httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Tom Evans <tevans...@googlemail.com>
Subject Re: [users@httpd] Another mod_proxy Question/Issue
Date Thu, 31 Oct 2013 15:59:04 GMT
On Thu, Oct 31, 2013 at 3:06 PM, Chris Arnold
<carnold@electrichendrix.com> wrote:
>>First of all, is "/folder/", "/path/" or "/share/"? You seem to have
>>used them all so far.. please be careful when anonymizing your config
>>that you aren't removing information that is necessary to determine
>>what is wrong....
>
> This really shouldn't matter what it is /folder /path/ or /share as long as i know what
goes there. There is certain stuff that i do not want posted to a public mailing list and
this is 1.

In fact, whether or not there is a trailing slash or not is possibly
one of the more important things in proxying. There should either be a
trailing slash on both sides of the ProxyPass, or on neither.

IE, these are both fine:

ProxyPass / http://foo/bar/
ProxyPass /baz http://foo/bar

These will probably be incorrect:

ProxyPass / http://foo/bar
ProxyPass /baz http://foo/bar/

To show why, assume /baz/qux is requested on the proxy, it will be
rewritten to these variants:

http://foo/bar/baz/qux (probably right)
http://foo/bar/qux (probably right)
http://foo/barbaz/qux (probably wrong)
http://foo/bar//qux (probably wrong)

>
>>Given your configuration, the error you are showing is impossible -
>>there is absolutely no way that "ProxyPass / /share/" could result in
>>the URL "/shareshare/" being requested on the backend. This leads me
>>to think that your configuration that you are showing here is not
>>indicative of the config you are running.
>
> Seems this is possible but here is the config:
>
> <IfDefine SSL>
> <IfDefine !NOSSL>
>
> <VirtualHost *:443>
>
>         #  General setup for the virtual host
>         #DocumentRoot "/srv/www/htdocs"
>         ServerName servername.tld:443
>         ServerAlias mail.* ifolder.*
>
>         #This rewrites https://mail.anydomain.tld to our mail server
>         RewriteEngine On
>         RewriteCond %{HTTP_HOST} ^mail\.
>         RewriteCond %{HTTPS} on
>         RewriteRule ^/(.*) https://192.168.124.3/$1 [P]
>         #RedirectMatch ^/$ /zimbra/
>
>         RewriteCond %{HTTP_HOST} ^webmail\.
>         RewriteCond %{HTTPS} on
>         RewriteRule ^/(.*) https://192.168.124.3/$1 [P]
>
>
>
>         #ServerAdmin webmaster@example.com
>         ErrorLog /var/log/apache2/error_log
>         TransferLog /var/log/apache2/access_log
>
>         SSLProxyEngine On
>         ProxyPreserveHost On
>         ProxyPass / https://192.168.123.3:8443/share
>         ProxyPassReverse / https://192.168.123.3:8443/share
>
> Then there is a series of SSL entries and then:
>
> </VirtualHost>
>
> </IfDefine>
> </IfDefine>
>


Seems like tomcat wants you to access "/share" and not "/share/". When
you access "/share/", tomcat sends you a redirect to "/share", and
there is one of your problems. You should probably fix tomcat so that
it is happy with you accessing "/share/", as this will massively
simplify your proxy setup.

The second problem is probably the ProxyPassReverse not matching what
tomcat generates. ProxyPassReverse works by doing a string replace on
various headers like 'Location' - it will replace the 2nd argument
with the first argument, and then generates a full URI according to
your httpd vhost settings (ServerName and UseCanonicalName settings
mainly). If the 2nd argument does not match the hostname/uris
generated by tomcat, then it will have no effect - this is a common
proxy setup pitfall.

Examine the URL generated by directly requesting that URL on the
tomcat server and looking at the Location header.

Cheers

Tom

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message