tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From <li...@cgi-net.ch>
Subject Re: Apache reverse proxy to tomcat application server
Date Thu, 19 Aug 2010 19:56:25 GMT
On Thu, 19 Aug 2010 21:35:40 +0200, <linux@cgi-net.ch> wrote:
> On Thu, 19 Aug 2010 21:28:25 +0200, Rainer Jung
<rainer.jung@kippdata.de>
> wrote:
>> On 19.08.2010 21:17, linux@cgi-net.ch wrote:
>>> On Thu, 19 Aug 2010 20:57:57 +0200, Rainer
> Jung<rainer.jung@kippdata.de>
>>> wrote:
>>>> On 19.08.2010 20:27, linux@cgi-net.ch wrote:
>>>>> Hi List,
>>>>>
>>>>> I'm running mod_jk on a apache 2.2.14 connecting to a second host,
>>>>> running
>>>>> tomcat 5 server with a third party application.
>>>>> This application is configured to display some company internal
>>>>> information when accessing the page directly without any
> subdirectory:
>>>>> like: http://<servername>/
>>>>> A second application part is located under address
>>>>> http://<servername>/application ->   please note, this is not
a
>>> directory,
>>>>> this is a servlet-mapping made by tomcat (and we can't change the
>>> tomcat
>>>>> setup as we would loose support for it)
>>>>>
>>>>> My problem is now, that I only what to grant access to
>>>>> http://<servername>/application for external customers through
the
>>> apache
>>>>> mod_jk setup.
>>>>> But of some reason do I have trouble implementing this.
>>>>
>>>> How did you try to achive that?
>>>>
>>>> JkMount /application|/* worker1
>>> I tried it with JkMount /application worker1 and with JkMount
>>> /application* worker1
>>>
>>> Quick question, you've written JkMOunt /application|/, what does the |
>>> stand for?
>> 
>> JkMount /application|/* worker1
>> 
>> is a short syntax for the two rules
>> 
>> JkMount /application worker1
>> JkMount /application/* worker1
> Thanks for that hint, might be useful for further work
> 
>> 
>>>> Is the application deployed on Tomcat using the same context name
>>>> "/application"?
>>> Yes
>> 
>> Good.
>> 
>>>> What was the exact result, when you tried that?
>>> Well it displays the login page, but the formatting of the does not
> work,
>>> and when I hit the submit button, nothing is happening.
>>> Do you think that it is possible that /application does require / to
be
>>> access able as well (both application coming from the same vendor and
> are
>>> related to each other)
>> 
>> Aaaah!
>> 
>> Yes it is quote possible that the page contains links to other content 
>> that does not reside under /application. Those could be CSS (style 
>> sheets) responsible for correct rendering and JS (JavaScript files) 
>> responsible for actions when pressing buttons. You can look at the 
>> source code of the login page or use some browser plugin that shows you

>> all links referenced in the page. Some browsers might show you the info

>> out of the box.
> OK, I'll need to check that - please note that this will require some
> time.
You were right, there were *.js files, which the application is/was
sharing between / and /application
With JkMount /*.js worker1 everything is working now - except some
pictures, but this is fine (can do the same for them too)

> 
>> 
>>>>> The stuff only works if I configure mod_jk to JkMount /* - but with
>>> that,
>>>>> also the page ttp://<servername>/ is access-able.
>>>>> I've also tried it with Rewrite rules (to make sure everything else
>>> than
>>>>> http://<servername/application is redirected to this address), etc.
> but
>>>>> nothing was/is working.
>>>>
>>>> Rewriting will not be necessary as long as the context name on Tomcat
> is
>>>
>>>> "/application".
>>>>
>>>>> Please find below some information about my setup:
>>>>>
>>>>> ###
>>>>> ### setup information
>>>>> ###
>>>>> mod_jk version: 1.2.30
>>>>> mod_jk httpd configuration (that's how it is working but it will
> allow
>>>>> access to any application, served by the tomcat server):
>>>>> # Some URL Redirecting is required
>>>>> RewriteEngine On
>>>>> RewriteCond %{DOCUMENT_ROOT}%{REQUEST_URI} -d [OR]
>>>>> RewriteCond %{DOCUMENT_ROOT}%{REQUEST_URI} -f
>>>>> RewriteCond %{REQUEST_URI} !=/application
>>>>> RewriteRule .* /application
>>>>
>>>> Let's remove the rewriting as long as we are debugging your original
>>>> problem.
>>> OK, I've anyway disabled them already since they were not working
>>>
>>>>
>>>>> # Load Module
>>>>> LoadModule      jk_module       modules/mod_jk.so
>>>>> # Worker File
>>>>> JkWorkersFile   /<path to worker file>/workers.properties
>>>>> # Where to put the log
>>>>> JkLogFile       /<path to log file>/mod_jk.log
>>>>> # Log level
>>>>> JkLogLevel      debug
>>>>> # Select the timestamp log format
>>>>> JkLogStampFormat        "[%a %b %d %H:%M:%S %Y] "
>>>>> JkMount         /* worker1
>>>>>
>>>>> mod_jk worker configuration:
>>>>> # Define 1 real worker using ajp13
>>>>> worker.list=worker1
>>>>> # Set properties for worker1 (ajp13)
>>>>> worker.worker1.type=ajp13
>>>>> worker.worker1.host=chnovmn3.lcsys.ch
>>>>> worker.worker1.port=8009
>>>>> worker.worker1.connection_pool_timeout=60
>>>>> worker.worker1.socket_keepalive=1
>>>>
>>>> The log snippert you provided was parts of the log produced by
>>>> successful requests, i.e. requests that were forwarded to tomcat and
>>>> replied stuff. Please do provide the log contents for a request that
>>>> does not work, i.e. which does show the problem.
>>> I can send you more log files, but I think the problem is more related
>>> with the application it self.
>> 
>> Right.
>> 
>>> The error I receive from apache is 404 which means he can not find the
>>> document (which indicates that I've made some configuration mistake)
>> 
>> You can look at the Apache access log to check, what other resources
the
> 
>> browser tries to access. Maybe they are contained in a few other
folders
> 
>> or have a few file content suffixes you can add with a couple of 
>> additional JkMounts.
> As soon as I've checked the source code of the page, I'll try to go with
> this solution.
> Hope it works
As written above, that was the problem ... I've applied the change and
everything is working now.
The only thing I have to-do is to redirect 404 return code to
http://<server name>/application - but that should not be a problem

> 
>> 
>>> General question, is it possible to allow access to /* to make the
> stuff
>>> working but restrict access for customers to /application
>>> (like you can do it with<directory>  stanza in apache)
>> 
>> In principle it is possible. The details depend on what "customers" are

>> (defined by IP or what?) and which URLs precisely need to be public vs.

>> private.
> Hmmm, customers can come from everywhere ... so I think this will be
> difficult.
> Basically the only URL which needs to be public access able is
> http://<servername>/application
> everything else should remain private
I'll see how I can implement this, maybe Apache <Location> stanza will
work

Thanks and all the best,
Simon

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message