tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rainer Jung <rainer.j...@kippdata.de>
Subject Re: Rewrite URLs inside HTML pages?
Date Thu, 05 Aug 2010 08:26:52 GMT
Comments inline

On 05.08.2010 03:30, Leon Kolchinsky wrote:
> Hi,
>
> Hmm.
> Interesting.
> Of course I'd like to make it work with "simple configuration" or/and with
> JkHTTPSIndicator.
>
> I'm just not clear on how to make this "simple configuration".
>
> As I've said there is no SSL handling on the server side. All SSL request
> handled on the load balance level which in turn talks to Apache (configured
> to talk to Tomcat via mod_jk) via http.
>
> myserv.mydomain.com - Tomcat server's Domain name
> sakai-stg.mydomain.com - Load balancer's Domain name
>
> Clients coming to Load Balancer's URL https://sakai-stg.mydomain.com need to
> use internal links (submit forms etc.) which appear as http://
> sakai-stg.mydomain.com/..... on the served pages.
> Submitting forms is not working in that scenario since the links should look
> like this inside the pages - https://sakai-stg.mydomain.com/.....
>
>
> Please see my mod_jk.conf, workers.properties, 01myserv.mydomain.com.conf
> files below.
>
> Can you come up with a solution without using mod_substitute as I do now?
>
> [root@myserv mod_sed]# cat /etc/httpd/conf/mod_jk.conf
> LoadModule jk_module modules/mod_jk.so
>
> # mod_jk config
> # Where to find workers.properties
> # Update this path to match your conf directory location (put
> workers.properties next to httpd.conf)
> JkWorkersFile /etc/httpd/conf/workers.properties
> # Where to put jk shared memory
> # Update this path to match your local state directory or logs directory
> JkShmFile /var/log/httpd/mod_jk.shm
> # Where to put jk logs
> # Update this path to match your logs directory location (put mod_jk.log
> next to access_log)
> JkLogFile /var/log/httpd/mod_jk.log

Unrelated: you could use rotatelogs here, as in "CustomLog" or 
"ErrorLog" to automatically rotate the files.

> # Set the jk log level [debug/error/info]
> JkLogLevel info
> # Select the timestamp log format
> JkLogStampFormat "[%a %b %d %H:%M:%S %Y] "

Unrelated: I would remove JkLogStampFormat. Since a few years mod_jk 
will log sub second timestamps by default, but this format disables that.

> #JkOptions indicate to send SSL KEY SIZE,
> JkOptions +ForwardKeySize +ForwardURICompat -ForwardDirectories

Unrelated: You should remove "+ForwardURICompat" unless you understand 
what it does and that you will definitely need it.

> # JkRequestLogFormat set the request format
> JkRequestLogFormat "%w %V %T"

Unrelated: Don't like the JkRequestFormat. Instead would use so called 
"notes" to add the info directly to the access log.

> # Globally deny access to the WEB-INF directory
> <LocationMatch '.*WEB-INF.*'>
> AllowOverride None
> deny from all
> </LocationMatch>

Unrelated: The application directory usually should not be reachable at 
all by Apache.

> [root@myserv mod_sed]#
> [root@myserv mod_sed]# cat /etc/httpd/conf/workers.properties
> #
> # This file provides minimal jk configuration properties needed to
> # connect to Tomcat.
> #
> # We define a workers named worker1 and worker2
> workers.tomcat_home=/srv/tomcat/
> workers.java_home=/srv/jdk
> ps=/

Unrelated: The above three are useless.

> worker.list=worker1
> worker.worker1.type=ajp13
> worker.worker1.host=localhost
> worker.worker1.port=8009
> worker.worker1.lbfactor=1

Unrelated: That's very minimal.

> # Load-balancing behaviour (add when you have more than 1 worker and change
> worker.workerX.host and worker.list accordingly)
> # worker.loadbalancer.type=lb

Unrelated: You are not actually using mod_jk load balancing here.

> # Status worker for managing load balancer (add when you have more than 1
> worker)
> worker.status.type=status

Suggestion: grab the default workers.properties from the mod_jk 1.2.30 
source download. It contains important hints about production ready 
configuration.

> [root@myserv mod_sed]#
> [root@myserv mod_sed]# cat
> /etc/httpd/conf/vhosts.d/01myserv.mydomain.com.conf
> LoadModule substitute_module modules/mod_substitute.so
>
> NameVirtualHost *:80
>
> <VirtualHost *:80>
> ServerName myserv.mydomain.com
> ServerAdmin Leon.Kolchinsky@mydomain.com
> ServerAlias sakai-stg
>
> # Just in case
> DocumentRoot /srv/sakai
>
> # if not specified, the global error log is used
> ErrorLog /var/log/httpd/myserv.mydomain.com-error_log
> CustomLog /var/log/httpd/myserv.mydomain.com-access_log combined
> # don't loose time with IP address lookups
> HostnameLookups Off
> # needed for named virtual hosts
> UseCanonicalName Off
>
> # Add index.jsp to DirectoryIndex files
> DirectoryIndex index.php index.html index.htm index.shtml index.php4
> index.php3 index.phtml index.cgi index.jsp
>
> JkMount /* worker1

Assuming that you always want Tomcat to assume https when a request came 
in via this VirtualHost:

JkHTTPSIndicator FakeHTTPS
SetEnv FakeHTTPS On

(the module mod_env needs to be loaded).

> AddOutputFilterByType SUBSTITUTE text/html
> Substitute "s|http://myserv|https://sakai-stg|i"
> Substitute "s|http://sakai-stg|https://sakai-stg|i"

Those three should then no longer be needed (if sakai behaves well).

> </VirtualHost>

Regards,

Rainer

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message