I'm implementing a JSF2/RichFaces 4 web application running under Tomcat 7. I developed it under Eclipse using MyEclipse with Tomcat 7, everything works fine. When I deploy the application to the full production environment, the resource library images/css/js files get 404 from Apache. The production environment is Apache 2 with SSL and mod_proxy front-ending Tomcat 7. I'm suspecting the proxy setup is wrong and that, while the tomcat webapp runs, the Apache GET requests aren't being proxied properly, but I don't think I know enough to understand why.
Starting from the top, here's my apache virtual host with proxies (note *:443 for ssh):
NameVirtualHost *:443
<VirtualHost *:443>
ServerName testapp.xxx.org
SSLEngine on
SSLProxyEngine on
SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW
SSLCertificateFile /etc/pki/tls/certs/testapp.xxx.org.crt
SSLCertificateKeyFile /etc/pki/tls/private/testapp.xxx.org.key
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
# Proxy everything to tomcat.
ProxyPass / http://localhost:8080/testapp/
ProxyPassReverse / http://localhost:8080/testapp/
</VirtualHost>
When I go to https://testapp.xxx.org, the application starts and displays the JSF but with no CSS, no js, and no images. The HTML for one such image resource looks like this, which is correct (same under Eclipse):
<img src="/testapp/javax.faces.resource/images/tairlogo.png.xhtml?ln=default" alt="TAIR web site" />
which should be starting at the webapp context root and looking for the resource library. The corresponding Apache access log GET is here:
"GET /testapp/javax.faces.resource/images/tairlogo.png.xhtml?ln=default HTTP/1.1" 404 12500
The actual JSF code for this image is:
<h:outputLink value="http://www.arabidopsis.org">
<h:graphicImage library="default" name="images/tairlogo.png"
alt="TAIR web site"></h:graphicImage>
</h:outputLink>
I think the problem is that your reverse proxy rule is assuming that the context name (testapp) is not present in the URL, while in the HTML you are assuming it is present (as in the src attribute of your img tag). You should either remove the context name in both the path and the target URL to proxy everything to Tomcat, e.g.:
ProxyPass / http://localhost:8080/
ProxyPassReverse / http://localhost:8080/
Or keep it in both to only proxy that webapp to Tomcat:
ProxyPass /testapp/ http://localhost:8080/testapp/
ProxyPassReverse /testapp/ http://localhost:8080/testapp/
This will make your webapp available at https://testapp.xxx.org/testapp/. If you don't want the context name part in the URL, you can deploy the webapp in the Tomcat root.
Related
I know, I know, Apache is not the best tool to use as HTTP proxy, however I need it on my server.
Here's my virtual host configuration:
<VirtualHost *:*>
RequestHeader set "X-Forwarded-Proto" expr=%{REQUEST_SCHEME}
</VirtualHost>
<VirtualHost *:80>
ServerName my.public.domain
Redirect / https://my.public.domain/
</VirtualHost>
<VirtualHost *:443>
ProxyPreserveHost On
ProxyPass / http://127.0.0.1:50001/
ProxyPassReverse / http://127.0.0.1:50001/
ServerName my.public.domain
ErrorLog ${APACHE_LOG_DIR}my-app-error.log
CustomLog ${APACHE_LOG_DIR}my-app-access.log common
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/my-cert/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/my-cert/privkey.pem
</VirtualHost>
In UseUrls method i have http://localhost:50001 configured as main URL, and this is redirected by Apache to HTTPS #443.
It works as charm, however I see this in logs:
warn: Microsoft.AspNetCore.HttpsPolicy.HttpsRedirectionMiddleware[3]
Failed to determine the https port for redirect.
In my configuration Apache handles https traffic, BTW, I can't communicate my app with Apache locally over HTTPS, it just doesn't work. I also think it's pointless to encrypt local internal traffic.
Unfortunately my solution requires some hacking to work 100% properly - I need to provide my public site URL in my app configuration - otherwise the app doesn't know what it's external address is. I mean - I build some links manually, because this is the core of my question - I don't know where the framework would keep such information. For example NavigationManager thinks my site URL is "http://localhost:50001", so if I need absolute URL in my app I can't use NavigationManager directly, I need to "manually" create the URL in app.
