• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

Apache 2.2 to Tomcat Virtual Host from differnt machines not working

 
Ranch Hand
Posts: 117
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I dont know if the Tomcat Forum serves the VisrtualHosts questions so apologies in advance.

I have a scenario where all the requests to the Tomcat Server (Application Server) should go through the Apache 2.2 (Web server). Both the servers are on 2 different machines. The 2 machines are not on the same domain or network due to security reasons.

I have to use a Virtual Host setting like below because this had already been used by other developers in my company and its fully tested and works fine.




This works fine for me if I install both the apache and tomcat server on the same machine. However, if I install the Apache and Tomcat Server on different machines (As Required) then I make few changes to the HTTPD.conf and after that I am unable to access the Application through Apache. The application is accessible from the WebServer through the Appplication URL though (using port 8080).

Can somebody please help me in pointing out what I am doing wrong?

After changing the WebServerFullName, the ApplicationServerFullName and the Network Path to Application Deployment Folder on Tomcat, the New Virtual Host Settings are:



I have my doubt on the Network Path to the application deployment Folder on Tomcat because as the 2 computers are not on the same Network, the network administrator had to give me a Strange Path considering the DOLLAR ($) sign in it, \ApplicationServerFullName\cim$\apache-tomcat-7.0.63\webapps\app (Which is accessible from WebServer through the browser though)

Other Details Are:

  • Apache2.2
  • apache-tomcat-7.0.63-windows-x64
  • Windows Server 2012 for both Web And Application Servers.


  • Tomcat Server.xml AJP Settings:





    Error.log:





    Rewrite.log





    Access.log

     
    Saloon Keeper
    Posts: 27764
    196
    Android Eclipse IDE Tomcat Server Redhat Java Linux
    • Mark post as helpful
    • send pies
      Number of slices to send:
      Optional 'thank-you' note:
    • Quote
    • Report post to moderator
    Interesting. Normally, you're going to be more secure if your machines are on the same domain and network.

    There are 2 ways for Apache to serve as a reverse proxy for Tomcat. One is to use the Apache mod_jk plugin. The other is to use mod_proxy.

    I haven't used mod_jk in quite a few years. Although it does have, I believe, some abilities that mod_proxy does not, mod_proxy is the recommended plugin these days.

    I think, based on a preliminary view, that you're thinking that you need to use URL rewriting rules to do the proxying. That's not true. Your exact needs are not totally clear, but I'll start with common usage and we can adapt as needed.

    First, assume that the Tomcat webapp's public URL might look something like this: http://app1.coderanch.com/home.jsp . The Tomcat-local URL that would be involved might then look something like this: http://tomcat-host.altcoderanch.com/app1/home.jsp.

    You first would define in Apache, a VirtualHost directive so as to envelope the directives related to app1.coderanch.com.

    One of the most important things that you would then place within this directive would be the proxy information. First and foremost, what mechanism you are using: mod_jk or mod_proxy. Note that there used to be a mod_jk2. It was a dead end and anything useful in it was put into mod_jk.

    For mod_proxy, you'd use the ProxyPass and ProxyPassReverse directives to set up the linkage AND to do the basic URL rewriting:


    caution use ProxyPassReverse with extreme care. If you don't configure properly, email spammers can subvert it to send spam, making you a bad Internet citizen and consuming a lot of your network and computer resources.

    For mod_jk, things are more complicated. You have to define a workers.properties file that indicates the hostname/ip and port (usually 8009) of the Tomcat's coyote connector. Since there's no full rewrite pattern here the way there is with mod_proxy, I think you do have to do a partial Apache rewrite (mod_rewrite_ to inject the Tomcat webapp's context path into the proxied URL, but a quick scan of the docs doesn't make that clear. You would have to have a JkMount directive, however. JkMount defines a URL path-to-worker mapping. For example:


    Then the worker1 definitions in the workers.properties file would determine where the proxy request would be routed. An equivalent would be to define a mount point in the workers.properties, but I don't like that idea because it puts stuff related to the Apache URL in Tomcat definitions instead of in the Apache definitions where all the other Apache URL-related directives go.

    As I said, I haven't worked with mod_j in quite a long time. It does tend to be quite confusing and messy compared to mod_proxy if you have the choice.

    Mod proxy also has 2 modes. Basic mod_proxy, which just forwards http(s) requests (for example Apache port 80 to Tomcat port 8080) and mod_proxy_ajp, which uses the ajp binary protocol to talk to Tomcat's port 8009.
     
