lets say I have tomcat7 running on port 8080, it has 2 webapps webappA and webAppB.
both expose an API via /api/[entity] in their own context: eg
http://www.domain.com:8080/webappA/api/dog
and
http://www.domain.com:8080/webappB/api/cat
what I would like to achieve, with apache httpd, is to set rewrite, or mod proxy, to make this transparent, on port 80, WITHOUT having the webapp context's in the users url.
eg
http://www.mydomain.com/api/dog -> transparently calls http://www.domain.com:8080/webappA/api/dog
and
http://www.mydomain.com/api/cat -> transparently calls http://www.domain.com:8080/webappB/api/cat
I assume what I want to do is possible, but I couldnt find anything.
I dont even mind if in my config, I have to say explicitly delare /api/cat goes to webappB/api/cat and /api/dog goes to webappA/api/dog, and if I want to add webappA/api/mouse in future, I would have to edit my config.
It should be possible using mod_proxy with a reverse proxy, e.g. (not tested):
ProxyPass /api/dog http://localhost:8080/webappA/api/dog
ProxyPassReverse /api/dog http://localhost:8080/webappA/api/dog
ProxyPass /api/cat http://localhost:8080/webappB/api/cat
ProxyPassReverse /api/cat http://localhost:8080/webappB/api/cat
Make sure that the proxy and proxy_http modules of Apache are enabled.
Related
I have an apache web server that acts as a load balancer / gateway for the base url, say http://example.com
In turn, there is routing logic within the apache web server to forward the requests to individual tomcat servers eg app1, app2 via the paths http://example.com/app1, http://example.com/app2.
Here, app1 and app2 are separate tomcat instances and they are separate webapps.
Now there is a need to refer to http://example.com/app1 also as http://example.com/alias1, ie both /app1 and /alias1 must route to the tomcat server corresponding to app1, with only one app1 installed (ie alias1 is not a separate tomcat instance)
Any pointers to documentation for setting up an alias for a tomcat webapp in this fashion would be appreciated.
You can use apahce ReverseProxy technology to "route" request to different tomcats depending on the url: https://httpd.apache.org/docs/current/mod/mod_proxy.html
You can start with something like this:
ProxyPass "/foo/" "http://foo.tamcat.lan:8080/foo/"
ProxyPassReverse "/foo/" "http://foo.tomcat.lan:8080/foo/"
ProxyPass "/bar/" "http://192.168.254.30:8080/"
ProxyPassReverse "/bar/" "http://192.168.254.30:8080/"
and if it's working, you can add a rule (which can be another proxyPass, a rewriteRule with proxy flag or whatever you need/like) for the alias.
Even tho it's not an optimal solution, if you have multiple tomcat servin the same application, you can also load balance the traffic: https://httpd.apache.org/docs/2.4/howto/reverse_proxy.html
browser (IE) -> apache httpd proxy -> Proxy 1 -> target url
Proxy 2 -> target url
Proxy n -> target url
So basically I want to make my own apache httpd proxy that works as a loadbalancer between choosing external proxy setup'ed in httpd conf.
Current setup:
ProxyPreserveHost On
ProxyRequests On
ProxyVia On
ProxyRemote * http://proxy_ip:80
This version works nicely but I can't figure out how to add several proxy's to ProxyRemote?
... seems not working when setuping as:
ProxyRemote * balancer://mycluster
Any ideas? Can it be achieved with apache or some other load balancer should be used?
Perhaps I'm a bit too late to help you, but it seems there is no clear answer elsewhere to your question, so this could be useful in the future.
Unfortunately the answer is you cannot achieve this kind of load balancing with Apache: as per the Apache documentation (https://httpd.apache.org/docs/2.4/mod/mod_proxy.html#proxyremote) the ProxyRemote directive only supports http and https schemas, not balancer://
Cannot really figure out why the Apache developers didn't consider this configuration, tough, since I found a patch for mod_proxy.c (http://apache-http-server.18135.x6.nabble.com/attachment/4777809/0/ProxyRemote-Balancer.patch) which seems to do the trick by essentially just adding the balancer:// schema to the list of matched protocols.
Maybe it could work if you set up another vhost on the proxy server mapping to the balancer, then proxy to that vhost via
ProxyRemote * http://balancer-proxy.vhost.local
i am using apache web server on localhost:80 and Geoserver served from tomcat on localhost:8080
I recently installed SSL certificate on apache and it works fine except for that i get the message that says i have insecure content which i thought they were GeoServer layers. So now I'm trying to enable SSL for GeoServer and have Openlayers content like htis https://example.org:8080/geoserver but still not sure what's the best approach to do that.
