aspose file tools*
The moose likes Tomcat and the fly likes Apache prox to tomcat image problems Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Spring in Action this week in the Spring forum!
JavaRanch » Java Forums » Products » Tomcat
Bookmark "Apache prox to tomcat image problems" Watch "Apache prox to tomcat image problems" New topic
Author

Apache prox to tomcat image problems

Joseph Swager
Ranch Hand

Joined: Feb 04, 2010
Posts: 41

Ok i hope i posted in the correct forum. So i installed tomcat and apache to act as the proxy.

Im getting the html proxyed, but the images in the tomcat container are not being displayed and the css files in the that container are not being applied.

I'm using ProxyPass ProxyPassReverse in the httpd.conf file.

The sight is 100% jsp no straight html. So i need everything that's passed back to be forwarded back to the apache proxy.
I know the quick fix is making tomcat root user and dropping down to the normal ports of 80 443, but I do not want to lose the security of keeping tomcat's user "tomcat"

Please if anyone knows a good tutorial or examples of how this is done please let me know.

Thanks,
Joe

PS if their is another way for port 80 to be picked up and forwarded to tomcat please let me know.


"Your work is going to fill a large part of your life, and the only way to be truly satisfied is to do what you believe is great work. And the only way to do great work is to love what you do." -- Steve Jobs
Joseph Swager
Ranch Hand

Joined: Feb 04, 2010
Posts: 41

Hey I found a better option that fixed all my problems.

# prevent Apache from running on startup
chkconfig --del httpd
# stop Apache from running right now
/etc/rc.d/init.d/httpd stop
# tell iptables to forward incoming requests on port 80 to tomcat
/sbin/iptables -t nat -I PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 8080
# save the iptable rules
/sbin/iptables-save
# make sure iptables starts up by default after a server restart
chkconfig --level 35 iptables on

This worked like a charm and kept my security in tact.

Any drawbacks?

Thanks,

Joe
Tim Holloway
Saloon Keeper

Joined: Jun 25, 2001
Posts: 16145
    
  21

Nope, as long as you don't need anything other than J2EE on port 80, that's one of the simplest ways to have a Tomcat running without reconfiguring the ports to use port 80 directly. Which isn't recommended, since that requires Tomcat to run as a root user.

If you need non-tomcat services, you'll have to put up a full-blown proxy server, but otherwise, you're fine.


Customer surveys are for companies who didn't pay proper attention to begin with.
Pete Nelson
Ranch Hand

Joined: Aug 30, 2010
Posts: 147

Another option, if you only need it on port 80, would be to change Tomcat's server.xml, specifically the HTTP connector's port attribute. No need to alter your system's iptables this way.


OCPJP
In preparing for battle I have always found that plans are useless, but planning is indispensable. -- Dwight D. Eisenhower
Tim Holloway
Saloon Keeper

Joined: Jun 25, 2001
Posts: 16145
    
  21

Pete Nelson wrote:Another option, if you only need it on port 80, would be to change Tomcat's server.xml, specifically the HTTP connector's port attribute. No need to alter your system's iptables this way.


However in Linux/Unix systems, listening on port 80 requires that the listener process is running with root privileges. Which means that anyone who can suborn Tomcat can potentially own the entire server - not to mention any other servers whose security depends on no network-internal funny business.

The IPTABLES approach is much safer, because it allows Tomcat to run as an ordinary (non-privileged) user, thus limiting the potential for mischief.
 
It is sorta covered in the JavaRanch Style Guide.
 
subject: Apache prox to tomcat image problems