geronimo-scm mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From conflue...@apache.org
Subject [CONF] Apache Geronimo v3.0 > Configure Apache HTTPd as a reverse proxy (mod_proxy)
Date Wed, 26 Jan 2011 05:51:00 GMT
<html>
<head>
    <base href="https://cwiki.apache.org/confluence">
            <link rel="stylesheet" href="/confluence/s/2036/9/4/_/styles/combined.css?spaceKey=GMOxDOC30&amp;forWysiwyg=true"
type="text/css">
    </head>
<body style="background: white;" bgcolor="white" class="email-body">
<div id="pageContent">
<div id="notificationFormat">
<div class="wiki-content">
<div class="email">
    <h2><a href="https://cwiki.apache.org/confluence/display/GMOxDOC30/Configure+Apache+HTTPd+as+a+reverse+proxy+%28mod_proxy%29">Configure
Apache HTTPd as a reverse proxy (mod_proxy)</a></h2>
    <h4>Page <b>edited</b> by             <a href="https://cwiki.apache.org/confluence/display/~maojia508">maojia</a>
    </h4>
        <br/>
                         <h4>Changes (9)</h4>
                                 
    
<div id="page-diffs">
                    <table class="diff" cellpadding="0" cellspacing="0">
    
            <tr><td class="diff-unchanged" >{scrollbar} <br> <br></td></tr>
            <tr><td class="diff-changed-lines" >This is the simplest way to re-route
requests from the Apache HTTPd to the Geronimo servers (or any other server you <span class="diff-deleted-words"style="color:#999;background-color:#fdd;text-decoration:line-through;">may</span>
<span class="diff-added-words"style="background-color: #dfd;">might</span> have).
To use this <span class="diff-changed-words">feature<span class="diff-added-chars"style="background-color:
#dfd;">,</span></span> you <span class="diff-deleted-words"style="color:#999;background-color:#fdd;text-decoration:line-through;">will</span>
need to enable some specific modules and add a few lines to the HTTPd configuration. These
steps are described <span class="diff-deleted-words"style="color:#999;background-color:#fdd;text-decoration:line-through;">next.</span>
<span class="diff-added-words"style="background-color: #dfd;">as follows:</span>
<br></td></tr>
            <tr><td class="diff-unchanged" > <br># Open the {{httpd.conf}}
file located in the {{&lt;httpd_home&gt;\conf}} directory. <br></td></tr>
            <tr><td class="diff-snipped" >...<br></td></tr>
            <tr><td class="diff-unchanged" >LoadModule proxy_http_module modules/mod_proxy_http.so
<br>{code} <br></td></tr>
            <tr><td class="diff-changed-lines" ># At the bottom of the {{httpd.conf}}
<span class="diff-added-words"style="background-color: #dfd;">file,</span> add
the following lines to enable the re-routing. <br></td></tr>
            <tr><td class="diff-unchanged" >{code} <br>ProxyPass /console
http://localhost:8080/console <br></td></tr>
            <tr><td class="diff-snipped" >...<br></td></tr>
            <tr><td class="diff-unchanged" >{code} <br> <br></td></tr>
            <tr><td class="diff-changed-lines" >You <span class="diff-deleted-words"style="color:#999;background-color:#fdd;text-decoration:line-through;">may</span>
<span class="diff-added-words"style="background-color: #dfd;">might</span> need
to add more *ProxyPass* directives depending on the requirements of your application. The
last *ProxyPassreverse* directive captures the responses from the Geronimo server and masks
the URL as it would be directly responded by the Apache <span class="diff-changed-words">HTTPd<span
class="diff-added-chars"style="background-color: #dfd;">,</span></span> hiding
the <span class="diff-deleted-words"style="color:#999;background-color:#fdd;text-decoration:line-through;">identity/location</span>
<span class="diff-added-words"style="background-color: #dfd;">identity or location</span>
of the Geronimo server. <br></td></tr>
            <tr><td class="diff-unchanged" > <br></td></tr>
            <tr><td class="diff-changed-lines" >{warning} In this <span class="diff-changed-words">example<span
class="diff-added-chars"style="background-color: #dfd;">,</span></span> the
*console* has been enabled just for <span class="diff-changed-words">demonst<span
class="diff-added-chars"style="background-color: #dfd;">r</span>ation</span>
purposes. In a production <span class="diff-changed-words">environment<span class="diff-added-chars"style="background-color:
#dfd;">,</span></span> you <span class="diff-deleted-words"style="color:#999;background-color:#fdd;text-decoration:line-through;">will</span>
<span class="diff-added-words"style="background-color: #dfd;">do</span> not want
to have the *console* accessible from the other network (normally the Internet). Having the
*console* accessible represents a big security exposure. <br></td></tr>
            <tr><td class="diff-unchanged" > <br></td></tr>
            <tr><td class="diff-changed-lines" >The rule is that everything should
have restricted <span class="diff-deleted-words"style="color:#999;background-color:#fdd;text-decoration:line-through;">access,
normally</span> <span class="diff-added-words"style="background-color: #dfd;">access.
Normally,</span> a firewall would be placed in between the HTTP and the application
server (depending on the topology) and you should map just the <span class="diff-changed-words">min<span
class="diff-deleted-chars"style="color:#999;background-color:#fdd;text-decoration:line-through;">u</span><span
class="diff-added-chars"style="background-color: #dfd;">i</span>mum</span>
resources necessary to have your application working from the other side.{warning} <br></td></tr>
            <tr><td class="diff-unchanged" > <br></td></tr>
            <tr><td class="diff-deleted-lines" style="color:#999;background-color:#fdd;text-decoration:line-through;">If
both HTTPd and Geronimo servers are in the same machine you can use {{localhost}} for the
redirection, when the servers are located in different machines you would have to specify
the URL for the Geronimo server. <br></td></tr>
            <tr><td class="diff-added-lines" style="background-color: #dfd;">If
both HTTPd and Geronimo servers are on the same machine, you can use {{localhost}} for the
redirection. When the servers are located on different machines, you would have to specify
the URL for the Geronimo server. <br></td></tr>
            <tr><td class="diff-unchanged" > <br></td></tr>
            <tr><td class="diff-changed-lines" >As the result of this configuration,
when you point your browser to http://locahost/console, the request will be redirected to
http://localhost:8080/console. This option allows <span class="diff-added-words"style="background-color:
#dfd;">you</span> to re-route URLs and ports. <br></td></tr>
            <tr><td class="diff-unchanged" > <br></td></tr>
            <tr><td class="diff-changed-lines" >*Note:* If you prefer to use *mod_proxy_ajp*
rather than *mod_proxy_http*, you need to load {{proxy_ajp_module}} in {{httpd.conf}} and
change the routing port to 8009(default) as <span class="diff-deleted-words"style="color:#999;background-color:#fdd;text-decoration:line-through;">followed:</span>
<span class="diff-added-words"style="background-color: #dfd;">follows:</span>
<br></td></tr>
            <tr><td class="diff-unchanged" >{code} <br>LoadModule proxy_module
modules/mod_proxy.so <br></td></tr>
            <tr><td class="diff-snipped" >...<br></td></tr>
    
