How to run PrimeFaces behind reverse proxy in a subdomain? - apache

I have build an application with PrimeFaces and want to run that behind an apache reverse proxy.
My target url looks like this http://myserverurl.org:8080/myapplication/.
I want to access the application via subdomain like this http://myapplication.myserverurl.org.
I have configured a VirtualHost in apache:
<VirtualHost *:80>
ServerName myapplication.myserverurl.org
ProxyPass / http://myserverurl.org:8080/myapplication/
ProxyPassReverse / http://myserverurl.org:8080/myapplication/
</VirtualHost>
That works not so well. I can see the JSF page, but there is no CSS applied etc. I can see that the first request is redirected correctly, but the following requests (to load jQuery, CSS, etc.) are not.
They try to access an url like http://myapplication.myserverurl.org/myapplication/faces/javax.faces.resource/primefaces.js?ln=primefaces which is obviously wrong. They must not include the /myapplication/ path again, since the proxy redirects already to that path.
How can I solve this issue? Is this a PrimeFaces problem or a problem with my reverse proxy configuration?

Using (or not using) AJP has no bearing on resolving this specific issue.
Primefaces internally uses context path variable to include CSS and Javascript resources. Even using AJP you will end up with:
/unwantedAppContext/javax.faces.resource/jquery/jquery.js.jsf?ln=primefaces
What you could do to resolve this add another proxy pass to handle the unwanted context. This may not be the best solution, but it works.
<VirtualHost *:80>
ServerName myapplication.myserverurl.org
ProxyPass /myapplication/ http://myserverurl.org:8080/myapplication/
ProxyPassReverse /myapplication/ http://myserverurl.org:8080/myapplication/
ProxyPass / http://myserverurl.org:8080/myapplication/
ProxyPassReverse / http://myserverurl.org:8080/myapplication/
</VirtualHost>
The order of the pass matters.
This issue was also reported in the icefaces forum
http://www.icesoft.org/JForum/posts/list/4433.page#sthash.h1qSqiYg.dpbs

It may be different depending on the application server but, as a main rule, you should use AJP for the proxying.
First step is to enable ajp modules depending on OS. Ubuntu looks like this.
sudo a2enmod proxy proxy_ajp
Step 2, change the proxy definition in the apache conf to something like:
ProxyPass / ajp://localhost:8009/myapplication
ProxyPassReverse / ajp://localhost:8009/myapplication
Step 3 is to enable it on the application server. Again, it varies depending of the one you use. Tomcat has a commented out section in the server.xml. Glassfish has a check-box in the admin console and an asadmin command (but I can't remember it)

Consider using ProxyHTMLURLMap directive from mod_proxy_html module. This module manipulates output HTML links to be pointed to the right location. In your case all the links that tell http://myapplication.myserverurl.org/ need to be changed back to /, i.e.
ProxyHTMLURLMap http://myapplication.myserverurl.org/ /
This way you can modify any call-back links that are pointing to wrong location.

Answer of jjhavokk works but
for Graphics you need to reference them via request.contextPath
<img src="#{request.contextPath}/resources/yourfolder/yourpng.png" />
Place it in webapp/resources/yourfolder/yourpng.png
With my .css file this was not needed
h:outputStylesheet name="css/screen.css"
in webapp/resources/css

Related

Apache hybris configuration to proxy pass HTTP and HTTP(S) yacceleratorstorefront (electronic store) URL to Hybris Server

