How do I configure Apache to forward a URLa of a certain extension, say *.htm to my Servlet container, in this case, Resin, without first checking for the file's existence.
Currently, if Apache can not find the requested file in the directory structure, it serves a 404, even though my web.xml Servlet mapping would handle the request if forwarded.
I've temporarily resorted to placing an empty file matching the requested file within my web structure (i.e. c:/dir/dir/index.htm) so that Apache forwards the request.
Resin's Apache configuration is a bit different than Tomcat's (below), however the problem seems to exist entirely within Apache since the request never makes it to Resin.
Help would be greatly appreciated.
LoadModule caucho_module c:/resin-pro/win32/apache-2.0/mod_caucho.dll
NameVirtualHost *
<VirtualHost *>
ServerName sub.domain.com
DocumentRoot c:/web
ResinConfigServer sub.domain.com 6802
</VirtualHost>
You need to read How the Plugins Dispatch to Resin and explicitly configure the URLs you want to be handled by Resin to be forwarded to Resin:
mod_caucho discovers its configuration by contacting the ResinConfigServer specified
in the httpd.conf or resin.ini. The ResinConfigServer can be any Resin server. When a
user requests a URL, mod_caucho uses the configuration it has determined from the
ResinConfigServer to determine whether Resin or Apache should handle the request.
That decision is based on the configuration in the ResinConfigServer's resin.conf.
This means if you want certain URLs to be handled by Resin, you need to configure it this way in your resin.conf.
Related
Hoping someone can give me some advice if possible.
We have a Linux box in our DMZ with the WebSphere plugin. This points to a Windows box running WebSphere Application Server.
httpd config only contains the default virtualhost with no ServerAlias specified. There is a redirect set up in the virtualhost in httpd.conf to forward any requests to service.domain.com to service.domain.com/wascontext1. Plugin-cfg.xml is set up with two uri groups, wascontext1 and wascontext2, but only 1 is actively used.
I want to use the Linux box as a reverse proxy for another application totally separate to WAS. It would have a different domain (i.e. dimsim.domain.com) but point to the same IP.
I was going to add another virtualhost for this but am unsure exactly how the WebSphere plugin will behave with it. From what I understand if I set this up and went to dimsim.domain.com/wascontext1 it would serve the WebSphere content as httpd forwards all requests to the plugin.
Is there a way to tell httpd to not send requests to the WebSphere plugin based on domain name or virtualhost? Or would doing a rewrite on any requests to dimsim.domain.com/wascontext be considered ok?
thanks
jc
EDIT: Thanks for the responses! I'll test changing the virtualhost name in plugin-cfg.xml on our second unused context and let you know how it goes.
A solution that doesn't require plugin-cfg.xml changes: If you use an Apache-based HTTP server, you can conditionally set the per-request variable "skipwas" to short-circuit the WAS Plugin processing.
e.g.
SetEnvIf Host ^dimsim\.domain\.com$ skipwas=1
If you look at the plugin-cfg.xml file, in the first part of the file you will find virtualhostgroup section similar to this:
<VirtualHostGroup Name="default_host">
<VirtualHost Name="*:9080"/>
<VirtualHost Name="*:9443"/>
<VirtualHost Name="*:443"/>
<VirtualHost Name="*:80"/>
</VirtualHostGroup>
just change the Name from * to the required domain name e.g. service.domain.com and then plugin will forward only requests for the service.domain.com hostname.
So something like:
<VirtualHost Name="service.domain.com:80"/>
should work for you.
When a request comes into the web server, it is passed to the WebSphere plugin and then plugin examines the request based on its configuration to determine if it should forward to WebSphere or pass back to the web server for further processing.
The "route" clauses in the plugin-cfg.xml are key to determining what will be forwarded and what will not. A request must match all the values in the route to be forwarded. A route contains virtual hosts, uris and clusters. The request must match one a virtual host from the VirtualHostGroup in the route, a URI from the UriGroup in the route and there must be an available server in the ServerCluster value of the route for the request to be sent to WebSphere.
Note-If you manipulate your plugin-cfg.xml for your setup, be aware that plugin is very sensitive about the format of this configuration and incorrect or invalid entries could cause a crash of the webserver. Be sure to backup the file and test before using in production. Also, if you modify your WebSphere configuration, it could overwrite this file and wipe out your changes.