            </table>
    </div>                            <h4>Full Content</h4>
                    <div class="notificationGreySide">
        <style type='text/css'>/*<![CDATA[*/
table.ScrollbarTable  {border: none;padding: 3px;width: 100%;padding: 3px;margin: 0px;background-color:
#f0f0f0}
table.ScrollbarTable td.ScrollbarPrevIcon {text-align: center;width: 16px;border: none;}
table.ScrollbarTable td.ScrollbarPrevName {text-align: left;border: none;}
table.ScrollbarTable td.ScrollbarParent {text-align: center;border: none;}
table.ScrollbarTable td.ScrollbarNextName {text-align: right;border: none;}
table.ScrollbarTable td.ScrollbarNextIcon {text-align: center;width: 16px;border: none;}

/*]]>*/</style><div class="Scrollbar"><table class='ScrollbarTable'><tr><td
width='33%' class='ScrollbarPrevName'>&nbsp;</td><td width='33%' class='ScrollbarParent'><sup><a
href="/confluence/display/GMOxDOC30/Configuring+a+remote+Apache+HTTP+server"><img border='0'
align='middle' src='/confluence/images/icons/up_16.gif' width='8' height='8'></a></sup><a
href="/confluence/display/GMOxDOC30/Configuring+a+remote+Apache+HTTP+server">Configuring
a remote Apache HTTP server</a></td><td width='33%' class='ScrollbarNextName'>&nbsp;<a
href="/confluence/display/GMOxDOC30/Configure+Apache+HTTPd+with+Jakarta+Tomcat+Connector+%28mod_jk%29">Configure
Apache HTTPd with Jakarta Tomcat Connector (mod_jk)</a></td><td class='ScrollbarNextIcon'><a
href="/confluence/display/GMOxDOC30/Configure+Apache+HTTPd+with+Jakarta+Tomcat+Connector+%28mod_jk%29"><img
border='0' align='middle' src='/confluence/images/icons/forwd_16.gif' width='16' height='16'></a></td></tr></table></div>

