Apache HTTPD ProxyRemote and Balancer? - apache

browser (IE) -> apache httpd proxy -> Proxy 1 -> target url
Proxy 2 -> target url
Proxy n -> target url
So basically I want to make my own apache httpd proxy that works as a loadbalancer between choosing external proxy setup'ed in httpd conf.
Current setup:
ProxyPreserveHost On
ProxyRequests On
ProxyVia On
ProxyRemote * http://proxy_ip:80
This version works nicely but I can't figure out how to add several proxy's to ProxyRemote?
... seems not working when setuping as:
ProxyRemote * balancer://mycluster
Any ideas? Can it be achieved with apache or some other load balancer should be used?

Perhaps I'm a bit too late to help you, but it seems there is no clear answer elsewhere to your question, so this could be useful in the future.
Unfortunately the answer is you cannot achieve this kind of load balancing with Apache: as per the Apache documentation (https://httpd.apache.org/docs/2.4/mod/mod_proxy.html#proxyremote) the ProxyRemote directive only supports http and https schemas, not balancer://
Cannot really figure out why the Apache developers didn't consider this configuration, tough, since I found a patch for mod_proxy.c (http://apache-http-server.18135.x6.nabble.com/attachment/4777809/0/ProxyRemote-Balancer.patch) which seems to do the trick by essentially just adding the balancer:// schema to the list of matched protocols.

Maybe it could work if you set up another vhost on the proxy server mapping to the balancer, then proxy to that vhost via
ProxyRemote * http://balancer-proxy.vhost.local

Related

Apache mod_proxy configuration - URI patterns

I want to know the difference between the following apache mod_proxy configurations to resolve an issue. I need to forward a HTTP request like following URL from Apache web server to a remote Sun One server.
http://IP_ADDRESS:PORT/app_enu/start.swe?param1=test1&param2=test2
I configured the mod_proxy as follows
(a).
ProxyPass /app_enu/ http://<IP_ADDRESS>:<PORT>/app_enu/
ProxyPassReverse /app_enu/ http://<IP_ADDRESS>:<PORT>/app_enu/
But the URL is not working properly (not invoking the service as I expected – start.swe).
I want to know what is the difference between above model (a) and following model (1), (2) and (3).
1. ProxyPass /app_enu/* http://<IP_ADDRESS>:<PORT>/app_enu/
2. ProxyPass /app_enu/ http://<IP_ADDRESS>:<PORT>/app_enu/*
3. ProxyPass /app_enu/* http://<IP_ADDRESS>:<PORT>/app_enu/*
Appreciate the help to figure this out.
Wildcards are implied already on both parameters. Don't use them at all in the configuration. If you want finer grained control, use ProxyPassMatch.

ProxyPass module configuration in apache tomcat

I found one documentation here to run multiple node application on single port using proxypass, I understood the concept, it just forward the request to node application port unsing ProxyPass. In that example, they used httpd, and I am using tomcat.
My question is, how can I do same configuration in tomcat?
simply I am expecting tomcat configuration for this httpd configuration.
ProxyPass /node http://host.xyz.com:3000
You really should consider using Apache httpd (or any other frontend) for this purpose. This is the software that handles the requirement best - and tomcat best serves application data.
Also, Apache httpd knows how to handle port 80 or 443, something that needs some extra work with tomcat (if you don't want to run it as root. And you actually don't want to run it as root)
It doesn't require so many extra resources, use the appropriate tool for the job. And, when you use mod_proxy, look up all the related options and understand what they're there for. You probably also want ProxyPreserveHost On, but I'll stop here.
I hope the document will be helpful.

apache: configuring routes on similar urls to different tomcat webapps

lets say I have tomcat7 running on port 8080, it has 2 webapps webappA and webAppB.
both expose an API via /api/[entity] in their own context: eg
http://www.domain.com:8080/webappA/api/dog
and
http://www.domain.com:8080/webappB/api/cat
what I would like to achieve, with apache httpd, is to set rewrite, or mod proxy, to make this transparent, on port 80, WITHOUT having the webapp context's in the users url.
eg
http://www.mydomain.com/api/dog -> transparently calls http://www.domain.com:8080/webappA/api/dog
and
http://www.mydomain.com/api/cat -> transparently calls http://www.domain.com:8080/webappB/api/cat
I assume what I want to do is possible, but I couldnt find anything.
I dont even mind if in my config, I have to say explicitly delare /api/cat goes to webappB/api/cat and /api/dog goes to webappA/api/dog, and if I want to add webappA/api/mouse in future, I would have to edit my config.
It should be possible using mod_proxy with a reverse proxy, e.g. (not tested):
ProxyPass /api/dog http://localhost:8080/webappA/api/dog
ProxyPassReverse /api/dog http://localhost:8080/webappA/api/dog
ProxyPass /api/cat http://localhost:8080/webappB/api/cat
ProxyPassReverse /api/cat http://localhost:8080/webappB/api/cat
Make sure that the proxy and proxy_http modules of Apache are enabled.

