I have a web application running in Tomcat 8. I can access this application by opening http://subdomain.domain.com:8080/MYAPP.
Now I want to only enter http://subdomain.domain.com to open this application.
How do I have to configure my Apache 2 or Tomcat 8 to achieve this?
See my answer there for more details.
https://stackoverflow.com/a/26305876/1935128
But basically, you need mod_proxy and maybe mod_proxy_connect enabled on apache with a proper virtualhost configuration on apache side. And on Tomcat's side it may work without any modification but you should add proxyName="subdomain.domain.com, proxyPort="80" and scheme="http"
Tomcat connector :
<Connector port="8080" protocol="HTTP/1.1" connectionTimeout="20000" redirectPort="8443"
<!-- This is the important part -->
proxyName="subdomain.domain.com" proxyPort="80"/>
Apache virtualhost:
<VirtualHost subdomain.mydomain.com:80>
ServerName http://subdomain.mydomain.com
# I think these two are optional, depending on the app your run on Tomcat
#ProxyRequests Off
#ProxyPreserveHost On
ProxyPass / http://your.tomcat.server:8080/MYAPP/
ProxyPassReverse / http://your.tomcat.server:8080/MYAPP/
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
</VirtualHost>
Related
I have deployed my Angular2 web application in AWS tomcat server which runs in 8080 port. I have my spring boot backend application deployed in the same tomcat server.
Already mapped my public address with my registered domain in Godaddy.
Now I can access my application appln by http://example.com:8080/my_client
I want to access it directly by http://example.com. dnt want to see 8080 port and appln name in the url.
Already tried with apache proxy config. However not able to get the expected one.
There are 2 options
1) change tomcat port from 8080 to 80 ( not recommended ).
nano tomcat_dir/conf/server.xml
<Connector port="80" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="8443" />
2) use apache virtual host config.
<VirtualHost *:80>
ProxyPreserveHost On
ProxyRequests Off
ServerName example.com
ProxyPass http://example.com http://localhost:8080/example
ProxyPassReverse http://example.com http://localhost:8080/example
</VirtualHost>
I'm running an application on Tomcat7 with Apache Portable Runtime, I bought an SSL certificate and configured it correctly - when I try to connect through the ip:port combination, it connects fine but warns me the certificate is issued to the domain name, not the IP.
The VPS I'm on doesn't have SELinux (and there's an issue installing), which is AFAIK required to have SSL be configured in apache, so I want to just route the requests to Tomcat, which does it on its end.
I configured apache to proxy the connections, first with port 80 that works perfectly:
NameVirtualHost www.mysite.com:80
<VirtualHost www.mysite.com:80>
ProxyPreserveHost On
ProxyRequests Off
ServerName http://www.mysite.com
ServerAlias http://www.mysite.com
ProxyPass / http://localhost:8180/MYSITE/
ProxyPassReverse / http://localhost:8180/MYSITE/
ProxyPassReverseCookiePath /MYSITE/ /
</VirtualHost>
And then with the SSL port that doesn't want to work for some reason:
NameVirtualHost www.mysite.com:443
<VirtualHost www.mysite.com:443>
SSLProxyEngine On
ProxyPreserveHost On
ProxyRequests Off
ServerName https://www.mysite.com
ServerAlias https://www.mysite.com
ProxyPass / https://localhost:8443/MYSITE/
ProxyPassReverse / https://localhost:8443/MYSITE/
ProxyPassReverseCookiePath /MYSITE/ /
CacheDisable *
</VirtualHost>
EDIT:
I added the
RequestHeader set Front-End-Https "On"
directive to the VirtualHost www.mysite.com:443, as per: http://www.gossamer-threads.com/lists/apache/users/396577
Here is the Tomcat APR Connector as configured in Tomcat's server.xml -
<Connector port="8443" maxHttpHeaderSize="16500"
maxThreads="150"
enableLookups="false" disableUploadTimeout="true"
acceptCount="100" scheme="https" secure="true"
SSLEnabled="true"
SSLCertificateFile="x509-cert-path"
SSLCertificateKeyFile="key-file-path"
/>
There were no errors/warnings enabling the virtual hosts and restarting apache. When I try to https, this is what I see in FFox:
SSL received a record that exceeded the maximum permissible length.
