Win a copy of Modern JavaScript for the Impatient this week in the Server-Side JavaScript and NodeJS forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Ron McLeod
  • Paul Clapham
  • Bear Bibeault
  • Junilu Lacar
Sheriffs:
  • Jeanne Boyarsky
  • Tim Cooke
  • Henry Wong
Saloon Keepers:
  • Tim Moores
  • Stephan van Hulst
  • Tim Holloway
  • salvin francis
  • Frits Walraven
Bartenders:
  • Scott Selikoff
  • Piet Souris
  • Carey Brown

Apache forwarding all requests to Tomcat

 
Ranch Hand
Posts: 226
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I have RHEL server and Apache  is forwarding all http(s) requests to tomcat server. This was deliberately done by someone else to make few things work. I want to filter some URLS and wondering how should I go about it? By filter I mean, let's say I want to access Apache ActiveMQ using the following URL : http://myservername.com:8161/admin , it should not get forwarder to tomcat. Is there a way I could do this in, maybe in SSL conf?
 
Saloon Keeper
Posts: 22479
151
Android Eclipse IDE Tomcat Server Redhat Java Linux
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Usually the easiest way to ensure that different requests go to different apps (whether all on the same server or on multiple backend servers) is to define an Apache VirtualHost.

So, for example, virtualhost tomcatapp.coderanch.com might go to a Tomcat cat application but mqserver.coderanch.com would route to the MQServer. You can have Apache listen on any port(s) you like, and forward to any ports you like. Each virtualhost can share a port with other virtual hosts (especially ports 80 and 443).
 
Jack Tauson
Ranch Hand
Posts: 226
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

Tim Holloway wrote:Usually the easiest way to ensure that different requests go to different apps (whether all on the same server or on multiple backend servers) is to define an Apache VirtualHost.

So, for example, virtualhost tomcatapp.coderanch.com might go to a Tomcat cat application but mqserver.coderanch.com would route to the MQServer. You can have Apache listen on any port(s) you like, and forward to any ports you like. Each virtualhost can share a port with other virtual hosts (especially ports 80 and 443).



Thanks. So does this virtualhost thing needs to happen inside SSL conf of Apache? I haven't done anything like this before and hence wondering about it. Thanks !
 
Sheriff
Posts: 21997
107
Eclipse IDE Spring VI Editor Chrome Java Ubuntu Windows
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
You can (probably) also do this with one host. Just use a <Location> (or <LocationMatch>) element in your Apache configuration, and define the custom routing there. Note that the location matters, at least if you're using multiple <Location> and/or <LocationMatch> elements - as far as I know, they are evaluated from top to bottom.
 
Tim Holloway
Saloon Keeper
Posts: 22479
151
Android Eclipse IDE Tomcat Server Redhat Java Linux
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Yes you can, but if they are different apps, I wouldn't do it that way. A VirtualHost is easier and simpler.

The only real problem with VirtualHost is if the client runs HTTP version 1.0, which didn't allow multiple hostnames for the same IP address. But that's a protocol that's probably been dead for 15 years.
 
Rob Spoor
Sheriff
Posts: 21997
107
Eclipse IDE Spring VI Editor Chrome Java Ubuntu Windows
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Another issue may be SSL certificates. Those may not be available for a wildcard domain, and not every company feels comfortable using Let's Encrypt.
 
Tim Holloway
Saloon Keeper
Posts: 22479
151
Android Eclipse IDE Tomcat Server Redhat Java Linux
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

Rob Spoor wrote:Another issue may be SSL certificates. Those may not be available for a wildcard domain, and not every company feels comfortable using Let's Encrypt.



If it's important enough to need an SSL cert and Let'sEncrypt isn't an option, there's no reason for not getting a server cert for a virtualhost. It's not like Apache only supports 1 cert per instance.

Actually, I use LetsEncrypt and I do not have myself set up for wildcard certs. Each of my proxied virtual hosts has its own distinct cert.
 
Jack Tauson
Ranch Hand
Posts: 226
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

Tim Holloway wrote:Yes you can, but if they are different apps, I wouldn't do it that way. A VirtualHost is easier and simpler.