Sorry for the late response.
covener's answer of setting the following does what I need.
SetEnvIf Host ^dimsim\.domain\.com$ skipwas=1
I am trying to solve an issue with an internal ProxyPass setup on an apache http server, version 2.4. Everything works fine otherwise, it is just this ProxyPass issue that I fail to solve:
I operate several name based virtual hosts on a single system with example.org serving as the default host and all hosts using the https protocol on port 443 with valid (signed) certificates:
example.org
host1.example.org
host2.example.org
For one single type of request I want to setup an internal ProxyPass rule to example.org.
https://host1.example.org/_-_-_/bar => https://example.org/foo/bar
A ProxyPassReverse is not required, since no result is returned. (I also tried with, but that does not make any difference):
This is the rule set which is part of the configuration of host host1.example.org:
SSLProxyEngine On
ProxyRequests Off
ProxyVia Off
ProxyPass "/_-_-_/bar" "https://example.org/foo/bar"
The proxy does work, it proxies the request. But the issue is that it does not request the correct host! So not example.org but the originally requested host host1.example.org, so it requests itself. I can clearly see both requests in the same access log file whilst the access log of example.org stays untouched. Obviously that behavior results in a http status 404. That is also shown on the client side as an error message generated by host host1.example.org (fine) but showing the internal path /foo/bar (not fine)!So my question obviously is:
What to change so that the proxy request is internally processed by the desired virtual host?
Ok, as obviously also previously suspected by myself I had an issue with other configuration details interfering here. I post this answers as a hint for others who might stumble about a similar situation:
Another configuration file included by the host configuration set a global ProxyPreserveHost On directive. That obviously resulted in the internal proxy request to feature the same, preserved host header as the original request, which had to lead to the internal request getting processed by the same virtual host as the original request.
I solved the issue by moving (and duplicating) that directive into specific <Location> blocks, so that the global default to not preserve the host in proxy requests is not modified. Consequently the proxy requests described in the question work as expected, they are processed by the desired virtual host now.
Tomcat in our application is considered back-and side and additionaly we have apache that fronting tomcat server as a reverse proxy and redirect requests to appropriate tomcat instance.
Now we need to set up HTTPS connection between apache proxy and tomcat for specific urls(Login, etc..). Tomcat documentation says that it's possible to achieve this with additional <Connector> within server.xml config.
In order to set up https over login page existing configuration with AJP protocol was replaced with the following:
ProxyPass /app/login/ https://127.0.0.1:6666/app/login/
All other urls specified like below:
ProxyPass /app/anyotherurl/ ajp://127.0.0.1:5555/app/anyotherurl/
With configuration below we expect that secure data (login/password) for login page will be encrypted and all other page will remain unchanged.
After the login apache should use normal ajp protocol because there is no sensetive information any more to protect. But it's not what actually happen in our case because for some reason apache is redirecting us to host specified in ProxyPass, namely to localhost.
This could happen due to the fact that our application while executing login logic on tomcat has two consecutive redirects.
We've tried to set ProxyPreserveHost on within virtual host to fix situation mentioned above, but we are not sure whether it is secure option and this one won't break another pages as well as we are not sure how it will work if tomcat will be located on other machine.
It would be good to know any other solution how such stuff can be applied internally for specific pages.
My problem is, that I recently set up a Tomcat7 application container with Apache2.2 Frontend. As the project is still under development I am controlling access by an IP whitelist set up in .htaccess for the domain.
I set up mod_jk via AJP13 to Tomcat, it works absolutely fine, except the fact that .htaccess doesn't block the forward for Tomcat. In other words if you enter www.mydomain.com from a "black" IP, you get forwarded to the error page but if you enter www.mydomain.com/AppContext you slip through Apache into Tomcat
I started messing with urlrewritefilter with Tomcat, but for some reason it didn't work.
I am wondering if there is any way to set up .htaccess or apache instead to block requests forwarded to Tomcat similarly to request for Apache?
Also noticed a dramatic speed decrease when using it like that, us that common when using Apache as a frontend?