(Error code: ssl_error_rx_record_too_long)
And in Chromium:
Error 107 (net::ERR_SSL_PROTOCOL_ERROR): SSL protocol error.
Apache's error.log shows this warning message:
[warn] [client 216.58.38.90] proxy: no HTTP 0.9 request (with no host line) on incoming request and preserve host set forcing hostname to be www.mysite.com for uri /
I've spent days trying to configure it, and would be very grateful if someone explained what's going on and how to fix it.
Many thanks.
Victor.
You don't need the 8443 HTTPS connector in Tomcat. Apache HTTPD should terminate the SSL connection, and speak plaintext to Tomcat, via ProxyPass / http://localhost:8080/MYSITE/. You just need a plaintext HTTP connector with port=8080, and address=127.0.0.1 so no outsiders can get at it.
Better still, dont' have any HTTP connectors in Tomcat, just an AJP connector, address=127.0.0.1 still, and use mod_proxy_ajp in Apache.
I have two separate servers: an Apache public server and an internal Tomcat one. I would like our users to be able to use our Tomcat apps without exposing the details of our implementation (actual port, server name, context) through the public Apache server like this:
http://credits.publicdomain.com/servlet
instead of
http://tomcat.internaldomain.com:8082/CreditsApp/servlet
How can I configure my Apache server to mask requests to our Tomcat apps this way? Is using Apache modules such as mod_rewrite or mod_proxy the most straightforward approach?
I have tried this configuration for a VirtualHost in Apache, which works for the first servlet. However it seems to disable Tomcat to keep the session from the first servlet to any other servlet you go afterwards:
ServerName credits.publicdomain.com
ProxyRequests Off
ProxyPreserveHost On
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
ProxyPass / http://tomcat.internaldomain.com:8082/CreditsApp/
ProxyPassReverse / http://tomcat.internaldomain.com:8082/CreditsApp/
Am I missing some additional configuration in my Tomcat server in order to work without the context between servlets?
The best and most efficient way to do this is using mod_jk: http://tomcat.apache.org/connectors-doc/
I've used this in several projects and found it to be extremely easy to use, effective, flexible, and performant. It's also the de facto official solution to stacking Tomcat behind Apache.
mod_jk is what you need to bridge Tomcat to Apache, so you can focus on your app
and Apache, as the front-end, can deal with https and authentication and such. It will forward certain URLs to 'workers' in Tomcat. So you need to tell Apache to load the mod_jk, you need to configure worker.properties, Apache would need to know which worker does what, and you need to define a Service in Tomcat.
These directives in httpd.conf configure mod_jk:
JKWorkersFile conf/workers.properties
JKLogFile /var/log/tomcat/mod_jk.log
JKLogLevel info
The JKWorkersFile in /etc/httpd/conf/workers.properties basically defines sockets
workers.tomcat_home=/var/tomcat4
workers.java_home=/usr/java/jdk
ps=/
worker.list=worker1,worker2
worker.worker1.port=8009
worker.worker1.host=localhost
worker.worker1.type=ajp13
worker.worker2.port=8010
worker.worker2.host=localhost
worker.worker2.type=ajp13
This snippet for httpd.conf would delegate everything (i.e. /* ) to worker1:
<VirtualHost 192.0.34.72>
ServerAdmin webmaster# example.com
DocumentRoot /www/www.example.com/webapps/ROOT
ServerName www.example.com
ErrorLog logs/public_errors
LogLevel debug
CustomLog logs/public_access combined
JkMount /* worker1
<Directory "/www/www. example.com/webapps/ROOT">