Apache .htaccess whitelist doesn't block Tomcat with Mod_jk

My problem is, that I recently set up a Tomcat7 application container with Apache2.2 Frontend. As the project is still under development I am controlling access by an IP whitelist set up in .htaccess for the domain.
I set up mod_jk via AJP13 to Tomcat, it works absolutely fine, except the fact that .htaccess doesn't block the forward for Tomcat. In other words if you enter www.mydomain.com from a "black" IP, you get forwarded to the error page but if you enter www.mydomain.com/AppContext you slip through Apache into Tomcat
I started messing with urlrewritefilter with Tomcat, but for some reason it didn't work.
I am wondering if there is any way to set up .htaccess or apache instead to block requests forwarded to Tomcat similarly to request for Apache?
Also noticed a dramatic speed decrease when using it like that, us that common when using Apache as a frontend?
.htaccess files will work only when Apache is using a <Directory> based configuration (in httpd.conf). In case of mod_jk, matching requests (as specified by JkMount directive) will simply be forwarded to the AJP connector.
Use <Location> to control access instead:
<Location "/AppContext">
Order Deny,Allow
Deny from all
Allow from .myCompany.local
</Location>
See <Location> Directive> for details.
I faced the same problem and found a solution which may solve your case too.
Use a reverse proxy server like Nginx or Squid to redirect the traffic Apache Tomcat. Both of them can use htpassword for authentication and hence, will serve your need. If you want to use Apache as frontend then backend can be nginx which in turn will redirect to Tomcat after proper authentication. It may have a performance hit, though.
https://www.digitalocean.com/community/tutorials/how-to-set-up-http-authentication-with-nginx-on-ubuntu-12-10

Guide to setting up Apache2 with multiple distinct Tomcat 7 instances

I realize this question has probably been asked numerous times, but I have not been able to find a good, up-to-date answer. The only guide I have been able to find was from 2005 and was on tomcat 5. It seems a lot of the OS paths have changed.
Our situation is this:
We want to run multiple instances of tomcat 7 on a single server. Each tomcat serves up a different address. For instance, www.oursite.com should be served from a separate tomcat than test.oursite.com. So, for example the base tomcat installtion will sit in /opt/tomcat/ and the instance specific directories (this is what I could make out from that old tutorial) will be in /home/user1/some/path/ and /home/user2/some/path so that everything is seperated nicely.
Can anyone point to a good tutorial, or maybe explain here the steps to set this up? I'm a bit new to apache setups.
Are there any advantages / drawbacks to doing it this way? Would a single tomcat instance be better? We need to be able to bring down sites one at a time without influencing each other. Also, our DNS provider prevents us from setting up stealth redirects, so we have to go through apache to have nice URLs rather than redirecting straight to the tomcats.
Thanks
I believe you have 2 questions here:
How to run multiple tomcat instances in the same server and should
you?
How to configure apache httpd to do virtual host and front
tomcat?
For 1. The following is a very good tutorial on how to run multiple tomcat instances in the same server: http://java.dzone.com/articles/running-multiple-tomcat, but should you? the answer is "it depends". If you have a super powerful box and it is under utilized, you should. It also depends on what type of application you runs for each individual sites. It will definitely help you "bring down sites one at a time without influencing each other". With apache httpd configuration which I will explain in the next section, you can also run the each site on separate machines (physical or vm).
For 2. In you case, you just need to configure apache httpd to do virtual host and use ajp to connect to tomcat.
<VirtualHost *:80>
ServerName www.oursite.com
ProxyPass / ajp://tomcat.oursite.com:8009/www retry=5
ProxyPassReverse / ajp://tomcat.oursite.com:8009/www
</VirtualHost>
<VirtualHost *:80>
ServerName test.oursite.com
ProxyPass / ajp://tomcat.oursite.com:8010/test retry=5
ProxyPassReverse / ajp://tomcat.oursite:8010/test
</VirtualHost>
In the above configuration, you need to configure DNS entries of both www.yoursite.com and test.yoursite.com to point to the same host. It also assume you run both your www and test webapps on different tomcat instances on the same host tomcat.oursite.com, one on ajp port 8009 and the other one on ajp port 8010. You can also change it to a different server of its own. It's very flexible. FYI, following is how to configure ajp in tomcat: http://tomcat.apache.org/tomcat-6.0-doc/config/ajp.html
I found a problem with the apache mod_proxy_ajp connector in such a configuration, it absolutely won't allow you to use any other port when setting up multiple virtual hosts each with its own tomcat instance.
Having spent some time ruling out port conflicts, tomcat configuration issues, firewall issues I have concluded that ProxyPass and ProxyPassReverse will not work when using any port other than 8009 by default.
The solution is likely to be to switch to mod_jk, which also solves problems seen in mod_proxy_ajp with basic configurations not loading or rewriting urls embedded within tomcat hosted pages without extensive configuration changes if the tomcat instance is rooted to a subdirectory. This doesn't seem to happen with Mod_Jk