The only real problem with VirtualHost is if the client runs HTTP version 1.0, which didn't allow multiple hostnames for the same IP address. But that's a protocol that's probably been dead for 15 years.



When you say "if the client runs HTTP version 1.0, which didn't allow multiple hostnames for the same IP address", did you mean to say browser? Trying to understand what client you are referring here. Thanks !
 
Tim Holloway
Saloon Keeper
Posts: 22479
151
Android Eclipse IDE Tomcat Server Redhat Java Linux
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
"Client" is whatever remote application is making requests to the Server. Generally this will be a web browser, but a command-line client application is often used to request web services. For example, I have a client that runs as an OSGi process and once a day, it pulls information from the National Hurricane Center and formats it for me to look at later. I also have weather-sensing equipment that uses short-range radio to a receiver which then posts the observations to a webapp which can display them and keep a history in a database. Another client is a wall-mounted e-paper display device that retrieves and displays some of that information, as well as the daily weather forecast.
 
Jack Tauson
Ranch Hand
Posts: 226
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

Tim Holloway wrote:Usually the easiest way to ensure that different requests go to different apps (whether all on the same server or on multiple backend servers) is to define an Apache VirtualHost.

So, for example, virtualhost tomcatapp.coderanch.com might go to a Tomcat cat application but mqserver.coderanch.com would route to the MQServer. You can have Apache listen on any port(s) you like, and forward to any ports you like. Each virtualhost can share a port with other virtual hosts (especially ports 80 and 443).



Quick question:

I was reading about virtual host here (http://dev.antoinesolutions.com/apache-server/virtual-host) and it says the following:

"The term Virtual Host refers to the practice of maintaining multiple servers on one machine, each server being defined by it's hostname (domain)."



However, in my scenario, both the apps are on the same server. So does the solution you provided works in my scenario? Thanks !
 
Tim Holloway
Saloon Keeper
Posts: 22479
151
Android Eclipse IDE Tomcat Server Redhat Java Linux
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
A virtual host name is the domain name that a client addresses a web application by. Using virtual hosts, the same server machine (apache instance) could host perhaps www.coderanch.com and www.permies.com. A DNS lookup on those domain names might resolve both to the same IP address, but apache looks at the name in the URL to know which site the incoming request actually must be routed to.

Nothing in virtual hosts limits where the backend processes are handled. I could front coder and.com and permies.com to two different machines each running a copy of Tomcat, with one machine running the coderanch webapp and one running the permies app. Or, since Tomcat can host multiple webapps, both webapps might live in the same copy of Tomcat on the same machine. And that machine might be the same machine that Apache is running on or it might be some other machine entirely.

It's all very flexible.
 
Jack Tauson
Ranch Hand
Posts: 226
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

Tim Holloway wrote:A virtual host name is the domain name that a client addresses a web application by. Using virtual hosts, the same server machine (apache instance) could host perhaps www.coderanch.com and www.permies.com. A DNS lookup on those domain names might resolve both to the same IP address, but apache looks at the name in the URL to know which site the incoming request actually must be routed to.

Nothing in virtual hosts limits where the backend processes are handled. I could front coder and.com and permies.com to two different machines each running a copy of Tomcat, with one machine running the coderanch webapp and one running the permies app. Or, since Tomcat can host multiple webapps, both webapps might live in the same copy of Tomcat on the same machine. And that machine might be the same machine that Apache is running on or it might be some other machine entirely.

It's all very flexible.



Thanks everyone. I have following question. So I did set it the virtual host in the following manner:




Where 10.11.289.118 is the IP address of the server myserver1.as.abc.com

And I have also included Listen : 8090 line in my ssl.conf. However, when I tested the following commands on the server, using wget commands Iam getting connection timed out:




What could be the issue? Firewall or port issues?
 
Tim Holloway
Saloon Keeper
Posts: 22479
151
Android Eclipse IDE Tomcat Server Redhat Java Linux
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Your VirtualHost should be a host domain name, not an IP address. The primary purpose of VirtualHosts is to allow multiple hostnames for a single IP address, so giving an IP address there is fairly pointless.