Links generated by Identity have "http" instead of "https", but it works because apache redirects everything to https.
Is there a way (and HOW) to do it more properly - a mean to officially tell the AspNET.Core it has specific external URL?
Where you have ServerName my.public.domain, use the following:
For port 80:
ServerName http://my.public.domain:80
For port 443:
ServerName https://my.public.domain:443
I have a host with a single web app and at the moment I am accessing it via www.hostnameA.com/ as the web app is deployed to tomcat/webapps as the tomcat ROOT web app.
Now I need to add another web app to my host and I also want this one to have no context either but will access it via another hostname www.hostnameB.com/ but I can only deploy one ROOT tomcat web app.
I should have added that I am using apache as well and my virtual host looks like:
<VirtualHost *:80>
ServerName www.hostnameA.com
ProxyRequests Off
ProxyPreserveHost On
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
ProxyPass / http://localhost:8080/
ProxyPassReverse / http://localhost:8080/
</VirtualHost>
I tried renaming the war file to webAppA and then appending that to the proxypass but it gave me a 400 error and kept appending /webAppA to the URL:
ProxyPass / http://localhost:8080/webAppA
Is there a solution to this? I dont really want to run multiple instances of tomcat on different ports just for this, is there another option?
As discussed above, most straightforward solution would be to use Apache's mod_proxy_ajp, allowing proxying and AJP forwarding at the same time. Configuration should look something like:
<VirtualHost *:80>
ServerName www.hostnameA.com
ProxyPass / ajp://localhost:8009/webAppA/
ProxyPassReverse / http://www.hostnameA.com/webAppA
[...]
...and same with B for www.hostnameB.com.
I have 2 servers with apache http server (2.4.9) on them. I have 2 servers with tomcat 7.0.39 running on them. Ultimately I need to load balance between the 2, but right now am simply trying to get this ProxyPass configuration to work.
I have one url on the 2 apache servers- example.com. They are load balanced. The load balancing is in place and there is no issue.
I have 2 applications, 1 on each tomcat server. Each tomcat server has 2 instances of tomcat running- each on a different port. They are running a very similar application with the exact same uri.
I need to redirect:
example.com/site1 to example.com/app (for app1)
example.com/site2 to example.com/app (for app2)
I can redirect this easily enough for 1 application only:
ProxyPass /app/ AppSrv:8080/app/
ProxyPassReverse /app/ http://example.com/app/
I can get to the page, log in, no problem. For a singe application only.
When I set up a configuration for both applications, I can get to the login page of both applications as well when configured as such:
ProxyPass /site1/ AppSrv:8080/app
ProxyPassReserve /app/
ProxyPass /site2/ AppSrv:8081/app
ProxyPassReverse /app/
Both urls come up with the tomcat application login page. But neither work after this- they fail. The uri reads 'site1' (or 'site2') not 'app'. I cannot log in.
The application requires the uri '/app/' as the base uri in order to function.
The applications are listening on different ports, but have the same uri. How do I keep the uri in the url, but change it so the application responds?
Ultimately I have to balance this, but I've done that before. This is the part I'm having a hard time with.
Ok, I finally solved this. I had to modify the header.
ProxyPass /site1/ balancer://example.com/app/
ProxyPass /site2/ balancer://example.com/app/
<Location /site1>
ProxyPassReverse /app
ProxyPassReverseCookiePath /app /site1
Header edit Location ^(https?://)?example.com/app/ /site1/
</Location>
<Location /site2>
ProxyPassReverse /app
ProxyPassReverseCookiePath /app /site2
Header edit Location ^(https?://)?example.com/app/ /site2/
</Location>
I'm running Railo 3 in Tomcat 6.0.32. The tomcat server is fronted by Apache 2.2.20. Tomcat and Apache are pre built binaries from openCSW. Railo is just the latest build war deployed in tomcat's autodeploy dir webapps.
Everything is working fine when I try to access railo and content on the tomcat server.
It fails however, when railo on tomcat redirects me to itself. Mostly, when a cfm script uses the CGI.script_name, it will be returned wrong.
