I've got a Tomcat installation server.xml and am trying to handle multiple domains.
This is a Linux installation with Apache proxying requests to Tomcat.
<Connector port="8223" protocol="org.apache.coyote.http11.Http11NioProtocol" scheme="https" secure="true"
keystoreFile="/root/keystore.jks"
keystorePass="xxx" clientAuth="false" sslProtocol="TLS"
SSLEnabled="true" proxyPort="443"/>
When the keystore file has an entry for a single domain - it works.
I tried to append another domain - and it does NOT work. The first one still does.
Any help?
ADDED
Right now in the Apache conf file for the domain, I've got a VirtualHost for https connection and have
SSLProxyEngine On
ProxyPreserveHost On
ProxyPass /xxx https://localhost:8227/xxx
ProxyPassReverse /xxx https://localhost:8227/xxx
I should change that to??
ProxyPreserveHost On
ProxyPass /xxx http://localhost:8226/xxx
ProxyPassReverse /xxx http://localhost:8226/xxx
There's an http Connector listening on 8226.
Correct?
Multiple certificates per connector are available beginning with Tomcat 8.5 (cf. migration guide).
However in your case I don't see any security advantage in encrypting the communication between Apache Httpd and Tomcat: unless I am mistaken, they are on the same host and all communication goes through the loopback device, not a real network interface.
Edit: Both HTTP and HTTPS to the Apache server can be forwarded to the same plain text <Connector>. In order for Tomcat to distinguish the two types of requests, you need to configure Apache to send the X-Forwarded-Proto header:
RequestHeader set "X-Forwarded-Proto" expr=%{REQUEST_SCHEME}
and add a RemoteIpValve to the <Engine> or <Host> configuration block:
<Valve className="org.apache.catalina.valves.RemoteIpValve" />
(cf. documentation). With the latest 7.0 servers (after version 7.0.94), you don't need to modify any of the <Valve>'s default parameters.