Apache load-balancer: direct to specific application based on URL - apache

I have multiple applications deployed in Tomcat's webapps folder (app1.0, app1.1, app1.2 etc.). When I hit www.example.com:8080/app1.0, the corresponding application appears.
But how to do it on the load-balancing server? For instance, I have a website on which I can click a button (app1.0, app1.1, app1.2 etc.) and an URL pops up like: www.lb.com/app1.0/.../... How to direct to the app based on application version in URL? Use RewriteCond and regex and pass it to ProxyPass? I don't really how to script it, anyone could help? :)
Edit: This is what I done for the 2 apps for 1 Tomcat and 2 apps for 2 Tomcat, but I got 404 sometimes because the Tomcat that has another version has been chosen by the load-balancer.
<VirtualHost *:80>
#Add a http header to explicitly identify the node and be sticky
Header add Set-Cookie "ROUTEID=.%{BALANCER_WORKER_ROUTE}e; path=/" env=BALANCER_ROUTE_CHANGED
#Declare the http server pool
<Proxy "balancer://plf">
BalancerMember "http://worker1.com:8080" route=worker1
BalancerMember "http://worker2.com:8080" route=worker2
ProxySet stickysession=ROUTEID
ProxySet lbmethod=bybusyness
</Proxy>
#Common options
ProxyRequests Off
ProxyPreserveHost On
#Declare the redirection for the http requests
ProxyPassMatch "/app(.*)" "balancer://plf/app$1"
ProxyPassReverse "/app(.*)" "balancer://plf/app$1"

This is how I did it:
1) define a balancer proxy:
<Proxy balancer://portalcluster stickysession=JSESSIONID>
BalancerMember ajp://TOMCATSERVER1:8009 route=TOMCARSERVER1-0
BalancerMember ajp://TOMCATSERVER2:8009 route=TOMCATSERVER2-100
</Proxy>
2) proxy to it in your VirtualHost:
Listen 443
<Virtualhost *:443>
ServerName example.com
Alias /static /var/www/portalstatic
ProxyPass /static !
ProxyPass / balancer://portalcluster/
ProxyPassReverse / balancer://portalcluster/
</Virtualhost>
NB I removed a lot of configuration from these, that are not related to the question (logs, deny clauses, certificate directives, ...). This is just to illustrate the way I did the proxy.
NB2 I did leave the /static trick since this is usually something you will want to do. Static files must stay on the HTTP, and not send them from Tomcat all the time.

Related

Apache : Proxy Balancer, Send certain requests on both channels

I am working on a Spring-MVC based application which is running behind an Apache instance with reverse proxy. Currently, the setup works good with database related operations, but there are certain URL's, which when called, I would like to send request to both the servers. Example : /onlinestatus/*. If the user is currently on server1, then with our current setup, he is unaware of user on server2. But this is not correct, as both users are using the same platform. How can I instruct apache to pass certain URL's to both the platforms. Thank you.
sites-enabled/000-default :
<VirtualHost *:443>
ServerName www.domain.de
ProxyRequests off
ProxyPreserveHost On
ProxyPass /nagios !
ProxyReceiveBufferSize 4096
ErrorDocument 503 /error/message.html
ProxyPass /error/ !
ProxyPass /error/message.html !
SSLEngine on
SSLProxyEngine on
SSLCertificateFile /etc/letsencrypt/live/www.domain.de-0002/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/www.domain.de-0002/private.key
SSLCertificateChainFile /etc/letsencrypt/live/www.domain.de-0002/chain.pem
SSLProxyVerify none
SSLProxyCheckPeerCN off
ProxyPass / https://localhost:8443/
ProxyPassReverse / https://localhost:8443/
<Location / >
SetEnvIf Origin ^(https?://.+\.DOMAIN\.de(?::\d{1,5})?)$ CORS_ALLOW_ORIGIN=$1
Header append Access-Control-Allow-Origin %{CORS_ALLOW_ORIGIN}e env=CORS_ALLOW_ORIGIN
Header merge Vary "Origin"
Order allow,deny
Allow from all
</Location>
ProxyPass / balancer://mycluster/ stickysession=JSESSIONID nofailover=On
<Proxy balancer://mycluster>
BalancerMember https://SERVER_1_IP:8443 route=server1
</Proxy>
ProxyPass /balancer-manager !
ProxyPass / balancer://mycluster/
</VirtualHost>
You can't proxy a request to two servers. What would you expect to get? Two HTML documents? (and what if your cluster grows: 20 HTML documents?) How would they display?
If your application works in a cluster, and it's vital that users are aware of others working on the cluster, you'll need to make that information available on the business layer (by keeping track on logged in users in the backend - this could be the database or a cluster communication channel)
If you "just" need this information for system administration purposes - e.g. to know when it's safe to take one of the cluster machines out of service - then just utilize your loadbalancer's status information page.

