Tomcat Manager with mod_proxy and ROOT web application - apache

Our application runs in Tomcat6 and we're proxying all requests from Apache to Tomcat via mod_proxy. that proxy config looks like:
ProxyPass / http://localhost:8080/
ProxyPassReverse / http://localhost:8080/
<Location />
Order deny,allow
Allow from all
</Location>
Our application is also deployed as ROOT. I think that this is causing issues when attempting to get to the /manager URL but I'm not 100% sure and unclear on how I can verify this. Can anyone give me some pointers on how to resolve this? I'd like to use the manager app for remote deployments from jenkins.

That configuration will route all traffic to Tomcat, including requests to /manager. The way to confirm this is to look at Tomcat's access log that should show the same requests as httpd's access log.

Try http:// localhost/manager/html
It should work on both ports.

Related

how to configure on Apache proxy (SSL conection) to Tomcat

I am new in Apache's world, and I need to connect a server (Ubuntu system ) located in my DMZ area to a Tomcat server (Windows server System) in my network. So I wrote on my Ubuntu Apache /etc/apache2/sites-available/default-ssl:
<VirtualHost *:443>
<Location /example>
ProxyPass http://tomcatIP:8080/example/
ProxyPassReverse https://mydomain/example/
</Location>
</VirtualHost>
I restart my Apache and on the browser doesnt display anything, however if i choose source code I can see all the php, javascript, html code.
I checked the log from Apache and there are a lot logs like this:
AH00128: File does not exits: /var/html/...
I checked my firewall and everything is correct. I don`t know why my apache doesn't search on Tomcat server. Do I need more code? on apache.conf?
Many thanks for the help
You need to configure AJP Connector on Web-Server and on Tomcat Application Server.
https://tomcat.apache.org/tomcat-4.0-doc/config/ajp.html
Afer read documentation, I checked the Tomcat configuration and I watched that it wasn't the "tipical" Tomcat, it completly customized for Servicedesk software, and after many tries and fails I couldn't do anything, finally the costumer service told me that is impossible an Apache connection. ¬¬
Thanks anyway!!

Jenkins behind Apache Server / Can't log in Jenkins

I'm running an Apache Server 2.2 to handle Jenkins and SonaType Nexus information (both installed as Windows Service). While SonatypeNexus runs perfectly Jenkins doesn't. To be more specific: I'can't log in Jenkins. Just for your notice: we are using LDAP to login, but this can't be the reason for login failure, as login from local host works.
If I try to log in Jenkins from localhost:8071 it works perfectly.
When I log in from another system via network (using https://myServer.com:8095/) I can browse and configure Jenkins, but I can't login. Whenever I try I get "redirected" to the page of Jenkins I was on before hitting the "login" button.
Security settings are set to "everyone can do anything" -> can't be the reason either.
Hint 0: As you maybe already noticed we are using https for for any request from the outside dedicated to the server. But within the server Apache only uses http to handle information -> could this lead to problems?
Hint 1: I only get "redirected" using correct login parameters. Using wrong ones is leading me to the "Invalid login information. Please try again." page.
Hint 2: Sonatype Nexus is running behind the same Apache Server and works great.
Potentional Reason: guess the reason why I can login via localhost, but not via network must be our Apache 2.2 server which is handling information wrong. By using localhost I can bypass Apache (-> works) but via network Apache gets used (-> don't work).
Any ideas how to fix this or at least what the reason could be?
Here are some settings from apache server (httpd-ssl.conf) that maybe could be useful:
<VirtualHost *:8095>
ServerName myServer.com
ServerAdmin admin#myServer.com
# Nexus via HTTPS.
ProxyPass /nexus http://localhost:8072/nexus
ProxyPassReverse /nexus http://localhost:8072/nexus
ProxyPassReverseCookiePath / /nexus
RequestHeader set X-Forwarded-Proto "https"
ErrorLog logs/nexus_error_ssl.log
CustomLog logs/nexus_access_ssl.log common
# Jenkins via HTTPS.
ProxyPass / http://localhost:8071/ nocanon
ProxyPassReverse / http://localhost:8071/
ProxyPassReverse / http://my.host.com/
# also tested second ProxyPassReverse with specific port
ProxyPassReverseCookiePath / /
ProxyPreserveHost On
RequestHeader set X-Forwarded-Proto "https"
ProxyRequests Off
AllowEncodedSlashes NoDecode
SSLEngine on
I'm not sure if i describe my solution correct, since my collegue found the answer and not me.
Since the Apache was handling https (incomming from jenkins) correctly (requests reached LDAP), but was unable to pass http information (incomming from LDAP) correctly (login was unable).
So he took a look at the http settings and configured the settings to enable http. This was leading to our goal -> we can login now, BUT it also leads towards another problem -> http is enabled and usable for users...
On this page, it hints that you might need to add another ProxyPassReverse to fix http links generated by Jenkins:
ProxyPassReverse / http://your.host.com:8095/
Also, it mentions that you should add
ProxyPreserveHost On
to your config. Please check the link for further information.

