Using Apache2 AND Tomcat8 on AWS Lightsail with Loadbalancer / OpenSSL

Question

I'm running websites on AWS Lightsail using Ubuntu 16.04.6 with Apache 2.4 AND a Tomcat 8.0.32.

The Apache2 site hosts the bulk of my websites as they use PHP and PostgreSQL. The Tomcat is easy for hosting Geoserver.

I have a DNS and loadbalancer on AWS LightSail. I'm trying to figure out how to make both sights seamless using virtualhost. The apache2 sites come out okay, but the tomcats sites do not. I get this error

You don't have permission to access this resource.

Apache/2.4.18 (Ubuntu) Server at tomcat.some-kind-of-site.org Port 80

I'm trying to follow this instructions, but there are some difference in the setup from what I have: http://www.creang.com/howtoforge/howto_set_up_tomcat_8_with_apache_2_4_and_mod_jk_on_ubuntu/

I have my SSL info on the default-ssl-conf file

My tomcat8 server.xml contains:

    <Connector port="8080" protocol="HTTP/1.1"
               connectionTimeout="20000"
               redirectPort="8443" />

    <Connector port="8009" protocol="AJP/1.3" redirectPort="8443" />

Here's my sites-enabled config file:

 <VirtualHost *:80>
     ServerAdmin [email protected]
     ServerName www.some-kind-of-site.org
     RewriteEngine On
     RewriteCond %{HTTP:X-FORWARDED-PORT} !=443
     RewriteRule ^(.*)$ https://www.some-kind-of-site.org$1 [R=301,NE,L]
     DocumentRoot /var/www/html/main-site/
     Alias /multi-site /var/www/html/multi-site
     Alias /file-folder /var/www/html/file-folder
     ErrorLog ${APACHE_LOG_DIR}/error.log
     CustomLog ${APACHE_LOG_DIR}/access.log combined
 </VirtualHost>
 <VirtualHost *:80>
     ServerName manage.some-kind-of-site.org
     DocumentRoot /var/www/html/main-mgmt/
     RewriteEngine On
     RewriteCond %{HTTP:X-FORWARDED-PORT} !=443
     RewriteRule ^(.*)$ https://manage.some-kind-of-site.org$1 [R=301,NE,L]
     Alias /multi-site /var/www/html/multi-site
     Alias /file-folder /var/www/html/file-folder
     Alias /main-mgmt /var/www/html/main-mgmt
     Alias /main-site /var/www/html/main-site
     ErrorLog ${APACHE_LOG_DIR}/error.log
     CustomLog ${APACHE_LOG_DIR}/access.log combined
 </VirtualHost>
 <VirtualHost *:80>
     ServerAdmin [email protected]
     ServerName tomcat.some-kind-of-site.org
     DocumentRoot /var/lib/tomcat8/
     Alias /multi-site /var/www/html
     RewriteEngine On
     RewriteCond %{HTTP:X-FORWARDED-PORT} !=443
     RewriteRule ^(.*)$ https://tomcat.some-kind-of-site.org$1 [R=301,NE,L]
     ErrorLog ${APACHE_LOG_DIR}/error.log
     CustomLog ${APACHE_LOG_DIR}/access.log combined
 </VirtualHost>
 <VirtualHost *:80>
     ServerName geoserver.some-kind-of-site.org
     DocumentRoot /var/lib/tomcat8/webapps/geoserver/
     Alias /multi-site /var/www/html
     RewriteEngine On
     RewriteCond %{HTTP:X-FORWARDED-PORT} !=443
     RewriteRule ^(.*)$ https://geoserver.some-kind-of-site.org$1 [R=301,NE,L]
     ErrorLog ${APACHE_LOG_DIR}/error.log
     CustomLog ${APACHE_LOG_DIR}/access.log combined
 </VirtualHost>
 <IfModule mod_ssl.c>
     <VirtualHost _default_:443>
         ServerAdmin [email protected]
         ServerName www.some-kind-of-site.org
         DocumentRoot /var/www/html/main-site/
         Alias /multi-site /var/www/html/multi-site
         Alias /file-folder /var/www/html/file-folder
         ErrorLog ${APACHE_LOG_DIR}/main-site_error.log
         CustomLog ${APACHE_LOG_DIR}/main-site_access.log combined
     </VirtualHost>
     <VirtualHost _default_:443>
         ServerAdmin [email protected]
         ServerName manage.some-kind-of-site.org
         DocumentRoot /var/www/html/main-mgmt/
         Alias /multi-site /var/www/html/multi-site
         Alias /file-folder /var/www/html/file-folder
         Alias /main-mgmt /var/www/html/main-mgmt
         Alias /main-site /var/www/html/main-site
         ErrorLog ${APACHE_LOG_DIR}/main-mgmt_error.log
         CustomLog ${APACHE_LOG_DIR}/main-mgmt_access.log combined
     </VirtualHost>
     <VirtualHost *:443>
         ServerAdmin [email protected]
         ServerName tomcat.some-kind-of-site.org
        <Proxy *>
            AddDefaultCharset Off
            Order deny,allow
            Allow from all
            </Proxy>
            ProxyPass / ajp://localhost:8009/
            ProxyPassReverse / ajp://localhost:8009/
         ProxyPreserveHost on
     </VirtualHost>
     <VirtualHost *:443>
         ServerAdmin [email protected]
         ServerName geoserver.some-kind-of-site.org
        <Proxy *>
            AddDefaultCharset Off
            Order deny,allow
            Allow from all
            </Proxy>
            ProxyPass / ajp://localhost:8009/webapps/geoserver/
            ProxyPassReverse / ajp://localhost:8009/webapps/geoserver/
         ProxyPreserveHost on
         </VirtualHost>
     <FilesMatch "\.(cgi|shtml|phtml|php)$">
         SSLOptions +StdEnvVars
     </FilesMatch>
 </IfModule>