Tableau Reverse Proxy Issue

I want to make Tableau (which is on an internal network) accessible on the public network. One of the ways recommended by Tableau Support is a Reverse Proxy.
I have set up the required modules and have the reverse proxy functioning. The login page is available through these settings in httpd given below. However, once I log in and want to open Projects, Views etc. It routes to
http://actualsite.com/#/vieworproject
which should actually be http://actualsite.com/tableauaccess/#/vieworproject.
Here is the httpd configuration:
ProxyPass /tableauaccess/ http://tableauserverexample.com/
ProxyPassReverse /tableauaccess/ http://tableauserverexample.com/
<Location /tableauaccess/>
Order deny,allow
Allow from all
ProxyHTMLURLMap / /tableauaccess/
</Location>
This doesnt solve the main issue with #. I tried
ProxyPass /#/ http://tableauserverexample.com/#/
ProxyPassReverse /#/ http://tableauserverexample.com/#
But it doesnt help. Any suggestions?? Thanks!
We had this same issue recently. Your httpd.conf file is technically correct for mod_proxy, however the url you are attempting to use is not supported by Tableau. You cannot use:
http://actualsite.com/tableauaccess
But rather you must use the format:
http://tableauaccess.actualsite.com
We ended up setting up that sub-domain name and then using a VirtualHost block such as:
Listen 80
NameVirtualHost *:80
<VirtualHost *:80>
ServerName actualsite.com
DocumentRoot "/path/path2/pathx"
</VirtualHost>
<VirtualHost *:80>
ServerName tableauaccess.actualsite.com
ProxyRequests Off
ProxyPreserveHost On
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
ProxyPass / http://tableauaccess.actualsite.com/
ProxyPassReverse / http://tableauaccess.actualsite.com/
<IfModule mod_cache.c>
CacheDisable *
</IfModule>
RequestHeader set X-Forwarded-Proto "http" #or "https", depending on preference
</VirtualHost>
Be sure to double-check your Tableau server to update the URL format.
Sources:
https://community.tableau.com/thread/198095
https://community.tableau.com/thread/218678
(I don't have enough reputation points to post all of my sources, but thanks to Tableau community, shanemadden at ServerFault, and the Apache documentation.)
edit: forgot trailing slashes

apache 2 proxypassreverse appends virtualhost port

I have been trying to setup a reverse proxy using apache 2 mod_proxy and the proxypass & proxypassreverse directives.
I am installing WSO2 Identity Server and wish to access that app using a url such as the following .
hxxp://myserver.domain.com/wso2/
The myserver.domain.com is accessible on the internet
Internally on my network I have set up a virtualhost running in my apache2 configuration with the following parameters:
For various reasons, port 80 is unavailable and the virtualhost must stay as :8080.
Finally, here is my virtual host configuration
<VirtualHost *:8080>
<Location /wso2/>
ProxyPass hxxps://internal.wso2.node:9443/
ProxyPassReverse hxxs://internal.wso2.node:9443/
</Location>
ProxyVia On
ProxyPreserveHost Off
ProxyAddHeaders Off
ProxyRequests Off
SSLProxyEngine On
SSLProxyCheckPeerCN Off
</VirtualHost>
The issue:
I can use my web browser ( Firefox/Chrome) to request the http://myserver.domain.com/wso2/ resource. In my log files I see that the request does hit the apache server and the virtualhost catches the /wso2/ location.
It passes through the proxy and lands on the internal.wso2.node server. however, the product WSO2 IS preforms several redirects which, in the log files I see it requesting the resource with the port appended.
Here is the request flow
hxxp://myserver.domain.com/wso2/ -> hxxps://internal.wso2.node:9443/
REDIRECT x3
hxxps://internal.wso2.node:8080/carbon ->
hxxps://internal.wso2.node:8080/carbon/admin/login.jsp
Back to my web browser
hxxp://myserver.domain.com:8080/wso2/carbon/admin/login.jsp
For some reason the apache response back appends its virtual host to the url I am requesting.
If I remove the port:8080 and request again the full url it will access the resource fine. However any attempt to access using only http://myserver.domain.com/wso2/ will result in redirects and the port appended.
As per covener's suggestion the culprit in this case proved to be the following directives:
UseCanonicalName Off
UseCanonicalPhysicalPort Off
Additionally, the web app I am trying to access makes use of sessions and cookies, therefore we must also proxy those, see the added directives under the ProxyPass & ProxyPassReverse.
Therefore the updated virtualhost configuration file should now look like this
<VirtualHost *:8080>
ServerName: myServer.domain.com
UseCanonicalName Off
UseCanonicalPhysicalPort Off
<Location /wso2/>
ProxyPass hxxps://internal.wso2.node:9443/
ProxyPassReverse hxxs://internal.wso2.node:9443/
ProxyPassReverseCookiePath / /wso2/
ProxyPassReverseCookieDomain internal.wso2.node myserver.domain.com
</Location>
ProxyVia On
ProxyPreserveHost Off
ProxyAddHeaders Off
ProxyRequests Off
SSLProxyEngine On
SSLProxyCheckPeerCN Off
</VirtualHost>