I am trying to access the yacceleratorstorefront/electronics/en/?site=electronics URL from apache web server to Hybris where the electronic store URL is configured. The electronic store URL is accessible and working from any of the server in environment if apache web server is BY PASSED
http://10.0.1.141:9001 is my Hybris server.
ERROR ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
HTTP Status 500 - Cannot find CMSSite associated with current URL ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
type Status report
message Cannot find CMSSite associated with current URL
description The server encountered an internal error that prevented it from fulfilling this request.
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
Any suggestion or advice is highly appreciated. Thank you in advance.
-Regards, S#BS
------------------------------------------------httpd Code below----------------------------------------------------
<VirtualHost *:80> ProxyPreserveHost On
ProxyPass / http://10.0.1.141:9001/ ProxyPassReverse / http://10.0.1.141:9001/
ServerName localhost</VirtualHost>
<VirtualHost *:443> ServerName localhost
#ProxyRequests Off #ProxyPreserveHost On ProxyPass / https://10.0.1.141:9002/yacceleratorstorefront/electronics/en/?site=electronics ProxyPassReverse / https://10.0.1.141:9002/yacceleratorstorefront/electronics/en/?site=electronics
SSLEngine on SSLCertificateFile /etc/httpd/certs/mysite.com.crt SSLCertificateKeyFile /etc/httpd/certs/mysite.com.key
</VirtualHost>
The error message indicates that you are not setting the ?site=electronics parameter at the http version of you proxy (it also seems to be missing in the proxypass setting for port 80).
I'm not an apache buff but maybe it works if you configure your proxy settings for port 80 in the same way:
<VirtualHost *:80>
ProxyPreserveHost On
ProxyPass / http://10.0.1.141:9001/?site=electronics
ProxyPassReverse / http://10.0.1.141:9001/?site=electronics
ServerName localhost
</VirtualHost>
Just some more info: Apart from the site parameter approach you can also use a host name approach.
Not sure if you have access to the hybris wiki, but here are some more details:
https://wiki.hybris.com/display/pmtelco/Using+Modulegen+to+Create+a+B2C+Telco+Setup#UsingModulegentoCreateaB2CTelcoSetup-AccessingtheStorefront
(its for Telco accelerator, but it works the same for any other storefront).
Not sure how that works together with apache, I assume you have to setup some sub domains or something.
Does it work if you try to access apache on https directly? (There it seems you have the correct url containing the site parameter).
Note: The site parameter is basically only needed for the first http request of a session. It is used to determine which storefront, i.e. BaseSite is supposed to be used. All subsequent requests (of the same session) shouldn't require the site parameter.
Hope that helps!
Your http config is fine. Your https config is wrong.
Do not put ?site=electronics or anything like that in your apache config.
The site detection works based on the URL. In the sample data you are using that is at least a regex looking for "electronics" in the hostname.
One single apache config will be able to support all sites. You do not need to specify the site. You do not need to specify /yacceleratorstorefront.
Simply edit your hosts file to include "10.0.1.141 electronics.rtfm"
Now access http://electronics.rtfm/
You can avoid adding the site in the URL by going in HMC: WCMS > Websites
Under the Properties tab, add a new URL pattern that will match your site.
Once it is done, URLs that match the site's pattern will automatically use that site.
Using URL patterns for each site will simplify the web server's configuration.

Deploying a Grails app with Tomcat on an existing site

I am trying to deploy a grails app on an existing site (mysite.org) using Tomcat with a virtual host, and I've been told I also need to use a ProxyPass and a ProxyPathReverse to the chosen port. I've successfully set up Tomcat, added the WAR file to the tomcat/default-root folder, and edited the server.xml file to include this, an exclusion for serving content to the app.
<VirtualHost *:*>
ProxyPreserveHost On
ProxyTimeout 3600
Timeout 3600
ProxyPass /interventions !
ProxyPass / http://00.00.000.000:8080/
ProxyPassReverse / http://00.00.000.000:8080/
ServerName interventions.mysite.org
</VirtualHost>
I'm not really sure where to go from here, what I want to happen is to be able to go to interventions.mysite.org and use this app. I know I need to properly configure the virtual host but I've gotten lost in guides that seem to focus on setting it up from the start rather than integrating with an existing site, which had me worried about making any changes without realising (given my lack of knowledge right now).
What should my next step be, and are there any resources I should seek out (or search terms I should use, as I'm totally overwhelmed after my attempts)?
**Edit: Is my wishing to use interventions.mysite.org rather than, say, mysite.org/interventions complicating the issue?
create a site in apache called interventions.mysite.org.conf
To create the site you can just copy the already existing site file found in the sites-available folder in your apache installation and just make edits where necessary.
You file should look like the one i have pasted below, i believe the code i have pasted below should work fine for you, just make edits to the ProxyPass and ProxyPassReverse fields to match your app installation.
Remember to enable the site by using the command below;
sudo a2ensite interventions.mysite.org.conf
and also ensure that you have i think mod_proxy enabled.
it can config just like the one below;
<VirtualHost *:80>
ServerName interventions.mysite.org
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
ProxyRequests Off
ProxyPreserveHost On
ProxyErrorOverride On
ProxyPass / http://localhost:port/my-app/
ProxyPassReverse / http://localhost:port/my-app/
</VirtualHost>
You can also read the apache docs if you don't understand some of the config parameters. Hope that helps.
Cheers!

What are my options to deploy Go applications alongside PHP applications?

What I'm basically trying to accomplish is having my main website running a CMS written in Go. This will be located at www.example.com.
I also have applications written in PHP located in directories, such as www.example.com/clients/
How can I serve example.com/clients using Apache/PHP while serving example.com using Go built-in web server?
Via mod_proxy in Apache2, you can proxy different paths into different destinations at localhost or anywhere else accessible by your server, including within your local network (if your server can access it).
For this you would use ProxyPass (Apache2 Docs for ProxyPass, which is very useful reading) like the example below:
<VirtualHost *:80>
ServerName some.example.host.xyz
DocumentRoot /var/www/your-document-root
Alias /clients/ /var/www/clients/
ProxyPass /clients/ !
ScriptAlias /something-using-cgi/ /var/www/cgi-stuff/
ProxyPass /something-using-cgi/ !
ProxyPreserveHost On
ProxyPass / http://localhost:9876/
ProxyPassReverse / http://localhost:9876/
ProxyPass /elsewhere/ http://elsewhere.example.host.xyz:1234/
ProxyPassReverse /elsewhere/ http://elsewhere.example.host.xyz:1234/
</VirtualHost>
You'll want to be sure that you set your proxy security such that external users can't use your reverse proxy as a forward proxy, too. You can do that via ProxyRequests as described in the official Apache2 docs. The way I did this on a server is to put this in your server-wide config (you should verify on your own that this is secure enough):
# disables forward proxy
ProxyRequests Off
Andrew Gerrand has a good blog post about this for nginx but the principle is the same for Apache.
You want to set up Apache as a reverse proxy for requests coming in for the Go application.
For Apache you want to look at mod_proxy