Options Indexes FollowSymLinks Indexes
AllowOverride None
Order allow,deny
Allow from all
</Directory>
<Location "/WEB-INF/">
AllowOverride None
deny from all
</Location>
<Location "/META-INF/">
AllowOverride None
deny from all
</Location>
</VirtualHost>
And Tomcat would have this service:
<service name="public">
<connector classname="org.apache.coyote.tomcat4.CoyoteConnector" port="8009" minprocessors="5" maxprocessors="75" enablelookups="true" redirectport="8443" acceptcount="10" debug="0" connectiontimeout="0" useurivalidationhack="false" protocolhandlerclassname="org.apache.jk.server.JkCoyoteHandler" />
<engine name="Standalone" defaulthost="localhost" debug="0">
<logger classname="org.apache.catalina.logger.FileLogger" prefix="catalina_log." suffix=".txt" timestamp="true" /> <realm classname="org.apache.catalina.realm.UserDatabaseRealm" debug="0" resourcename="UserDatabase" /> 
<host name="localhost" debug="0" appbase="/www/www.example.com/webapps" unpackwars="true" autodeploy="true">
<logger classname="org.apache.catalina.logger.FileLogger" directory="logs" prefix="localhost_log." suffix=".txt" timestamp="true" />
</host>
</engine>
</service>
The above examples are from my notes, check update documentation at:
http://tomcat.apache.org/connectors-doc/generic_howto/workers.html
http://tomcat.apache.org/connectors-doc/webserver_howto/apache.html
I've read the several questions on StackOverflow and googled several hours but I can't find a complete and clear answer to my problem of deploying multiple Grails apps on one tomcat 5.5 (with Apache). Maybe someone can push me in the right direction or we can summarize a solution here.
The question Deploying multiple grails applications with Apache/Tomcat + Virtual Hosts looked promising but did not work. Maybe I need to do additional changes in Tomcat or Apache?
THE SITUATION:
In the webapps directory of Tomcat I have two war-files app1.war and app2.war which are getting unpacked by Tomcat and which I can access via domain1.com/app1 or domain1.com/app2 (I removed a previously used ROOT.war and the associated webapps/ROOT/ directory)
In the server.xml of Tomcat I have the following hosts:
<!-- Logger shared by all Contexts related to this virtual host. -->
<Logger className="org.apache.catalina.logger.FileLogger"
directory="logs" prefix="localhost_" suffix=".log"
timestamp="true"/>
<!-- Allow symlinks for the tomcat-docs webapp. This is required in
the Debian packages to make the Servlet/JSP API docs work. -->
<Context path="/tomcat-docs" docBase="tomcat-docs" debug="0">
<Resources className="org.apache.naming.resources.FileDirContext"
allowLinking="true" />
</Context>
</Host>
<Host name="domain1.com" appBase="webapps/app1" unpackWARs="true" autoDeploy="true"></Host>
<Host name="domain2.com" appBase="webapps/app2" unpackWARs="true" autoDeploy="true"></Host>
In Apache I have the following virtual hosts:
ServerName app1.com
JkMount /* default
DocumentRoot /var/lib/tomcat5.5/webapps/app1
<directory /var/lib/tomcat5.5/webapps/app1>
Options -Indexes
</directory>
LogLevel warn
ErrorLog /var/www/app1/logs/error.log
CustomLog /var/www/app1/logs/access.log common
The Problem:
I cannot directly access the two applications via domain1.com and domain2.com - what am I doing wrong?
Many thanks in advance,
Joerg.
I struggled with this a while back and managed to get something that works ok. It doesn't use mod_jk though, I opted for mod_proxy. I also had a slightly different set up in Tomcat (mine is version 6 btw), where I added multiple connectors as well as the Host declarations you have.