Also, you shouldn't tell Apache to listen at 8090. That will cause it to fight with Tomcat, which also wants to listen at 8090. Only one application can own a TCP/IP port, so whoever grabs it later loses. Apache will be listening at ports 80 and 8443, and it will proxy over to Tomcat's AJP port, which is 9080.

Tomcat also does not require any SSL configuration to run behind Apache. Apache itself takes care of the SSL and you would define that by specifying the SSL Certificate to be used within the VirtualHost definition. Also be sure to define the SSL port number on the VirtualHost element like so: <VirtualHost www.coderanch.com:443>
 
Jack Tauson
Ranch Hand
Posts: 226
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

Tim Holloway wrote:Your VirtualHost should be a host domain name, not an IP address. The primary purpose of VirtualHosts is to allow multiple hostnames for a single IP address, so giving an IP address there is fairly pointless.

Also, you shouldn't tell Apache to listen at 8090. That will cause it to fight with Tomcat, which also wants to listen at 8090. Only one application can own a TCP/IP port, so whoever grabs it later loses. Apache will be listening at ports 80 and 8443, and it will proxy over to Tomcat's AJP port, which is 9080.

Tomcat also does not require any SSL configuration to run behind Apache. Apache itself takes care of the SSL and you would define that by specifying the SSL Certificate to be used within the VirtualHost definition. Also be sure to define the SSL port number on the VirtualHost element like so: <VirtualHost www.coderanch.com:443>



Thanks for the info.

So I can define it like this then?



So if I have to access a file (dataexport.php) inside PHPExport directory, I can do it like this?

https://myserver1.as.abc.com:443/dataexport.php
 
Tim Holloway
Saloon Keeper
Posts: 22479
151
Android Eclipse IDE Tomcat Server Redhat Java Linux
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
You could, but this URL would work just as well:


The default port for https is 443, so you don't have to explicitly state it. Unless you want to.

You have the port number on your ServerName statement and I'm pretty sure that's not correct. I think that ServerName is just the server name. Fortunately, I don't think it actually controls anything other than being the server name that gets displayed in error pages, but check the documentation.
 
Jack Tauson
Ranch Hand
Posts: 226
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

Tim Holloway wrote:You could, but this URL would work just as well:


The default port for https is 443, so you don't have to explicitly state it. Unless you want to.

You have the port number on your ServerName statement and I'm pretty sure that's not correct. I think that ServerName is just the server name. Fortunately, I don't think it actually controls anything other than being the server name that gets displayed in error pages, but check the documentation.



Hmm. The problem is if I comment out every changes I have done so far and just type https://myserver1.as.abc.com, it's redirecting me to a specific app deployed on tomcat. Basically the URL changes to https://myserver1.as.abc.com/CompanyWS/index.html, where, CompanyWS is the name of the WAR file deployed on the tomcat.

Since these ports related thing is creating confusion. One other solution could be to go with a different DNS entry, something like - myserver11.as.abc.com so that when I type https://myserver11.as.abc.com it won't redirect me to  https://myserver1.as.abc.com/CompanyWS/index.html and I can easily access to the path https://myserver1.as.abc.com/dataexport.php ?
 
Tim Holloway
Saloon Keeper
Posts: 22479
151
Android Eclipse IDE Tomcat Server Redhat Java Linux
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Note that DNS converts domain hostnames into IP addresses. That's all it does. There's nothing in DNS that says what port(s) that domain name goes to. Port numbers go to Well-Known Ports by default, or explicitly-selected ports if you designate them.

You can make a hybrid web application that's part Tomcat and part PHP. If you'll recall, you declare a URL pattern as part of the proxy definition within your virtualhost, and if you want to, you can not only server up PHP and proxies to Tomcat in the same VirtualHost, you could even proxy to more than one Tomcat/application.

However, this can get quite messy and since Tomcat webapps and PHP apps deploy quite differently, it's generally better to define a separare virtualHost for each language sub-application and use cross-referencing URLs when they need to invoke each other.

Anotther alternative is to use Apache's redirect directive to split out the logic paths. That's fairly common.
 
permaculture is a more symbiotic relationship with nature so I can be even lazier. Read tiny ad:
Thread Boost feature
https://coderanch.com/t/674455/Thread-Boost-feature
    Bookmark Topic Watch Topic
  • New Topic