I have a few tomcats load balanced behind a VIP(virtualIP) and Apache is configured to talk via AJP to the tomcat VIP. There is a need to know which tomcat served the request for debugging/monitoring purposes. And so the tomcat instance that served the request should ideally send a unique response header .
However I dont see how I can achieve that without writing custom filter code to do that. Ideally I want this unique header value to reside in tomcat conf/properties folder.
Any suggestions ?
Related
I am using mountebank to mock a number of REST APIs, each one is accessible through a random port. Users are able to create new mocks or remove old ones whenever they need to.
So I want to setup an apache server such that it maps the suffix of the server url to the associated port, for example: myserver.com/8000 gets automatically proxied to myserver.com:8000
I could regenerate apache config while adding a new reverse proxy, but I would need to restart the server each time and I don't think that's a good idea.
I tried using mod_proxy_express which dynamically generate a proxy map but it seems to only map servers names and not individual paths.
Is this technically possible in apache, or any other web server for that matter ?
I have set up an Apache Web Server 2.4 to act as a proxy for Apache Tomcat 7, communicating via the AJP protocol (mod_proxy_ajp on the Apache side and an AJP connector on the Tomcat side). Everything works great for basic functionality.
Now, I am looking to set some specific AJP attributes, but can't quite get it to work...
Looking at the mod_proxy_ajp page (http://httpd.apache.org/docs/current/mod/mod_proxy_ajp.html), under the Request Packet Structure section, I see a listing of attributes. These attributes include the likes of remote_user, and ssl_cert (code values 0x03 and 0x07, respectively). There is also an "everything else" attribute called req_attribute with code value 0x0A that can be used to set any arbitrary attribute in an AJP request.
Further, on the same page, under the Environment Variables section, it states the following:
Environment variables whose names have the prefix AJP_ are forwarded to the origin server as AJP request attributes (with the AJP_ prefix removed from the name of the key).
This seems straightforward enough, and indeed, I am easily able to set an arbitrary AJP attribute such as "doug-attribute" by setting an Apache environment variable called "AJP_doug-attribute", and assigning a relevant value. After doing such, I can analyze the traffic using Wireshark, and see the "doug-attribute" field show up in the dissected AJP block, prefixed with a hex value of 0x0A (the "req_attribute" type listed above). So far so good.
Now I want to try to set the ssl_cert attribute. In the same fashion, I set an environment variable called "AJP_ssl_cert". Doing so, it does show up in Wireshark, but with prefix code "0x0A". Further, my Java application that wants to read the "javax.servlet.request.x509certificate" does not find the certificate.
However, I also notice some other attributes in the Wireshark capture that are listed on the website, like ssl_cipher and ssl_key_size. But in the capture, they show up as "SSL-Cipher" and "SSL-Key-Size" (and have the appropriate "0x08" and "0x0B" prefix codes). So, I try setting the cert attribute again, this time as "SSL-Cert", but I get the same results as before.
To compare, I altered the Apache configuration to require client certificates, and then provided one in the browser when visiting the associated web page. At this point, I look at the Wireshark capture, and sure enough, there is now an attribute named "SSL-Cert", with code "0x07", and my web application in Tomcat is successfully able to find the certificate.
Is there any way that I can manually set the attributes listed on the mod_proxy_ajp page, or does the module handle them differently from other arbitrary request attributes (like "doug-attribute")? I feel like there must be something I am missing here.
As some background, the reason that I am trying to do this is that I have a configuration with multiple Apache web servers proxying each other, and then at the end, an Apache web server proxying to a Tomcat instance via AJP. All the Apache web servers use SSL and require client certificates. With just one Apache server, Tomcat can receive the user's certificate just fine without any special configuration on my part. However, with multiple, it ultimately receives the server certificate of the previous Apache proxy (set on that machine using the SSLProxyMachineCertificateFile directive).