VirtualHost Same ServerName Different Directories

I have a running production website assigned to a host (redmine application). I need to add a new application to the same host as a sub-directory.
This is the current virtualhost configuration for redmine application which runs at base folder of host.
<VirtualHost *:80>
ServerName redmine.hostname.com
DocumentRoot "C:/BitNami/redmine-2.5.1-1/apps/redmine/htdocs/public/"
RewriteEngine On
RewriteRule ^/(.*)$ balancer://redminecluster%{REQUEST_URI} [P,QSA]
ProxyPass / balancer://redminecluster
ProxyPassReverse / balancer://redminecluster
<Proxy balancer://redminecluster>
BalancerMember http://127.0.0.1:3001
BalancerMember http://127.0.0.1:3002
</Proxy>
</VirtualHost>
So this application already runs at redmine.hostname.com. I want to add my own application and i want it to run at redmine.hostname.com/myapp/.
Whatever i did, i couldn't achieve this. I must not change the path of redmine, i must add new app to same virtualhost. There are no open ports other than 80, so i must make it run at redmine.hostname.com/myapp/
Basically, the redmine application must reply all requests that do not start with redmine.hostname.com/myapp/. My App should reply all requests that start with redmine.hostname.com/myapp.
What settings should i use?
If your application /myapp is located is c:/myappdir, the easiest way to configure apache to do what you want is to use this configuration:
<VirtualHost *:80>
ServerName redmine.hostname.com
DocumentRoot "C:/BitNami/redmine-2.5.1-1/apps/redmine/htdocs/public/"
Alias /myapp "c:/myappdir"
ProxyPass /myapp !
ProxyPass / balancer://redminecluster/
ProxyPassReverse / balancer://redminecluster/
<Proxy balancer://redminecluster>
BalancerMember http://127.0.0.1:3001
BalancerMember http://127.0.0.1:3002
</Proxy>
</VirtualHost>
Using an exclamation point as target for ProxyPass will exclude /myapp from the proxy configuration as documented here. Additionally you don't need a special RewriteRule since you don't modify the requests to redmine, ProxyPass should be enough.
It depends a little on whether your own app is hosted on the apache server itself, or it's proxied to another server/process.
If it's on the apache server itself, then just put 'myapp' into the document root. Then you need to remove your ProxyPass line and replace it with a locationmatch block
<VirtualHost *:80>
ServerName redmine.hostname.com
DocumentRoot "C:/BitNami/redmine-2.5.1-1/apps/redmine/htdocs/public/"
RewriteEngine On
RewriteRule ^/(.*)$ balancer://redminecluster%{REQUEST_URI} [P,QSA]
<LocationMatch "^(?!/myapp)">
ProxyPassMatch balancer://balancer://redminecluster
</LocationMatch>
ProxyPassReverse / balancer://redminecluster
<Proxy balancer://redminecluster>
BalancerMember http://127.0.0.1:3001
BalancerMember http://127.0.0.1:3002
</Proxy>
</VirtualHost>
So, the strategy is to forward everything which doesn't match /myapp to your existing redmine application. Everything matching /myapp will go to the document root. If your own app is proxied, then you need another locationmatch block which proxies /myapp to the correct location.

Apache mod-proxy load balancer maintenance

I have mod-proxy and mod-proxy-balancer setup as a load balancing reverse proxy. Something like this:
<Proxy balancer://example>
BalancerMember http://hostname:8000 keepalive=on
BalancerMember http://hostname:8001 keepalive=on
</Proxy>
ProxyPass / balancer://example/
ProxyPassReverse / balancer://example/
ProxyPreserveHost on
ProxyRequests Off
Is there a simple way to set this up to show a static maintenance page when all members of the balancer group are down? I've done that with a hardware load balancer previously and it was very useful.
Maybe you can use a hot standby. The example below is from the ProxyPass Directive section where it says "Setting up a hot-standby, that will only be used if no other members are available"
ProxyPass / balancer://hotcluster/
<Proxy balancer://hotcluster>
BalancerMember http://1.2.3.4:8009 loadfactor=1
BalancerMember http://1.2.3.5:8009 loadfactor=2
# The below is the hot standby
BalancerMember http://1.2.3.6:8009 status=+H
ProxySet lbmethod=bytraffic </Proxy>
As an alternative to RewriteRule you can do the same thing with appropriate ErrorDocument directives. We do something like this in which the proxy server itself hosts static error pages and the "hot-standby" host is http://localhost/some-app/.
Since your proxy seems to be the only page (probably in a VirtualHost), you can simply override error pages. Apache produces a 503 error, so this would look like:
# Document root is required because error documents use relative paths
DocumentRoot /var/www/html/
# Allow access to document root directory
<Directory /var/www/html/>
Order allow,deny
allow from all
</Directory>
# Actual change: If service is unavailable (no member available), show this page
ErrorDocument 503 /maintenance.html
If you want to use images inside the maintenance html, please not that you have to use absolute paths (e.g. /image.jpg) will load /var/www/html/image.jpg.