15:50    Post subject: Apache proxy using Java connect question Reply with quote

I've got an Apache https (443) server in front of JBOSS, and this part finally works fine.
However, the Java does a connect to a payment gateway, and I'm trying to get this to go thru the Apache proxy also.

a. if I leave out the proxy command, it just goes out without going thru the proxy
b. if I point the proxy command to the 443 server, I get an error that I'm trying to talk HTTP to HTTPS
c. if I point the proxy to port 80, the connect shows up in the apache logs, but not sure this is then going out as https over 443 or just over 80?

I've pasted some of the config lines below. Is this 'tunneling'?

Any help or direction is greatly appreciated, thanks
Tom


### the Java connection ###############
URL post = new URL( "https", getHostAddress(), getHostPort(), "/somegateway/xyz.dll" );
HttpURLConnection postConn;
Proxy proxy = new Proxy(Proxy.Type.HTTP, new InetSocketAddress("127.0.0.1",80));
postConn = (HttpURLConnection)post.openConnection(proxy);
postConn.setRequestMethod( "POST" );
postConn.setDoOutput( true );
BufferedReader in = new BufferedReader( new InputStreamReader( postConn.getInputStream() ) );


### httpd.conf ##############
Listen 80
ServerName 127.0.0.1:80
Include conf/mod-jk.conf

<IfModule proxy_html_module>
Include conf/extra/proxy-html.conf
</IfModule>

<VirtualHost *:80>
ProxyRequests ON
</VirtualHost>
<Proxy *>
Order deny,allow
Deny from all
Allow from 127.0.0.1
</Proxy>
Include conf/extra/httpd-ssl.conf

### httpd-ssl.conf ##############
Listen 443
SSLHonorCipherOrder on
SSLProtocol all -SSLv3
SSLProxyProtocol all -SSLv3

<VirtualHost _default_:443>
SSLProxyEngine on

JkMount /* node1
<Location /jkstatus/>
JkMount status
Order deny,allow
Deny from all
Allow from 127.0.0.1
</Location>

ServerName localhost:443
SSLEngine on
</VirtualHost>


### workers.properties ###########
worker.node1.type=ajp13
worker.node1.host=localhost
worker.node1.port=8009
worker.node1.ping_mode=A
worker.list=node1
worker.status.type=status
worker.list=status

### mod-jk.conf ###########
LoadModule jk_module modules/mod_jk.so
JkWorkersFile conf/workers.properties

JkMount /* node1

<Location /jkstatus/>
JkMount status
Order deny,allow
Deny from all
Allow from 127.0.0.1
</Location>
Back to top
James Blond
Moderator


Joined: 19 Jan 2006
Posts: 7373
Location: Germany, Next to Hamburg

PostPosted: Tue 15 Sep '15 15:58    Post subject: Reply with quote

You main issue seems to be that you can't connect from your java application over apache as proxy to a SSL server?
Back to top
tnzeibig



Joined: 10 Sep 2015
Posts: 4
Location: USA, Bellingham

PostPosted: Wed 23 Sep '15 17:22    Post subject: Reply with quote

Yes, (I can't have the Java do the HTTPS call because we are using JDK 1.6, which only supports TLS1.0)

So if I pass an HTTP Connect POST to the Apache proxy on port 80, how do get Apache to
a. re-write the request in HTTPS (using it's own JDK and protocols)
b. retain the POST data

I've been looking at mod_rewrite, mod_proxy_connect, not sure what the best direction would be, or if this is even possible.
Back to top
tnzeibig



Joined: 10 Sep 2015
Posts: 4
Location: USA, Bellingham

PostPosted: Tue 29 Sep '15 21:26    Post subject: Tunneling Reply with quote

So my understanding of this so far;

1. Java creates a connection object, using TLS1.0 because its the only protocol available in Java 1.6

2. Java issues a HttpURLConnection.openConnection(proxy) request thru the proxy - This is a request for a tunnel.

3. Apache opens the CONNECT and creates the tunnel to the requested server. No handshake really.

4. Control is passed back to Java to do the handshakes and data transfer, using the Java TLS 1.0 connection object created earlier.

My only goal was to get the Handshake and protocols to be negotiated by Apache, but unless someone has another idea, I'm starting to think this is not possible - outside of upgrading to Java 7 (which causes other issues)

Thoughts anyone?
Back to top
tnzeibig



Joined: 10 Sep 2015
Posts: 4
Location: USA, Bellingham

PostPosted: Fri 02 Oct '15 14:26    Post subject: Resolved Reply with quote

Per a suggestion from another forum, I've got this to work.

My thinking on this was backward. Removed all the proxy code out of Java, and put in a dummy URL for java to call;

http://whatever:8080

In apache, on virtual host 8080 added three lines;

SSLProxyEngineOn
ProxyPass /whatever https://actualHost/...
ProxyPassReverse /whatever https://actualHost/...

and it works.
Back to top
James Blond
Moderator


Joined: 19 Jan 2006
Posts: 7373
Location: Germany, Next to Hamburg

PostPosted: Wed 07 Oct '15 12:27    Post subject: Reply with quote

You may use mod_proxy_ajp instead of plan http or https cause ajp:// is faster and also save.
Back to top


Reply to topic   Topic: Apache proxy using Java connect question View previous topic :: View next topic
Post new topic   Forum Index -> Apache