    Fawad Ali
    Ranch Hand
    Posts: 117
    • Mark post as helpful
    • send pies
      Number of slices to send:
      Optional 'thank-you' note:
    • Quote
    • Report post to moderator
    Tim,
    Like always, thanks a lot for the reply.

    I am using the following apart from the defaults




    My Webserver is on one machine which is not part of the internal company domain due to security reasons.
    I want all requests to the Application Server to pass through the Webserver.
    First, I tried installing the 2 servers on the same machine and everything worked fine for me.
    The problem comes when I installed the Webserver on a different machine which is not part of the domain. Initially, the computer was unable to access the Tomcat location (Not the URL but actual folder location) but later on the network administrator managed to allow the access through a strange kind of URL \\ApplicationServerFullName\cim$\apache-tomcat-7.0.63\webapps\app I am able to access the tomcat server's webApps folder by this URL from the WebServer in the browser.
    But when I put that URL in the Virtualhost's Directory directive, it is then that the problem arise and I am unable to access the application through Apache.
    I am not sure but I guess the issues arise due to one of the following:
  • HTTPD.conf setting does not understand the shared location path due to the dollar sign \\ApplicationServerFullName\cim$\apache-tomcat-7.0.63\webapps\app. If this is the case, what should I do then?
  • The virtual host's directory directive shouldn't use the network location of tomcat from Webserver which is \\ApplicationServerFullName\cim$\apache-tomcat-7.0.63\webapps\app. Instead, it should use the relative path within the application server which is D:\apache-tomcat-7.0.63\webapps\app. I will try this one and will see if this fix the issue


  • Thanks a lot for your time
     
    Tim Holloway
    Saloon Keeper
    Posts: 27764
    196
    Android Eclipse IDE Tomcat Server Redhat Java Linux
    • Mark post as helpful
    • send pies
      Number of slices to send:
      Optional 'thank-you' note:
    • Quote
    • Report post to moderator
    What you have here is confusion between file serving and web serving.

    A file server is a host that presents files "as is" over a LAN as though those files were local to the client machine. You can therefore do file open/close/read/write/update/delete and status operations using your client machine's OS file services. Subject to file access restrictions and some possible distortions in meanings if you're not running a common OS on both fileserver and file client machines.

    A web server, on the other hand, presents content in response to a URL request. Whether the content physically exists in a file or it is synthesized via web application logic depends entirely on how the web application was written. You cannot use OS file services to read/write/etc./etc.

    When using Microsoft Windows Lan Manager (also known as CIFS), the filename path for a LAN-shared file is in the form of a "UNC" name as follows:



    Which may look familiar to you from your example.

    The fundamental problems here are that a UNCname does you absolutely no good if the server is not on the same LAN as the client machine. At a minumum, there has to be a trust relationship between the domain of the client and the domain of the server.

    UNC names and LAN shares are for OS-local use. They should not (generally cannot) be used over the Internet or between an Apache http server and a Tomcat server. A Tomcat server can use a network share to locate OS-local resources used to resolve URL requests, but you may have to override some Tomcat security options. You can never use Tomcat to present the actual files directly to Apache or any other client. since Tomcat is not a file server, it's a webapp server.

    Using mod_proxy_ajp you need a ProxyPass Apache directive to convert Apache URL locations to Tomcat equivalents, targeting Tomcat's ajp port 8009. So, for example:

     
    Tim Holloway
    Saloon Keeper
    Posts: 27764
    196
    Android Eclipse IDE Tomcat Server Redhat Java Linux
    • Mark post as helpful
    • send pies
      Number of slices to send:
      Optional 'thank-you' note:
    • Quote
    • Report post to moderator
    Incidentally, a "$" at the end of a sharename has magic significance. It makes the share name invisible for network browsing. You'll often see shares for "C$, D$, E$" and so forth which may be employed by LAN-based backup and restore systems to backup the C, D, and E (or whatever) drives.
     
    Fawad Ali
    Ranch Hand
    Posts: 117
    • Mark post as helpful
    • send pies
      Number of slices to send:
      Optional 'thank-you' note:
    • Quote
    • Report post to moderator
    Thanks a lot Tim for your help.

    The error was due to the fact that AJP port for tomcat was not accessible from outside.

    After opening the port, I simply placed the static content on the server on which Apache was hosting so I did not need to have a network path be mapped on the WebServer.

     
    Mo-om! You're embarassing me! Can you just read a tiny ad like a normal person?
    a bit of art, as a gift, that will fit in a stocking
    https://gardener-gift.com
    reply
      Bookmark Topic Watch Topic
    • New Topic