tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rainer Jung <>
Subject Re: Rewrite URLs inside HTML pages?
Date Mon, 02 Aug 2010 10:14:17 GMT
Hi Felix,

hope you are doing well!

On 02.08.2010 11:46, Felix Schumacher wrote:
> Hi Rainer,
> On Mon, 02 Aug 2010 10:00:57 +0200, Rainer Jung<>
> wrote:
>> On 02.08.2010 06:31, Leon Kolchinsky wrote:
>>> Hello,
>>> I've configured Tomcat (apache-tomcat-5.5.26) to run behind Apache Http
>>> (v.2.2.3 ) using mod_jk.
>>> We have 2 of those Tomcat servers running on different machines.
>>> We also configured load balancer (CISCO CSM) which we want to use for
>>> offloading and LB.
>>> Load balancer serves https requests and forwards them to http (on the
>>> above
>>> servers).
>>> The problem is that links given by apache - the generated html pages
> (by
>>> Sakai app.)  appeared to include http://....
>>> And this is a major problem since we can't even serve forms from https
>>> URL's
>>> (the URL of the page is https://..... but links inside the HTML page
>>> itself
>>> are from http://.... format)
>>> I've been thinking to try to resolve this with ProxyHTMLURLMAp
>>> (mod_proxy_html) but I have no experience with this module.
>>> Can someone give me a sample syntax that I can try to include in my
> vhost
>>> configuration?
>>> Below is my virt. host configuration:
>>> NameVirtualHost *:80
>>> <VirtualHost *:80>
>>> ServerName
>>> ServerAdmin
>>> ServerAlias sakai-server
>>> # if not specified, the global error log is used
>>> ErrorLog /var/log/httpd/
>>> CustomLog /var/log/httpd/ combined
>>> HostnameLookups Off
>>> UseCanonicalName Off
>>> # Add index.jsp to DirectoryIndex files
>>> DirectoryIndex index.php index.html index.htm index.shtml index.php4
>>> index.php3 index.phtml index.cgi index.jsp
>>> JkMount /* worker1
>> It might be worthwhile finding out, why sakai produces wrong links. E.g.
>> if you are using mod_jk to connect Apache to Tomcat, and you are talking
>> HTTPS to Apache, then the calls the isSecure(), getScheme(),
>> getProtocol() will return the information as seen by Apache, so the
>> webapp is able to find out that https is used and it seems to be a bug
>> in sakai.
> as I understood the issue, the problems arise from using a loadbalancer in
> front of the apache httpd servers, which are using mod_jk to communicate
> with the tomcats. The loadbalancers are terminating the ssl connection and
> presumably
> changing hostnames too.

Ah OK, missed that.

> But given the documentation link you gave below, it should be easy to
> configure
> the vhost in apache httpd (or two - one for ssl, one for non-ssl traffic)
> by
> setting JkEnvVar for scheme, hostname and port if necessary.
> If I read
> correctly, one could
> use proxyPort, proxyName and scheme in the ajp-connector.

If using mod_jk, you can tell mod_jk, that it should derive the 
information, whether SSL is used or not from some Apache environment 
variable. You can the set the variable as you like e.g. depending on the 
client IP is the connection coming from the loadbalancer) or some other 

So you would use

JkHTTPSIndicator MyHTTPSIndicator

to let mod_jk check the variable "MyHTTPSIndicator" instead of the 
Apache builtin "HTTPS" variable, whether HTTPS is used.

Then you have to set the env var to "On" for each request you know, that 
it is actually using https from the client point of view, e.g.

SetEnvIf Remote_Addr "10\.0\.0\.27" MyHTTPSIndicator=On

where e.g. 10.0.27 is the address of the load balancer (if the requests 
arrive actually with this IP, see the acess log).

Or you use a separate port and vhost in Apache where you connect the LB 
to and you know everything on this port was originally HTTPS, then you 
could simply set MyHTTPSIndicator always to On in this vhost.



>> See for instance:
>> If you are using http between Apache and Tomcat (not AJP13), then there
>> are connector settings for Tomcat to let the webapp know, that you are
>> actually using HTTPS on the proxy.
>> If you can't fix it like this but instead really have to parse response
>> pages and replace links in them, three Apache module choices are
>> mod_proxy_html (which you already mentioned), mod_substitute and
> mod_sed.
>> Regards,
>> Rainer

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message