Can anyone help me with this?? PLEASE!

Answer 1

I figured it out... had to, no one answered. But it took LOTS of time and LOTS of trial and error.

Don't use the 443 port at all for tomcat proxy...

 <VirtualHost *:80>
     ServerAdmin [email protected]
     ServerName www.greatexamples.org
     RewriteEngine On
     RewriteCond %{HTTP:X-FORWARDED-PORT} !=443
     RewriteRule ^(.*)$ https://www.greatexamples.org$1 [R=301,NE,L]
     DocumentRoot /var/www/html/mainsite/
     Alias /multi-site /var/www/html/multi-site
        Alias /old_stuff /var/www/html/old_stuff
     ErrorLog ${APACHE_LOG_DIR}/error.log
     CustomLog ${APACHE_LOG_DIR}/access.log combined
 </VirtualHost>
 <VirtualHost *:80>
     ServerName manage.greatexamples.org
     DocumentRoot /var/www/html/management/
     RewriteEngine On
     RewriteCond %{HTTP:X-FORWARDED-PORT} !=443
     RewriteRule ^(.*)$ https://manage.greatexamples.org$1 [R=301,NE,L]
     Alias /multi-site /var/www/html/multi-site
        Alias /old_stuff /var/www/html/old_stuff
        Alias /management /var/www/html/management
        Alias /mainsite /var/www/html/mainsite
     ErrorLog ${APACHE_LOG_DIR}/error.log
     CustomLog ${APACHE_LOG_DIR}/access.log combined
 </VirtualHost>
 <VirtualHost *:80>
     ServerAdmin [email protected]
     ServerName tomcat.greatexamples.org
     DocumentRoot /opt/tomcat/
     ProxyRequests Off
    <Proxy *>
      Order deny,allow
      Allow from all
    </Proxy>
    <Location />
      Order allow,deny
      Allow from all
    </Location>
            ProxyPass / http://localhost:8080/
            ProxyPassReverse / http://tomcat.greatexamples.org:8080/
     ErrorLog ${APACHE_LOG_DIR}/error.log
     CustomLog ${APACHE_LOG_DIR}/access.log combined
 </VirtualHost>
 <IfModule mod_ssl.c>
     <VirtualHost _default_:443>
         ServerAdmin [email protected]
         ServerName www.greatexamples.org
         DocumentRoot /var/www/html/mainsite/
         Alias /multi-site /var/www/html/multi-site
         Alias /file-folder /var/www/html/old_stuff
         ErrorLog ${APACHE_LOG_DIR}/main-site_error.log
         CustomLog ${APACHE_LOG_DIR}/main-site_access.log combined
     </VirtualHost>
     <VirtualHost _default_:443>
         ServerAdmin [email protected]
         ServerName manage.greatexamples.org
         DocumentRoot /var/www/html/management/
        Alias /multi-site /var/www/html/multi-site
        Alias /old_stuff /var/www/html/old_stuff
        Alias /management /var/www/html/old_stuff
        Alias /mainsite /var/www/html/mainsite
         ErrorLog ${APACHE_LOG_DIR}/main-mgmt_error.log
         CustomLog ${APACHE_LOG_DIR}/main-mgmt_access.log combined
     </VirtualHost>
 </IfModule>

and change the connector in Tomcat's server.xml to:

<Connector port="8080" protocol="HTTP/1.1"
    connectionTimeout="20000"
    proxyName="tomcat.greatexamples.org"
    proxyPort="80"
    redirectPort="8443" />