Multiple Virtual Host With Different SSL Certificate - issues - Forums

掲示板

Multiple Virtual Host With Different SSL Certificate - issues

6年前に scott E mitchell によって更新されました。

Multiple Virtual Host With Different SSL Certificate - issues

Junior Member 投稿: 41 参加年月日: 16/10/01 最新の投稿

Hello All ,
With liferay7 we want to achieve workflow as shown below.
please find attachment as workflow.png.

Requirement Summary : Configure multiple virtual hosts (mycomp1.com, mycomp2.com) in Liferay liferay-ce-portal-7.0-ga3; all secured with their own SSL certificates. We do not want to secure Apache (Apache/2.2.32 (UNIX)) web server and tomcat tomcat-8.0.32, since all certificates are site specific ones. (These will be client owned one per site hence we cannot deploy it on apache webserver) Need help with, is this achievable, if yes how? Any pointes will be useful to us.
Challenges faced:figure1 and figure2 shows challenges please find this for more details we have attach
Details Document Apache Tomcat-VH-Multiple site with may or may not have ssl.docx

THANKS IN ADVANCE.

6年前に Christoph Rabel によって更新されました。

RE: No. of sites in LF7-GA3 & only 1 site needs SSL for SSO & rest may not

Liferay Legend 投稿: 1554 参加年月日: 09/09/24 最新の投稿

What you try to do here is essentially impossible.
You can't have just SSL in Tomcat. You MUST install the certificate in Apache too.

- So from www.myapp1.com > apache on AWS AMI > Tomcat > CAS Server on tomcat > SSO > Tomcat Liferay (with SSL certificates) works fine.
You have installed the www.myapp1.com certificate on Apache too. Or it won't work. Or probably Godaddy did it for you and you don't even know that they did do that.

That said:
- Can VirtualHost defined in LF7 have separate SSL certificates per Virtual Host??

That question has nothing to do with Liferay. Tomcat does the SSL termination/handling. Liferay doesn't care at all if you use ssl or not (ok, maybe a tiny bit since it needs to use http or https for urls). To use multiple SSL certificates on Tomcat you either need one IP per certificate or have a Tomcat 8.5+. AFAIK Liferay doesn't work with Tomcat 8.5 currently.

- Is this correct way to design secured multiple websites in Liferay?
No.
The correct way is to terminate all SSL request on one or more Apache webservers.

6年前に Jack Bakker によって更新されました。

RE: No. of sites in LF7-GA3 & only 1 site needs SSL for SSO & rest may not

Liferay Master 投稿: 978 参加年月日: 10/01/03 最新の投稿

scott E mitchell:

We do not want to secure Apache (Apache/2.2.32 (UNIX)) web server and tomcat tomcat-8.0.32, since all certificates are site specific ones. (These will be client owned one per site hence we cannot deploy it on apache webserver)

this is not true

in apache you would have one *:443 virtualhost configblock for each domain where each configblock references its own cert ; below is an apache virtualhost config for redirect of http to https and below that an apache virtualhost config for https


<virtualhost *:80>
    ServerAdmin me@domain.ca
    ServerName site1.domain.ca
    RedirectMatch /(.*) https://site1.domain.ca/$1
    RedirectPermanent / https://site1.domain.ca
</virtualhost>

<virtualhost *:443>
        ServerName site1.domain.ca:443
        RewriteEngine on
       
        SSLEngine on
        SSLCertificateFile ssl.crt/site1.domain.ca.crt
        SSLCertificateKeyFile ssl.key/site1.domain.key
        SSLCertificateChainFile ssl.crt/intermediate.crt

        SetEnvIfNoCase Request_URI ^/static/.*$ no-jk

        DocumentRoot /var/www/site1/static

        JkMount /* worker1

        ErrorLog "/var/log/apache2-site1-error.log"
        CustomLog "/var/log/apache2/site1-access.log" common
</virtualhost>

in above, apache interfaces with tomcat using mod_jk though you could use proxy instead, your choice

in Liferay site configs (think: control panel) then: set the virtualhost for a site to site1.domain.ca

you could also have an apache virtualhost config a *:80 into tomcat with a worker (or proxy) reference, though going with ssl across the board has advantages

also, don't use Liferay 7 GA3, use Liferay 7 GA4