tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rainer Jung <rainer.j...@kippdata.de>
Subject Re: Rewrite URLs inside HTML pages?
Date Tue, 03 Aug 2010 08:16:09 GMT
Did you notice, that our expectation is you won't need any page 
rewriting when using JkHTTPSIndicator?

Regards,

Rainer

On 03.08.2010 08:45, Leon Kolchinsky wrote:
> Thanks for your help Rainer/Felix,
>
> I've tested several options including mod_substitute and mod_sed and it
> seems that mod_substitute is a way to go.
>
> This is my working configuration now:
>
> LoadModule substitute_module modules/mod_substitute.so
> .......................
> AddOutputFilterByType SUBSTITUTE text/html
> Substitute "s|http://myserver|https://load-balancer|i"
> Substitute "s|http://load-balancer|https://load-balancer|i"
>
> Don't ask me why there is a last line, I see no logic here, but without it I
> still get several http instead https links via load-balancer backend (May be
> Sakai or CISCO CSM side fault).
>
>
> Best Regards,
> Leon Kolchinsky
>
> On Mon, Aug 2, 2010 at 20:14, Rainer Jung<rainer.jung@kippdata.de>  wrote:
>
>> Hi Felix,
>>
>> hope you are doing well!
>>
>>
>> On 02.08.2010 11:46, Felix Schumacher wrote:
>>
>>> Hi Rainer,
>>> On Mon, 02 Aug 2010 10:00:57 +0200, Rainer Jung<rainer.jung@kippdata.de>
>>> wrote:
>>>
>>>> On 02.08.2010 06:31, Leon Kolchinsky wrote:
>>>>
>>>>> Hello,
>>>>>
>>>>> I've configured Tomcat (apache-tomcat-5.5.26) to run behind Apache Http
>>>>> (v.2.2.3 ) using mod_jk.
>>>>>
>>>>> We have 2 of those Tomcat servers running on different machines.
>>>>> We also configured load balancer (CISCO CSM) which we want to use for
>>>>>
>>>> SSL
>>>
>>>> offloading and LB.
>>>>>
>>>>> Load balancer serves https requests and forwards them to http (on the
>>>>> above
>>>>> servers).
>>>>>
>>>>> The problem is that links given by apache - the generated html pages
>>>>>
>>>> (by
>>>
>>>> Sakai app.)  appeared to include http://....
>>>>> And this is a major problem since we can't even serve forms from https
>>>>> URL's
>>>>> (the URL of the page is https://..... but links inside the HTML page
>>>>> itself
>>>>> are from http://.... format)
>>>>>
>>>>> I've been thinking to try to resolve this with ProxyHTMLURLMAp
>>>>> (mod_proxy_html) but I have no experience with this module.
>>>>>
>>>>> Can someone give me a sample syntax that I can try to include in my
>>>>>
>>>> vhost
>>>
>>>> configuration?
>>>>>
>>>>> Below is my virt. host configuration:
>>>>> NameVirtualHost *:80
>>>>>
>>>>> <VirtualHost *:80>
>>>>> ServerName servername.com
>>>>> ServerAdmin Leon.K@servername.com
>>>>> ServerAlias sakai-server
>>>>>
>>>>> # if not specified, the global error log is used
>>>>> ErrorLog /var/log/httpd/servername.com-error_log
>>>>> CustomLog /var/log/httpd/servername.com-access_log combined
>>>>> HostnameLookups Off
>>>>> UseCanonicalName Off
>>>>>
>>>>> # Add index.jsp to DirectoryIndex files
>>>>> DirectoryIndex index.php index.html index.htm index.shtml index.php4
>>>>> index.php3 index.phtml index.cgi index.jsp
>>>>>
>>>>> JkMount /* worker1
>>>>>
>>>>
>>>> It might be worthwhile finding out, why sakai produces wrong links. E.g.
>>>>
>>>
>>>   if you are using mod_jk to connect Apache to Tomcat, and you are talking
>>>>
>>>
>>>   HTTPS to Apache, then the calls the isSecure(), getScheme(),
>>>> getProtocol() will return the information as seen by Apache, so the
>>>> webapp is able to find out that https is used and it seems to be a bug
>>>> in sakai.
>>>>
>>> as I understood the issue, the problems arise from using a loadbalancer in
>>>
>>> front of the apache httpd servers, which are using mod_jk to communicate
>>> with the tomcats. The loadbalancers are terminating the ssl connection and
>>> presumably
>>> changing hostnames too.
>>>
>>
>> Ah OK, missed that.
>>
>>
>>   But given the documentation link you gave below, it should be easy to
>>> configure
>>> the vhost in apache httpd (or two - one for ssl, one for non-ssl traffic)
>>> by
>>> setting JkEnvVar for scheme, hostname and port if necessary.
>>>
>>> If I read http://tomcat.apache.org/tomcat-6.0-doc/config/ajp.html
>>> correctly, one could
>>> use proxyPort, proxyName and scheme in the ajp-connector.
>>>
>>
>> If using mod_jk, you can tell mod_jk, that it should derive the
>> information, whether SSL is used or not from some Apache environment
>> variable. You can the set the variable as you like e.g. depending on the
>> client IP is the connection coming from the loadbalancer) or some other
>> params.
>>
>> So you would use
>>
>> JkHTTPSIndicator MyHTTPSIndicator
>>
>> to let mod_jk check the variable "MyHTTPSIndicator" instead of the Apache
>> builtin "HTTPS" variable, whether HTTPS is used.
>>
>> Then you have to set the env var to "On" for each request you know, that it
>> is actually using https from the client point of view, e.g.
>>
>> SetEnvIf Remote_Addr "10\.0\.0\.27" MyHTTPSIndicator=On
>>
>> where e.g. 10.0.27 is the address of the load balancer (if the requests
>> arrive actually with this IP, see the acess log).
>>
>> Or you use a separate port and vhost in Apache where you connect the LB to
>> and you know everything on this port was originally HTTPS, then you could
>> simply set MyHTTPSIndicator always to On in this vhost.
>>
>> Regards,
>>
>> Rainer
>>
>>
>>   See for instance:
>>>>
>>>> http://tomcat.apache.org/connectors-doc/generic_howto/proxy.html
>>>>
>>>> If you are using http between Apache and Tomcat (not AJP13), then there
>>>> are connector settings for Tomcat to let the webapp know, that you are
>>>> actually using HTTPS on the proxy.
>>>>
>>>> If you can't fix it like this but instead really have to parse response
>>>> pages and replace links in them, three Apache module choices are
>>>> mod_proxy_html (which you already mentioned), mod_substitute and
>>>>
>>> mod_sed.
>>>
>>>>
>>>> Regards,
>>>>
>>>> Rainer

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message