Try the following -
In tomcat server.xml:
<!-- I opted for a shared thread pool so both apps share same resources - optional -->
<Executor name="tomcatThreadPool" namePrefix="catalina-exec-"
maxThreads="250" minSpareThreads="40"/>
<Connector port="8081" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="8444"
executor="tomcatThreadPool"
proxyName="www.domain1.com"
proxyPort="80"/>
<Connector port="8082" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="8445"
executor="tomcatThreadPool"
proxyName="www.domain2.com"
proxyPort="80"/>
<Host name="www.domain1.com" appBase="vhosts/domain1" unpackWARs="true"
autoDeploy="true" xmlValidation="false" xmlNamespaceAware="false">
<Alias>domain1.com</Alias>
</Host>
<Host name="www.domain2.com" appBase="vhosts/domain2" unpackWARs="true"
autoDeploy="true" xmlValidation="false" xmlNamespaceAware="false">
<Alias>domain2.com</Alias>
</Host>
In Apache:
<VirtualHost *:80>
ServerName www.domain1.com
ServerAlias www.domain1.com
ProxyRequests Off
ErrorLog /var/log/apache2/error-domain1.log
<Directory proxy:http://www.domain1.com:80>
Order Allow,Deny
Allow from all
</Directory>
<Proxy www.domain1.com:80>
Order deny,allow
Allow from all
</Proxy>
ProxyPass / http://localhost:8081/
ProxyPassReverse / http://localhost:8081/
ProxyPreserveHost On
</VirtualHost>
<VirtualHost *:80>
ServerName www.domain2.com
ServerAlias www.domain2.com
ProxyRequests Off
ErrorLog /var/log/apache2/error-domain2.log
<Directory proxy:http://www.domain2.com:80>
Order Allow,Deny
Allow from all
</Directory>
<Proxy www.domain2.com:80>
Order deny,allow
Allow from all
</Proxy>
ProxyPass / http://localhost:8082/
ProxyPassReverse / http://localhost:8082/
ProxyPreserveHost On
</VirtualHost>
Make sure mod_proxy is enable for your Apache server. It was a while ago when I got this working, so I'm sure if everything is needed in that config - once I get it working I tend to forget stuff :)
Hope that helps,
Chris.
we have two Grails Web App running in production under the same tomcat
That was easy to do with tomcat 6
The difference I see with your server.xml is the name of the apps
here what we have :
<Host name="www.domain1.com" appBase="[tomcat_root_dir]/www.domain1.com/webapps" unpackWARs="true"
autoDeploy="true" xmlValidation="false" xmlNamespaceAware="false">
</Host>
<Host name="www.domain2.com" appBase="[tomcat_root_dir]/www.domain2/webapps" unpackWARs="true"
autoDeploy="true" xmlValidation="false" xmlNamespaceAware="false">
</Host>
Then we have two directories domain1.com and domain2.com in tomcat root dir
In each directory, we have a webapps dir which holds only a ROOT.war file for each app
Hope that helps
Cheers
Grooveek
I have a problem configuring apache tomcat ProxyPass directive for two applications that have two different Context Paths in tomcat. The tomcat is running behind an apache and I use the apache to proxy path the requests to tomcat. In apache I want to access both application via a hostname instead of a context path.
Scenario:
tomcat
https://domain:8443/app1
https://domain:8443/app2
in tomcat the applications have the context path app1 and app2
in apache I want to enable both application as follow:
https://app1.host/
https://app2.host/
In apache I have created a configuration for each domain:
ProxyPass / https://localhost:8443/app1
ProxyPassReverse / https://localhost:/8443/app1
The strange thing is app1 is only available through apache using the context path:
https://app1.host/app1
Is it possible to realize such a setup with apache ProxyPass module?
Thx for your help.
You should be able to achieve the result you want by using virtual hosting. Also it's a good idea to pass the requests to tomcat via the AJP protocol instead of HTTPS. Try adding this to the Apache configuration
NameVirtualHost *:443
<VirtualHost *:443>
ServerName app1.host
ProxyPass / ajp://localhost:8009/app1/
</VirtualHost>
<VirtualHost *:443>
ServerName app2.host
ProxyPass / ajp://localhost:8009/app2/
</VirtualHost>
If you haven't changed the default server settings for Tomcat this should work just as it is. Otherwise make sure to specify the AJP port that is configured in Tomcat's conf/server.xml file. There should be a line similar to this:
<Connector port="8009" protocol="AJP/1.3" redirectPort="8443" />
Make sure that you have the mod_proxy and mod_proxy_ajp modules loaded in Apache configuration, this may vary depending on your Apache installation. Also remove any previously configured 'ProxyPass / ...' lines as they will interfere with the new configuration. Hope this works for you.
you can try
ProxyPass / https://localhost:8443/app1/
ProxyPassReverse / https://localhost:8443/app1/
with the final /