new session after every request, tomcat backend, apache frontend

I develop a jsp website using tomcat as backend and apache as frontend redirecting with mod_proxy.
First my configs.
apache:
ProxyRequests Off
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
SSLProxyEngine on
ProxyPass / https://realdomain.tld:8443/proj1/
ProxyPassReverse / https://realdomain.tld:8443/proj1/
<Location />
Order allow,deny
Allow from all
</Location>
When I reload my jsp webpage, every time i get a new session id. When developing on localhost without apache and mod_proxy everything works and I keep the same session id.
For my webapp it is important to keep the same session during the time.
Any Idea how i can tell apache to keep my session. I guess apache has to redirect the cookie to tomcat right? but how...
Any time you change the context path in the proxy (/ -> proj1) you create a whole heap of problems to solve. Your immediate cookie problem can be solved with the ProxyPassReverseCookiePath directive. I then suspect you'll find the next problem to solve. You'd be better off redeploying your application as the ROOT web application so that your ProxyPass directive is ProxyPass / https://realdomain.tld:8443/
As an aside, it looks like you are proxying to Tomcat's https connector. If you aren't careful you will create security problems for yourself if httpd receives requests over http, proxies them to Tomcat over https and Tomcat treats those requests as being received over a secure channel.

Apache Webserver configuration to multiple apache tomcat application

I have apache tomcat application which is configured to apache webserver, now I want to add another apache tomcat application to same Apache web server,all these servers (apache tomcat and apache web server (rhel)) are on same network, kindly provide me some ways for configuring it.
is there any other way without using mod_jk?
Apache can talk to Tomcat using either mod_jk or by using the standard proxy module, mod_proxy. Using the standard proxy module, it's very easy to put multiple instances of Tomcat behind a single Apache instance.
Assuming that you have a Tomcat instance listening on port 8080 and another on port 8081, you can do something as simple as this:
<Location /app1/>
ProxyPass http://localhost:8080/
ProxyPassReverse http://localhost:8080/
</Location>
<Location /app2/>
ProxyPass http://localhost:8081/
ProxyPassReverse http://localhost:8081/
</Location>
This places the first instance at /app1/ and the second instance at
/app2/.
The mod_proxy documentation is a good place to start, and the tomcat documentation covers this topic briefly.

How do I connect my tomcat app to apache 2 so the paths aren't lame?

I've got a tomcat instance with several apps running on it... I want the root of my new domain to go to one of these apps (context path of blah).. so I have the following set up:
<Location />
ProxyPass ajp://localhost:8025/blah
ProxyPassReverse ajp://localhost:8025/blah
</Location>
it kinda works... going to mydomain.com/index.jsp works except the app still thinks it needs to add the /blah/ to everything like css and js.. is there something I can do without deploying the app to ROOT or changing the tomcat server config? I'd like to keep all this kind of thing on the apache side, if it's possible.
I'm thinking I may not be understanding the proxypassreverse directive..
If you're wanting to server the app the /, Tomcat expects the app to be mounted at /, and have the name of ROOT. At least that's how I've always handled the situation personally. Even if you just symlink the app into ROOT, that should mitigate your problems. If you have an app placed in ${tomcat_home}/webapps/newapp, then Tomcat deploys it with a context of /newapp. At least, that's been the case in my history. Also, not sure if it matters but I've always used:
ProxyPass / ajp://localhost:8025/blah
ProxyPassReverse / ajp://localhost:8025/blah
it looks like this is kind of a pain in the rear.
apache is literally rewriting pages as it serves them...
I think I'll go a different route.
If you configure hosts on the Tomcat side as well then you can proxy to them and eliminate the context path for non-root webapps--in Tomcat server.xml:
<Host name="myhost">
<Context path="" docBase="/path/to/files" />
</Host>
And on the Apache side:
<VirtualHost *:80>
ServerName myhost
ProxyPass / ajp://myhost:8009/
ProxyPassReverse / ajp://myhost:8009/
</VirtualHost>
Hope that helps.