• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Ron McLeod
  • Paul Clapham
  • Bear Bibeault
  • Junilu Lacar
Sheriffs:
  • Jeanne Boyarsky
  • Tim Cooke
  • Henry Wong
Saloon Keepers:
  • Tim Moores
  • Stephan van Hulst
  • Tim Holloway
  • salvin francis
  • Frits Walraven
Bartenders:
  • Scott Selikoff
  • Piet Souris
  • Carey Brown

semi complex httpd -> tomcat proxy setup issues

 
Greenhorn
Posts: 25
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hiya,
Here's the scoop.

1 apache 2.0.52 server
1 tomcat 6.0.18 server running on the same box on port 18080.

a requests come in to the apache server via a load balancer as follows

web browser -> port 80 - >load balancer ->lb redirects and handles 443 processing -> load balancer redirects (or sends) 80 traffic to the actual apache server.
apache server will then proxy to tomcat(localhost).. tomcat does some stuff, and sends it all back up the chain.

The issue I'm having is with the proxypass statements. The url names I'm dealing with change sometimes within each webapp.. like..

https://load.balanceddomain.com/applicationname -> proxies to http://internal.appserver.com:18080/web/applicationname/home
it can also...
https://load.balanceddomain.com/applicationname -> proxies to http://internal.appserver.com:18080/group/applicationname/home
and rarely could be..
https://load.balanceddomain.com/c/portal/login -> proxies to http://linternal.appserver.com:18080/c/portal/login

as I said before though.. the browser is always https, but the load balancer does all of the 443 processing, so as far as the appserver/tomcat are concerned, they just need to work on 80/18080 (i changed the port myself).

I need to come up with a modular proxypass statement, or some other alternative to allow flexibility to accomodate the 3 situations above.

Any thoughts?
 
Saloon Keeper
Posts: 22484
151
Android Eclipse IDE Tomcat Server Redhat Java Linux
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
mod_jk does not use port 8080 (default) for requests from Apache. It uses a separate proxy port (8009 by default) and a special inter-server protocol protocol (ajp). It also has load balancing capabilities of its own so that one Apache can front multiple Tomcats in a cluster.

The newer proxy module does something similar.
 
Derek Murphy
Greenhorn
Posts: 25
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I'm not trying to get load balancing/clustering working in apache or tomcat. While there are 2 tomcats running on the same box, neither serve the same applications.

tomcat 5.5 - 8080
tomcat 6.0.18 - 18080

im using mod_proxy, not mod_jk. I guess more of what I need to figure out is how to do wildcard type functionality with mod_proxy/proxypass to be able to get some fancy proxying going on.
 
Derek Murphy
Greenhorn
Posts: 25
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I've gotten much further, and I think now my need has changed. Below is the config I'm working with, and now essentially all I need to figure out is how to get /discovery-warranty to always be in the URL, regardless of what someone clicks on, until they go to another location.

For example. http://www.domain.com/discovery-warranty
this needs to be authenticated with a /location directive.

there will be other /discovery-somethings that will be authenticated with a /location directive.

We have a load balancer that checks for www.domain.com/discovery-somethings and if it receives a request for www.domain.com/somethingNotDiscovery it will redirect to a main login page... so I need to make sure for each proxy statement, the url is modified/or maintained to always have discovery-something as the first part(or complete) uri, regardless of what someone clicks on while they are in a particular proxied app.




#
# Proxy back to tomcat
#
<Location /web/testwarranty>
Satisfy any
Options -FollowSymLinks -Indexes
AllowOverride None
Order deny,allow
Deny from all
Allow from env=BYPASS_AUTH

AuthLDAPEnabled on
AuthLDAPAuthoritative on
AuthName "Demo"
AuthType basic
AuthLDAPBindDN "CN=demoadmin,OU=Demo,DC=something,DC=domain,DC=com"
AuthLDAPBindPassword "somepass"
AuthLDAPURL "ldap://ldapserver:3268/DC=something,DC=domain,DC=com?sAMAccountName?sub?(objectClass=user)"
AuthLDAPGroupAttributeIsDN on

Require user "dmurphy"
</Location>

#
<Location /web/guest>
Satisfy any
Options -FollowSymLinks -Indexes
AllowOverride None
ReWriteEngine on
Order deny,allow
Deny from all
Allow from env=BYPASS_AUTH

AuthLDAPEnabled on
AuthLDAPAuthoritative on
AuthName "Demo"
AuthType basic
AuthLDAPBindDN "CN=demoadmin,OU=Demo,DC=something,DC=domain,DC=com"
AuthLDAPBindPassword "somepass"
AuthLDAPURL "ldap://ldapserver:3268/DC=something,DC=domain,DC=com?sAMAccountName?sub?(objectClass=user)"
AuthLDAPGroupAttributeIsDN on

Require user "bwood"
</Location>

# enable the SSL proxying
#SSLProxyEngine On
RewriteEngine on
RewriteRule ^/discovery-warranty$ http://labvm42-107.lab.domain.com:18080/web/testwarranty/home

ProxyRequests off

#the proxy location (app) automatically redirects to web/guest which is why the first location is for web/guest
ProxyPass /discovery-web-guest http://labvm42-107.lab.domain.com:18080
ProxyPassReverse /discovery-web-guest http://labvm42-107.lab.domain.com:18080

ProxyPass /discovery-warranty http://labvm42-107.lab.domain.com:18080/web/testwarranty
ProxyPassReverse /discovery-warranty http://labvm42-107.lab.domain.com:18080/web/testwarranty

#This / catchall seems to be the only way to get additional page clicks to work as each click changes the url in some way.
ProxyPass / http://labvm42-107.lab.domain.com:18080/
ProxyPassReverse / http://labvm42-107.lab.domain.com:18080/
 
Tim Holloway
Saloon Keeper
Posts: 22484
151
Android Eclipse IDE Tomcat Server Redhat Java Linux
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Is there any particular reason you're proxying using http instead of the ajp protocol?
 
Derek Murphy
Greenhorn
Posts: 25
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

Tim Holloway wrote:Is there any particular reason you're proxying using http instead of the ajp protocol?



ignorance?

are you saying instead of..
ProxyPass /discovery-web-guest http://labvm42-107.lab.domain.com:18080
ProxyPassReverse /discovery-web-guest http://labvm42-107.lab.domain.com:18080

it should be

ProxyPass /discovery-web-guest ajp://labvm42-107.lab.domain.com:18080
ProxyPassReverse /discovery-web-guest ajp://labvm42-107.lab.domain.com:18080


If so, what does that really change? Is performance better?
 
Police line, do not cross. Well, this tiny ad can go through:
Building a Better World in your Backyard by Paul Wheaton and Shawn Klassen-Koop
https://coderanch.com/wiki/718759/books/Building-World-Backyard-Paul-Wheaton
    Bookmark Topic Watch Topic
  • New Topic