<p>This is the simplest way to re-route requests from the Apache HTTPd to the Geronimo
servers (or any other server you might have). To use this feature, you need to enable some
specific modules and add a few lines to the HTTPd configuration. These steps are described
as follows:</p>

<ol>
	<li>Open the <tt>httpd.conf</tt> file located in the <tt>&lt;httpd_home&gt;\conf</tt>
directory.</li>
	<li>Look for the following LoadModule directives and uncomment them by removing the
<b>#</b> at the beginning of the line.
<div class="code panel" style="border-width: 1px;"><div class="codeContent panelContent">
<pre class="code-java">
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_http_module modules/mod_proxy_http.so
</pre>
</div></div></li>
	<li>At the bottom of the <tt>httpd.conf</tt> file, add the following lines
to enable the re-routing.
<div class="code panel" style="border-width: 1px;"><div class="codeContent panelContent">
<pre class="code-java">
ProxyPass /console http:<span class="code-comment">//localhost:8080/console
</span>ProxyPass /images http:<span class="code-comment">//localhost:8080/images
</span>ProxyPassreverse / http:<span class="code-comment">//localhost:8080/</span>
</pre>
</div></div></li>
</ol>


<p>You might need to add more <b>ProxyPass</b> directives depending on the
requirements of your application. The last <b>ProxyPassreverse</b> directive captures
the responses from the Geronimo server and masks the URL as it would be directly responded
by the Apache HTTPd, hiding the identity or location of the Geronimo server.</p>

<div class='panelMacro'><table class='warningMacro'><colgroup><col width='24'><col></colgroup><tr><td
valign='top'><img src="/confluence/images/icons/emoticons/forbidden.gif" width="16"
height="16" align="absmiddle" alt="" border="0"></td><td>In this example, the
<b>console</b> has been enabled just for demonstration purposes. In a production
environment, you do not want to have the <b>console</b> accessible from the other
network (normally the Internet). Having the <b>console</b> accessible represents
a big security exposure.

<p>The rule is that everything should have restricted access. Normally, a firewall would
be placed in between the HTTP and the application server (depending on the topology) and you
should map just the minimum resources necessary to have your application working from the
other side.</p></td></tr></table></div>

<p>If both HTTPd and Geronimo servers are on the same machine, you can use <tt>localhost</tt>
for the redirection. When the servers are located on different machines, you would have to
specify the URL for the Geronimo server.</p>

<p>As the result of this configuration, when you point your browser to <a href="http://locahost/console"
class="external-link" rel="nofollow">http://locahost/console</a>, the request will
be redirected to <a href="http://localhost:8080/console" class="external-link" rel="nofollow">http://localhost:8080/console</a>.
This option allows you to re-route URLs and ports.</p>

<p><b>Note:</b> If you prefer to use <b>mod_proxy_ajp</b> rather
than <b>mod_proxy_http</b>, you need to load <tt>proxy_ajp_module</tt>
in <tt>httpd.conf</tt> and change the routing port to 8009(default) as follows:</p>
<div class="code panel" style="border-width: 1px;"><div class="codeContent panelContent">
<pre class="code-java">
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_ajp_module modules/mod_proxy_ajp.so
...
ProxyPass /console ajp:<span class="code-comment">//localhost:8009/console
</span>ProxyPass /images ajp:<span class="code-comment">//localhost:8009/images
</span>ProxyPassreverse / ajp:<span class="code-comment">//localhost:8009/</span>
</pre>
</div></div>

    </div>
        <div id="commentsSection" class="wiki-content pageSection">
        <div style="float: right;">
            <a href="https://cwiki.apache.org/confluence/users/viewnotifications.action"
class="grey">Change Notification Preferences</a>
        </div>
        <a href="https://cwiki.apache.org/confluence/display/GMOxDOC30/Configure+Apache+HTTPd+as+a+reverse+proxy+%28mod_proxy%29">View
Online</a>
        |
        <a href="https://cwiki.apache.org/confluence/pages/diffpagesbyversion.action?pageId=20645448&revisedVersion=2&originalVersion=1">View
Changes</a>
                |
        <a href="https://cwiki.apache.org/confluence/display/GMOxDOC30/Configure+Apache+HTTPd+as+a+reverse+proxy+%28mod_proxy%29?showComments=true&amp;showCommentArea=true#addcomment">Add
Comment</a>
            </div>
</div>
</div>
</div>
</div>
</body>
</html>

Mime
View raw message