My suggestion:
Add a (reverse) proxy in Apache and configure your web application that is connects only to the Apache proxying the GeoServer.
ProxyPass "/geoserver" "http://localhost:8080/geoserver"
ProxyPassReverse "/geoserver" "http://localhost:8080/geoserver"
This way you only need to allow HTTPS in the firewall and nobody from outside will have the chance to reach GeoServers web interface unless you enable port 8080 on the firewall. Also see https://gis.stackexchange.com/q/4323/109339 for further details.
Please note that you should set the https://docs.geoserver.org/stable/en/user/configuration/globalsettings.html#proxy-base-url of GeoServer with the public reachable URL via your Apache, e.g. https://your-apache.com/geoserver - otherwise the absolute URLs generated from GeoServer in e.g. GetCapabilities start with http://localhost:8080/geoserver (which is not reachable anymore).
If you had not already Apache in use, I would recommend nginx.
My problem is, that I recently set up a Tomcat7 application container with Apache2.2 Frontend. As the project is still under development I am controlling access by an IP whitelist set up in .htaccess for the domain.
I set up mod_jk via AJP13 to Tomcat, it works absolutely fine, except the fact that .htaccess doesn't block the forward for Tomcat. In other words if you enter www.mydomain.com from a "black" IP, you get forwarded to the error page but if you enter www.mydomain.com/AppContext you slip through Apache into Tomcat
I started messing with urlrewritefilter with Tomcat, but for some reason it didn't work.
I am wondering if there is any way to set up .htaccess or apache instead to block requests forwarded to Tomcat similarly to request for Apache?
Also noticed a dramatic speed decrease when using it like that, us that common when using Apache as a frontend?
.htaccess files will work only when Apache is using a <Directory> based configuration (in httpd.conf). In case of mod_jk, matching requests (as specified by JkMount directive) will simply be forwarded to the AJP connector.
Use <Location> to control access instead:
<Location "/AppContext">
Order Deny,Allow
Deny from all
Allow from .myCompany.local
</Location>
See <Location> Directive> for details.
I faced the same problem and found a solution which may solve your case too.
Use a reverse proxy server like Nginx or Squid to redirect the traffic Apache Tomcat. Both of them can use htpassword for authentication and hence, will serve your need. If you want to use Apache as frontend then backend can be nginx which in turn will redirect to Tomcat after proper authentication. It may have a performance hit, though.
https://www.digitalocean.com/community/tutorials/how-to-set-up-http-authentication-with-nginx-on-ubuntu-12-10
Folks,
We are trying to setup Apache reverse proxy for the following scenario:
Incoming requests take the form http://foo.com/APP/v1/main.html
For some servers the URL will reference a difference version, say, http://foo.com/APP/v2/main.html
An upstream load balancer (HAProxy) will send the request to the right server which will have an Apache2 reverse proxy fronting a JBoss server.
When the request shows up at Apache 2 it will have request path like /APP/v1/main.html
We want it to (reverse) proxy out to http://localhost:8080/AppContext/main.html, irrespective of version fragment in URL (v1, v2, etc.).
I have been trying to do this like so:
ProxyPassMatch ^/.*?/APP.*?/(.*)$ http://localhost:8080/AppContext/$1
ProxyPassReverse /APP http://localhost:8080/AppContext
My questions are:
Is my use of ProxyPassMatch correct?
My ProxyPassReverse is "static". How do I make it aware of the potentially variable stuff after /APP?
Thanks for any insights.
-Raj
You're close, try changing the regex a little to account for the version fragment:
ProxyPassMatch ^/.*?/APP.*?/v[0-9]+/(.*)$ http://localhost:8080/AppContext/$1
The ProxyPassReverse is mostly to ensure the rewriting on-the-fly of location header fields in the responses given by the proxied app. So when it returns a 301 redirect to, say, http://localhost:8080/AppContext/something, apache knows to change it to /APP/v1/something so information behind the proxy won't get exposed. Because you have a dynamic URL used in the reverse proxy, you have a few choices here. You can either send it to the HAProxy load balancer (not sure where that is for you), or you can just pick one and hope for the best. For example, if you have a load balancer at /APP/balancer/ which then sends requests to /APP/v1/, /APP/v2/, /APP/v3/, etc. Then you can do this:
ProxyPassReverse /APP/balancer http://localhost:8080/AppContext
Otherwise, you can just point it to one and hope for the best:
ProxyPassReverse /APP/v1 http://localhost:8080/AppContext