ProxyPassReverse to Tomcat adding path to URL

I'm running Railo 3 in Tomcat 6.0.32. The tomcat server is fronted by Apache 2.2.20. Tomcat and Apache are pre built binaries from openCSW. Railo is just the latest build war deployed in tomcat's autodeploy dir webapps.
Everything is working fine when I try to access railo and content on the tomcat server.
It fails however, when railo on tomcat redirects me to itself. Mostly, when a cfm script uses the CGI.script_name, it will be returned wrong.
On the Apache side, the content is available on www.hostname.com. Apache redirects the user to tomcat through AJP on www.hostname.com:8009/railo/content.
A script on tomcat (taken from open OAuth example) is available at:
/opt/csw/share/tomcat6/webapps/railo/content/oauth_test/examples/admin_consumers.cfm
When I access it and try to perform some action, it calls itself with a few parameters, but at that point, railo dumps out an error, complaining that the file can not be found:
Page /content/railo/content/oauth_test/examples/admin_consumers.cfm [/opt/csw/share/tomcat6/webapps/railo/content/railo/content/oauth_test/examples/admin_consumers.cfm] not found
As you can see railo added twice the relative path from tomcat: /railo/content/railo/content
This is my configuration for the virtual host in Apache:
<VirtualHost *:443>
ServerName www.hostname.com
DocumentRoot "/opt/www/hostname/htdocs/"
ProxyRequests Off
<proxy *="">
Order deny,allow
Allow from all
</proxy>
ProxyPass / ajp://www.hostname.com:8009/railo/content/
ProxyPassReverse / http://www.hostname.com:8888/railo/content/
</VirtualHost>
I tried several variant for the ProxyPassReverse directive, but with no luck so far. Based on extensive searches on the web (The Mystery of ProxyPassReverse), I tried this for the proxypassreverse:
ProxyPassReverse / ajp://www.hostname.com:8009/railo/content/
ProxyPassReverse / http://www.hostname.com:8888/railo/content/
ProxyPassReverse / http://localhost:8888/railo/content/
ProxyPassReverse / https://www.hostname.com
The tomcat server also has a virtual host defined like this:
<Host name="www.hostname.com">
<Context path="" docBase="/opt/csw/share/tomcat6/webapps/railo/content" />
</Host>
But everytime, I always get the error from Railo.
Has anyone ever seen this problem with Railo, or CGI, and has an idea how to fix it?
You are specifying "/railo/content" twice. Once in your "docBase" attribute and again in your Proxy attributes. So, requests being proxied through Apache are going to have "railo/content/" twice in their request paths because you have it listed twice: once in Apache, another time in Tomcat.
Try leaving off the /railo/content/ in your ProxyPassReverse attribute:
ProxyPassReverse / http://www.hostname.com:8888/
This will let the Tomcat config add the /railo/content/ bit all by itself.

How do I connect my tomcat app to apache 2 so the paths aren't lame?

I've got a tomcat instance with several apps running on it... I want the root of my new domain to go to one of these apps (context path of blah).. so I have the following set up:
<Location />
ProxyPass ajp://localhost:8025/blah
ProxyPassReverse ajp://localhost:8025/blah
</Location>
it kinda works... going to mydomain.com/index.jsp works except the app still thinks it needs to add the /blah/ to everything like css and js.. is there something I can do without deploying the app to ROOT or changing the tomcat server config? I'd like to keep all this kind of thing on the apache side, if it's possible.
I'm thinking I may not be understanding the proxypassreverse directive..
If you're wanting to server the app the /, Tomcat expects the app to be mounted at /, and have the name of ROOT. At least that's how I've always handled the situation personally. Even if you just symlink the app into ROOT, that should mitigate your problems. If you have an app placed in ${tomcat_home}/webapps/newapp, then Tomcat deploys it with a context of /newapp. At least, that's been the case in my history. Also, not sure if it matters but I've always used:
ProxyPass / ajp://localhost:8025/blah
ProxyPassReverse / ajp://localhost:8025/blah
it looks like this is kind of a pain in the rear.
apache is literally rewriting pages as it serves them...
I think I'll go a different route.
If you configure hosts on the Tomcat side as well then you can proxy to them and eliminate the context path for non-root webapps--in Tomcat server.xml:
<Host name="myhost">
<Context path="" docBase="/path/to/files" />
</Host>
And on the Apache side:
<VirtualHost *:80>
ServerName myhost
ProxyPass / ajp://myhost:8009/
ProxyPassReverse / ajp://myhost:8009/
</VirtualHost>
Hope that helps.