On the Apache side, the content is available on www.hostname.com. Apache redirects the user to tomcat through AJP on www.hostname.com:8009/railo/content.
A script on tomcat (taken from open OAuth example) is available at:
/opt/csw/share/tomcat6/webapps/railo/content/oauth_test/examples/admin_consumers.cfm
When I access it and try to perform some action, it calls itself with a few parameters, but at that point, railo dumps out an error, complaining that the file can not be found:
Page /content/railo/content/oauth_test/examples/admin_consumers.cfm [/opt/csw/share/tomcat6/webapps/railo/content/railo/content/oauth_test/examples/admin_consumers.cfm] not found
As you can see railo added twice the relative path from tomcat: /railo/content/railo/content
This is my configuration for the virtual host in Apache:
<VirtualHost *:443>
ServerName www.hostname.com
DocumentRoot "/opt/www/hostname/htdocs/"
ProxyRequests Off
<proxy *="">
Order deny,allow
Allow from all
</proxy>
ProxyPass / ajp://www.hostname.com:8009/railo/content/
ProxyPassReverse / http://www.hostname.com:8888/railo/content/
</VirtualHost>
I tried several variant for the ProxyPassReverse directive, but with no luck so far. Based on extensive searches on the web (The Mystery of ProxyPassReverse), I tried this for the proxypassreverse:
ProxyPassReverse / ajp://www.hostname.com:8009/railo/content/
ProxyPassReverse / http://www.hostname.com:8888/railo/content/
ProxyPassReverse / http://localhost:8888/railo/content/
ProxyPassReverse / https://www.hostname.com
The tomcat server also has a virtual host defined like this:
<Host name="www.hostname.com">
<Context path="" docBase="/opt/csw/share/tomcat6/webapps/railo/content" />
</Host>
But everytime, I always get the error from Railo.
Has anyone ever seen this problem with Railo, or CGI, and has an idea how to fix it?
You are specifying "/railo/content" twice. Once in your "docBase" attribute and again in your Proxy attributes. So, requests being proxied through Apache are going to have "railo/content/" twice in their request paths because you have it listed twice: once in Apache, another time in Tomcat.
Try leaving off the /railo/content/ in your ProxyPassReverse attribute:
ProxyPassReverse / http://www.hostname.com:8888/
This will let the Tomcat config add the /railo/content/ bit all by itself.
I have a problem configuring apache tomcat ProxyPass directive for two applications that have two different Context Paths in tomcat. The tomcat is running behind an apache and I use the apache to proxy path the requests to tomcat. In apache I want to access both application via a hostname instead of a context path.
Scenario:
tomcat
https://domain:8443/app1
https://domain:8443/app2
in tomcat the applications have the context path app1 and app2
in apache I want to enable both application as follow:
https://app1.host/
https://app2.host/
In apache I have created a configuration for each domain:
ProxyPass / https://localhost:8443/app1
ProxyPassReverse / https://localhost:/8443/app1
The strange thing is app1 is only available through apache using the context path:
https://app1.host/app1
Is it possible to realize such a setup with apache ProxyPass module?
Thx for your help.
You should be able to achieve the result you want by using virtual hosting. Also it's a good idea to pass the requests to tomcat via the AJP protocol instead of HTTPS. Try adding this to the Apache configuration
NameVirtualHost *:443
<VirtualHost *:443>
ServerName app1.host
ProxyPass / ajp://localhost:8009/app1/
</VirtualHost>
<VirtualHost *:443>
ServerName app2.host
ProxyPass / ajp://localhost:8009/app2/
</VirtualHost>
If you haven't changed the default server settings for Tomcat this should work just as it is. Otherwise make sure to specify the AJP port that is configured in Tomcat's conf/server.xml file. There should be a line similar to this:
<Connector port="8009" protocol="AJP/1.3" redirectPort="8443" />
Make sure that you have the mod_proxy and mod_proxy_ajp modules loaded in Apache configuration, this may vary depending on your Apache installation. Also remove any previously configured 'ProxyPass / ...' lines as they will interfere with the new configuration. Hope this works for you.
you can try
ProxyPass / https://localhost:8443/app1/
ProxyPassReverse / https://localhost:8443/app1/
with the final /