tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Assaf Urieli <assaf.uri...@gmail.com>
Subject Re: IP-based virtual hosting with useIPVHosts=true always goes to default host
Date Fri, 15 Jun 2012 10:33:38 GMT
Hi Chris,

>
> On 6/8/12 11:12 AM, Assaf Urieli wrote:
> > Ok, this is strange. I created a test.jsp page that prints
> > request.getLocalName(), request.getServerName(), and
> > request.getLocalAddr(). I tried various scenarios in the browser:
> > http://domain1.com, http://www.domain1.com, http:/1.2.3.4,
> > http://domain2.com, http://www.domain2.com, http://5.6.7.8, as well
> > as all of the above with https.
>
> What /real/ URLs are you using to hit your server? I dont see a port
> number anywhere.
>

Sorry, I was trying to keep it generic up to now to see if I was simply
doing something stupid, but I'll go ahead and publish my real domains/IPs.

So, my test page code is:
<p>Java Version:<%= System.getProperty( "java.version" ) %>
<p>Local name:<%= request.getLocalName() %>
<p>Server name:<%= request.getServerName() %>
<p>Local IP:<%= request.getLocalAddr() %>

So, the addresses to test are:
http://www.joli-ciel.com/test.jsp
http://www.moyshele.com/test.jsp
http://178.79.152.69/test.jsp
http://176.58.107.88/test.jsp

And exactly the same four, but with HTTPS:
https://www.joli-ciel.com/test.jsp
https://www.moyshele.com/test.jsp
https://178.79.152.69/test.jsp
https://176.58.107.88/test.jsp

Now, every single one of these gives the exact same values for
request.getLocalName() and request.getLocalAddr().
request.getLocalName(): www.joli-ciel.com
request.getLocalAddr(): 178.79.152.69
And this is why, even when useIPVHosts=true, I always get the HTTPS
Connector corresponding to 178.79.152.69, which gives the wrong SSL
certificate for https://www.moyshele.com

For info, my /etc/network/interfaces file:
************************************************
auto lo
iface lo inet loopback

auto eth0 eth0:0

iface eth0 inet static
 address 178.79.152.69
 netmask 255.255.255.0
 gateway 178.79.152.1
        pre-up iptables-restore < /etc/iptables.conf

iface eth0:0 inet static
 address 176.58.107.88
 netmask 255.255.255.0
        pre-up iptables-restore < /etc/iptables.conf
************************************************

Note (in case it's relevent) that /etc/iptables.conf is mapping port 8080
to port 80 and port 8443 to port 443  - relevent portions below:
************************************************
*nat
:PREROUTING ACCEPT [11:3512]
:POSTROUTING ACCEPT [13:844]
:OUTPUT ACCEPT [13:844]
-A PREROUTING -p tcp -m tcp --dport 443 -j REDIRECT --to-ports 8443
-A PREROUTING -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 8080
-A OUTPUT -p tcp -m tcp --dport 443 -j REDIRECT --to-ports 8443
-A OUTPUT -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 8080
COMMIT
************************************************

My /etc/hosts file:
************************************************
127.0.0.1        localhost.localdomain  localhost
178.79.152.69    www.joli-ciel.com bilbo.joli-ciel.com bilbo.aplikaterm.com
www.aplikaterm.com joli-ciel.com  bilbo
176.58.107.88    www.moyshele.com www.flyingpencil.com moyshele.com
flyingpencil.com moyshele

::1 ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
ff02::3 ip6-allhosts
************************************************

The relevent portions of my server.xml file:
************************************************
  <Service name="Catalina">
    <Connector port="8080" protocol="HTTP/1.1"
               connectionTimeout="20000"
               URIEncoding="UTF-8"
               redirectPort="8443" />

    <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
address="178.79.152.69"
           keystoreFile="/home/tomcat6/.keystore1" keystorePass="********"
           maxThreads="150" scheme="https" secure="true"
           clientAuth="false" sslProtocol="TLS" URIEncoding="UTF-8" />

    <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
address="176.58.107.88"
           keystoreFile="/home/tomcat6/.keystore2" keystorePass="********"
           maxThreads="150" scheme="https" secure="true"
           clientAuth="false" sslProtocol="TLS" URIEncoding="UTF-8" />

    <Engine name="Catalina" defaultHost="localhost">
      <Realm className="org.apache.catalina.realm.UserDatabaseRealm"
             resourceName="UserDatabase"/>

      <Host name="localhost"  appBase="webapps"
            unpackWARs="true" autoDeploy="true"
            xmlValidation="false" xmlNamespaceAware="false">
            <Alias>178.79.152.69</Alias>
            <Alias>aplikaterm.com</Alias>
            <Alias>www.aplikaterm.com</Alias>
            <Alias>joli-ciel.com</Alias>
            <Alias>www.joli-ciel.com</Alias>

        <Valve className="org.apache.catalina.valves.AccessLogValve"
directory="/home/tomcat6/logs/joliciel"
               prefix="joliciel_access_log." suffix=".log" pattern="%A %h
%l %u %t '%r' %s %b" resolveHosts="false"/>
      </Host>
        <Host name="moyshele.com"  appBase="/usr/share/moyshele"
            unpackWARs="true" autoDeploy="true"
            xmlValidation="false" xmlNamespaceAware="false">
            <Alias>176.58.107.88</Alias>
            <Alias>moyshele.com</Alias>
            <Alias>www.moyshele.com</Alias>
            <Context path="" docBase="."/>
            <Valve className="org.apache.catalina.valves.AccessLogValve"
directory="/home/tomcat6/logs/moyshele"
               prefix="moyshele_access_log." suffix=".log" pattern="%A %h
%l %u %t '%r' %s %b" resolveHosts="false"/>
        </Host>
    </Engine>
  </Service>
************************************************

By the way, if I run netstat (with or without useIPVHosts=true), I get:
************************************************
sudo netstat -ntlp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address
State       PID/Program name
tcp        0      0 0.0.0.0:22              0.0.0.0:*
LISTEN      1967/sshd
tcp        0      0 127.0.0.1:5432          0.0.0.0:*
LISTEN      2082/postgres
tcp6       0      0 127.0.0.1:8005          :::*
LISTEN      16815/java
tcp6       0      0 :::8080                 :::*
LISTEN      16815/java
tcp6       0      0 :::22                   :::*
LISTEN      1967/sshd
tcp6       0      0 176.58.107.88:8443      :::*
LISTEN      16815/java
tcp6       0      0 178.79.152.69:8443      :::*
LISTEN      16815/java
************************************************

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message