What I am hoping to do is place the original user's certificate into the headers of the intermediate proxied requests, and then manually set that certificate in the AJP attributes at the back end so that the web application in Tomcat can read the certificate and use it to perform its authorization stuff (this part is already set in stone, otherwise I would just add the certificate as a header and make the Java app read the header).
EDIT: of course, if there is an easier way to accomplish passing the user's certificate through the proxy chain, I'd be more than happy to hear it! :)
I am trying to integrate the liferay tomcat with apache web server.I successfully integrate the liferay with web server.
Condition:
Life ray deployed on ip say : 10.10.10.70
Apache web server on ip say: 10.10.10.80
I provided all the requirement virtual host requirement in httpd.conf file..and provided the web.server.host in portal-ext.properties file.
Problem: When i run liferay portal i can open it on ip: 10.10.10.70
but when i click on any page link (let say /home)that is present in my portal it moved the request to
10.10.10.80:8080/home instead of 10.10.10.70:8080/home
I want to know how to handle this condition.
Because i dont have any page resource on web server doc folder only contain static css..
You might be a bit more precise what "all the required virtual host settings" are, e.g. what did you configure?
Note that by explicitly configuring hostnames/IP-addresses, you're explicitly overriding the autodetected settings from the request - no matter how you get to your portal, Liferay will generate URLs based on the explicitly configured hostname/port.
What's the point in having an Apache in front and then trying to reach tomcat through the non-apache IP/Port? Typically you might have static resources, rewrites, caches on Apache, so that you'll get different results when you alternatively access tomcat through both URLs.
If you configure Apache to "properly" handle the requests before tomcat sees them, you'll typically not need to configure Liferay at all, because Apache will make the actual hostname that it's requested under available to Tomcat. I'm typically using mod_jk for this and it beautifully handles all the configuration with almost no need to explicitly configure tomcat/liferay. If you don't like this, keep in mind that you're explicitly configuring Liferay for the virtual host setup - naturally this explicitly configured name is what Liferay uses. It would be weird if the explicit value would not be used, right?
When using the basic Tomcat container in Cloudbees, are the static files served by Tomcat or Apache? I need to set the header so browsers do not cache a certain file which would be done in the Apache .htaccess file or I could write a servlet filter for Tomcat to do the same thing.
Cloudbees don't use Apache frontend but nginx. All requests, including static resources, are served by the application container (tomcat, jboss). A best practice is to distribute them on a CDN for better performances and low latency for application users, see http://wiki.cloudbees.com/bin/view/RUN/Using+a+CDN
In my experience all requests arrive at the Tomcat level.
Here is an exempt from my service logs at cloudbees:
11:10:53.031 [http-8841-2] DEBUG o.s.w.s.DispatcherServlet - DispatcherServlet with name 'spring' processing GET request for [/resources/images/logo.png]
Obviously the request for the logo.png file got there.
By the way, I think they use ngineX not Apache.
Using Weblogic 11g and want to be able to add headers to all files served up by weblogic. There is no seperate web server sitting in front of weblogic. Cannot find a way to configure weblogic to add header to the HTTP response. In IIS you can easily do this by choosing the server and clicking to add headers. Looking for the equivalent way to do this in weblogic.
I dont think this is configurable. You would have to write a Filter to manipulate the headers as you need.
As a hint, you could try something along the lines of this package http://flavio.tordini.org/http-headers-filter. I have not tried this myself
If you have the option of putting Apache server in front of your Weblogic server, then you can configure Apache to do that using this. As an additional benefit, you can configure the Apache server to serve static content.
PS: Not just Apache but Lighttpd and Nginx also allow you to do that.
<url-rewriting-enabled></url-rewriting-enabled>
Can occur zero or one time.
When this flag is set to false, WebLogic will add the following header with the response Cache-control: no-cache=set-cookie so that the proxy caches do not cache the cookies.
defaults to true
http://w3processing.com/Setups.php?freepageId=19