Jboss to Apache forwarding - apache

JBoss Enterprise Application Platform 6.1 on Linux Enterprise Redhat
I have seen several examples on how to have Apache forward requests to JBoss. I am looking to have a JBoss server listening on port 80 forward cgi calls to an Apache server. Can JBoss be configured to listen at port 80 and forward all requests containing "cgi-bin" to port 8080 where Apache server is listening?
The need to do this arises from
Jboss not supporting cgi (mod_perl in my case) AFAIK
Since i am migrating from a server where all web requests used port 80, needing to keep the port as 80 to avoid programming changes
99% server calls are handled by JBoss, so i want it to be the primary point of contact

Despite JBoss handling the 99% of calls, the better architecture is to have Apache in front of JBoss.
You would have Apache serve port 80 and forward to JBoss via mod_cluster or mod_jk. This will allow you to control your content via Apache. You should serve your static content directly from Apache as well.
Additionally with this architecture, you can cluster your environment and load balance across multiple servers. This gives you higher fault tolerance (session replication, failover), handle more load, and helps you avoid server outages.
mod_cluster is recommended for EAP 6, but mod_jk works just fine too.

Related

Setting firewall rules to enabling running Apache2HttpServer and ApacheTomcat 9 on the same machine with two different hostname/ip:port

I have a Virtual Machine Linux Debian 10, with two Host-Only Network interfaces actived respectvely 192.168.56.10 and 192.168.56.15 with static ip address.
Apache Tomcat 9 is installed and Apache2 Http Server is installed too.
My purpose is that Apache Tomcat 9 must run on 192.168.56.15:8080,
while Apache2 Http Server must run on 192.168.56.10:80.
The /etc/hosts file in my Linux is:
#
192.168.56.10 www.example.com
192.168.56.15 openam.example.com
#
The C:\Windows\System32\drivers\etc\hosts is the same.
In short I'm trying to setup a small development enviroment for Identity and Access Managment using the Forgerock's AM solution. That software has to be deployed as a .war file (openam.war) in Tomcat /webapps and it will be mapped as openam.example.com, and I want this service run on
192.168.56.15:8080/openam;
So my problem is that I want two different services responding two different interfaces but running on the same Virtual machine.
I want that only if i type 192.168.56.15:8080 or openam.example.com:8080 I recive a respond from Tomcat, but if I type 192.168.56.15:80 or openam.example.com:80 Apache Http Server doesn't have to respond. Apache Http Server have to respond only on 192.168.56.10:80 or www.example.com.
In this way I can have like two different machines one with the web server and one with the application server, responding on two different IP addresses and hostname, but running on the same machine.
Thanks for help!
You could have 2 IPs but what's the point in doing so?
I find it rather pointless to have 2 separate IPs for 2 different services on the same machine (e.g tomcat on 1 / HTTP server on the other) for a development environment inside a VM. Port handling will be handled by the operating system itself and route the request to the open port.
Keep in mind that browsers will try to connect http:// calls on port 80 by default - so unless you type 8080 into the URL the browser it is just going to use port 80.
If you do not want calls to openam.example.com to come in on port 80, the simplest way round it is to use a htaccess rule that implements a rewrite for any request that contains openam.example.com (or just anything in a subdomain portion) on port 80 to be rewritten to the appropriate URL.

How to change default 80 port to my tomcat 8080 for my domain name

I am using tomcat on Linux centOs server. I want my java application is working fine on mydomain.com:8080. I want that my when some one hit the domain mydomain.com it automatically move to my java application.
Changin server.xml didm't worked for me. as i am also having apache2 on the server
I guess you have an apache server in port 80. I you do not want to remove apache and change directly the tomcat port ( see comments), you will need to redirect all traffic from port 80 to port 8080.
This can be done using tomcat connectors. They are plugins to connect web servers with Tomcat. When a HTTP request arrives, the plugin checks is it has to be redirected, connects to tomcat and returns the response to server
In the case of apache is needed to install mod_jk. In the link you can see the configuration

Tomcat through Apache

I'd like to know if is a good decision to configure tomcat through port 80 (in apache with virtual-hosts ).
I need to setup a tomcat service in the same server I have apache, plus I need to use Tomcat through port 80.
Is this right? or is best to use them in separated servers?
That's OK. But sometimes tomcat is deployed with Apache. The Apache is a front-end server to balance load. And many tomcats are as back-end servers.

Do glassfish application running on port 80

I have a java application running on glassfish 4.1, the url to access the system is a sobdomain, eg
subdomain.mydomain.com:8060/ProjectName
I wanted to make it work without entering the port
(subdomain.mydomain.com/ProjectName)
.
I've tried to change the port of the http-listener-1 to 80, but after that the domain of glassfish does not boot anymore.
Any idea how to run without the user having to enter the port?
There are a couple of reasons why you should not use Glassfish listening to 80 directly.
Firstly port 80 is reserved, it's not easy to make a non special user to open 80 on a *nix environment.
It's common and recommended to install apache or nginx on port 80 and use mod_proxy_ajp to connect Apache or nginx to Glassfish through port 8009
Oracle wiki

How do ensure that Apache AJP to Tomcat connection is secure/encrypted?

We want to front-end our Tomcat instance with an Apache instance (running on the same machine) that will be serving everything on HTTPS and connect Apache to Tomcat using AJP. When using AJP, do we need to do anything to make sure that the connection between Apache and Tomcat is secure? (We dont want passwords to be sniffable on the network between Apache and Tomcat). The O/S is Red Hat Enterprise Linux 6.3
You are saying
Tomcat instance with an Apache instance (running on the same machine)
and later you are saying
We dont want passwords to be sniffable on the network between Apache and Tomcat
This just contradicts each other.
EDIT: AJP is not designed to be secure, if you need security, use mod_proxy_http and proxy over https, or create SSH tunnel. Needless to say, you will have to pay for this overhead.
When using AJP you cannot do anything to ensure it is secure. It isn't. There is no SSL version. You would have to use HTTPS. AJP is designed for the usual case where HTTPD and Tomcat are in the same private LAN and security isn't an issue.