.htaccess files will work only when Apache is using a <Directory> based configuration (in httpd.conf). In case of mod_jk, matching requests (as specified by JkMount directive) will simply be forwarded to the AJP connector.
Use <Location> to control access instead:
<Location "/AppContext">
Order Deny,Allow
Deny from all
Allow from .myCompany.local
</Location>
See <Location> Directive> for details.
I faced the same problem and found a solution which may solve your case too.
Use a reverse proxy server like Nginx or Squid to redirect the traffic Apache Tomcat. Both of them can use htpassword for authentication and hence, will serve your need. If you want to use Apache as frontend then backend can be nginx which in turn will redirect to Tomcat after proper authentication. It may have a performance hit, though.
https://www.digitalocean.com/community/tutorials/how-to-set-up-http-authentication-with-nginx-on-ubuntu-12-10
What should do to setup a sub-domain for the users when they sign-up into my site.
What are the infrastructure required? I am using Linux servers.
You can either use a specific DNS (CNAME or A/AAAA) entry for each known subdomain, or a wild-card DNS entry that'll accept *.example.com:
$ORIGIN example.com
foo IN A 12.34.6.78
bar IN A 12.34.6.78
or
$ORIGIN example.com
* IN A 12.34.6.78
The advantage of this latter is that no changes are required to either DNS or Apache configuration once the service is running. The disadvantage is that all such wildcard lookups must (by definition) end up returning the same IP address.
The Apache configuration will depend on your requirements, both for end-user control and security. Note that if the users have permission to run CGI scripts on the server then additional setup will be needed to ensure that that's done securely.
Depending on whether content is static or dynamic this will also affect your configuration:
Use mod_vhost_alias to map individual virtual hosts into their individual directories on the server.
If you really want, create a separate <VirtualHost> section for each known site, but then you'll have to restart Apache each time a new user signs up
Use a single <VirtualHost> and then look at the hostname part of the requested URL (from the $SERVER_NAME environment variable) in the scripts that render the output to figure out which user's content to display.
You can make a CNAME entry/ A Record in your DNS settings, for each subdomain
A CNAME record is a record in your
Domain Management Settings that allows
you to control a subdomain of your
domain.
To automate it along with registration, you can write a script which is executed for each user, when s/he registers.
You can refer to this link, as well, for a step-by-step process for Apache:
How to setup subdomains in apache
(since you mentioned Linux, I assume it must be APache. Please mention if it is otherwise)
Alternate Solution
You can also refer to the wildcard solution, given by Alnitak, in the same thread. I find his is an easier way. :)
infrastructure includes access the the dns server to add a wildcard entry, and rewrite rules in Apache.
Try these answers:
How to let PHP to create subdomain automatically for each user?
How to make subdomain user accounts in a webapp
or this link:
http://jam.jrox.com/docs/index.php?article=76
If your using Linux server's I'm assuming your using Apache as your webserver.
You'll have to setup proper DNS routing for the sub domain as well as a virtual host.
Virtual Hosts are fairly easy to setup but I'm not sure how easy it is to do them on the fly progmatically.
Most of the time it's as easy as editing your apache config file and adding the following:
Port 80
ServerName www.mydomain.com
NameVirtualHost *:80
<VirtualHost *:80>
DocumentRoot /www/user-bob
ServerName bob.mydomain.com
...
</VirtualHost>
<VirtualHost *:80>
DocumentRoot /www/user-sally
ServerName sally.mydomain.com
...
</VirtualHost>
The VirtualHost Documention will probably of some use to you.
Apache allows you to specify any number of 'sites' based on subdomains on a single server. Creating a new 'site definition' file with the appropriate subdomain information in it, along with proper DNS wildcards, will do what you want.
In other words, the process is like this:
Setup wildcards so that *.mysite.com directs to the proper server.
When a new user signs up, create the proper Apache site definition file - you'll probably have a base template that you put the right subdomain information into and save.
Make Apache re-read its configuration.
Profit.
IMPORTANT This is based on a Debian-style Apache configuration, where the config files are included in a directory, and the main configuration reads all the config files in that directory. This will simplify things a great deal, because adding/removing subdomains will mean adding/removing files, rather than editing a single file, and so the process will be much easier to automate.