grep -rl OLDSTRING *.FILEEXTENSION | xargs perl -pi~ -e 's/OLDSTRING/NEWSTRING/'

With mod_ssl the following virtualhost is setup using an SSL certificate from GoDaddy. Notice the SSLCertificateChainFile /etc/httpd/conf/ssl.crt/gd_intermediate_bundle.crt reference. This intermediate certificate comes from GoDaddy and is required. I didn’t catch this at first and couldn’t understand what my web browser was unhappy about. When I called GoDaddy support they told me my certificate was setup correctly and worked in all of there “off-site” test browsers. They were no help, so I continued to dig around and finally found the answer.

The mod_proxy lines pass all requests to the Tomcat instance listening on port 9014.

/etc/httpd/conf.d/ssl.conf

<virtualhost>
DocumentRoot  /var/www/html/
ServerName    myserver.com:433  SSLEngine on
SSLCertificateFile /etc/httpd/conf/ssl.crt/myserver.crt
SSLCertificateKeyFile /etc/httpd/conf/ssl.key/myserver.key
SSLCertificateChainFile /etc/httpd/conf/ssl.crt/gd_intermediate_bundle.crt
SetEnvIf User-Agent ".*MSIE.*"
         nokeepalive ssl-unclean-shutdown
         downgrade-1.0 force-response-1.0
ErrorLog logs/ssl_error_log
TransferLog logs/ssl_access_log
CustomLog logs/ssl_request_log
          "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"

ProxyPreserveHost On
ProxyPass / http://localhost:9014/
ProxyPassReverse / http://localhost:9014/
SetEnv proxy-nokeepalive 1
</virtualserver>

For the Tomcat setup, a proxy connector is configured to listen on port 9014 and to proxy port 443 requests (SSL). The communication between Apache and Tomcat is not secure, but this is not a concern since this communication is local to the server. Finally, compression is turned on for several common mime-types.

server.xml

  ...
  <Connector acceptCount="100" connectionTimeout="60000" disableUploadTimeout="true" port="9014" redirectPort="8944"
  scheme="https" proxyPort="443" compression="on" compressableMimeType="text/html,text/xml,text/plain,text/css,text/javascript"/>
  ...

/etc/httpd/conf.d/proxy_ajp.conf :

LoadModule proxy_ajp_module modules/mod_proxy_ajp.so
ProxyPass / http://localhost:9013/


server.xml :

<Connector acceptCount="100" connectionTimeout="20000" disableUploadTimeout="true" port="9013" redirectPort="8943" proxyName="www.myhost.com" proxyPort="80"/>


After settings things up, nothing worked. I found the following error in the Apache logfile:

[Fri Mar 30 02:23:34 2007] [error] (13)Permission denied: proxy: HTTP: attempt to connect to 127.0.0.1:9013 (localhost) failed
[Fri Mar 30 02:23:34 2007] [error] ap_proxy_connect_backend disabling worker for (localhost)


After digging around Google a bit, I finally found the following solution:

http://uppertank.net/blog/?m=200512


[root@clue conf]# getsebool -a
allow_execmem –> active
allow_execmod –> active
allow_execstack –> active
allow_kerberos –> inactive
allow_ypbind –> inactive
dhcpd_disable_trans –> inactive
httpd_builtin_scripting –> active
httpd_can_network_connect –> inactive
httpd_disable_trans –> inactive
httpd_enable_cgi –> active
httpd_enable_homedirs –> active
httpd_ssi_exec –> active
httpd_tty_comm –> inactive
httpd_unified –> active
mysqld_disable_trans –> inactive
named_disable_trans –> inactive
named_write_master_zones –> inactive
nscd_disable_trans –> inactive
ntpd_disable_trans –> inactive
portmap_disable_trans –> inactive
postgresql_disable_trans –> inactive
read_default_t –> active
snmpd_disable_trans –> inactive
squid_connect_any –> inactive
squid_disable_trans –> inactive
syslogd_disable_trans –> inactive
use_nfs_home_dirs –> inactive
use_samba_home_dirs –> inactive
winbind_disable_trans –> inactive
ypbind_disable_trans –> inactive
[root@clue conf]# setsebool httpd_can_network_connect true
[root@clue conf]# getsebool httpd_can_network_connect
httpd_can_network_connect –> active
[root@clue conf]#