• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

Apache prox to tomcat image problems

 
Ranch Hand
Posts: 41
IntelliJ IDE Spring Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Ok i hope i posted in the correct forum. So i installed tomcat and apache to act as the proxy.

Im getting the html proxyed, but the images in the tomcat container are not being displayed and the css files in the that container are not being applied.

I'm using ProxyPass ProxyPassReverse in the httpd.conf file.

The sight is 100% jsp no straight html. So i need everything that's passed back to be forwarded back to the apache proxy.
I know the quick fix is making tomcat root user and dropping down to the normal ports of 80 443, but I do not want to lose the security of keeping tomcat's user "tomcat"

Please if anyone knows a good tutorial or examples of how this is done please let me know.

Thanks,
Joe

PS if their is another way for port 80 to be picked up and forwarded to tomcat please let me know.
 
Joseph Swager
Ranch Hand
Posts: 41
IntelliJ IDE Spring Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hey I found a better option that fixed all my problems.

# prevent Apache from running on startup
chkconfig --del httpd
# stop Apache from running right now
/etc/rc.d/init.d/httpd stop
# tell iptables to forward incoming requests on port 80 to tomcat
/sbin/iptables -t nat -I PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 8080
# save the iptable rules
/sbin/iptables-save
# make sure iptables starts up by default after a server restart
chkconfig --level 35 iptables on

This worked like a charm and kept my security in tact.

Any drawbacks?

Thanks,

Joe
 
Saloon Keeper
Posts: 27752
196
Android Eclipse IDE Tomcat Server Redhat Java Linux
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Nope, as long as you don't need anything other than J2EE on port 80, that's one of the simplest ways to have a Tomcat running without reconfiguring the ports to use port 80 directly. Which isn't recommended, since that requires Tomcat to run as a root user.

If you need non-tomcat services, you'll have to put up a full-blown proxy server, but otherwise, you're fine.
 
Ranch Hand
Posts: 147
Eclipse IDE Tomcat Server Debian
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Another option, if you only need it on port 80, would be to change Tomcat's server.xml, specifically the HTTP connector's port attribute. No need to alter your system's iptables this way.
 
Tim Holloway
Saloon Keeper
Posts: 27752
196
Android Eclipse IDE Tomcat Server Redhat Java Linux
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Pete Nelson wrote:Another option, if you only need it on port 80, would be to change Tomcat's server.xml, specifically the HTTP connector's port attribute. No need to alter your system's iptables this way.



However in Linux/Unix systems, listening on port 80 requires that the listener process is running with root privileges. Which means that anyone who can suborn Tomcat can potentially own the entire server - not to mention any other servers whose security depends on no network-internal funny business.

The IPTABLES approach is much safer, because it allows Tomcat to run as an ordinary (non-privileged) user, thus limiting the potential for mischief.
 
reply
    Bookmark Topic Watch Topic
  • New Topic