tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From André Warnier ...@ice-sa.com>
Subject Re: secure reverse proxy to my tomcat server HELP NEEDED
Date Tue, 04 Mar 2014 08:50:24 GMT
Hi.

On this list, it is preferred (strongly) if you do not top-post, but respond in the text 
or below the question.  It just makes it easier to follow what is going on.
I have moved your previous response, to the logival order.

Jeff Haferman wrote:
> 
> Christopher Schultz wrote:
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA256
>>
>> Jeff,
>>
>> On 3/3/14, 5:11 PM, Jeff Haferman wrote:
>>> Yes, for development httpd and tomcat are on the same physical
>>> machine. Eventually they will be on different machines. But, even
>>> if I try browser <--- HTTPS --> httpd <-- HTTP --> Tomcat by just
>>> changing the ProxyPass and ProxyPassReverse directives to use the
>>> unencrypted URLs as follows
>>>
>>> <VirtualHost *:443> SSLEngine on SSLProxyEngine on 
>>> SSLCertificateFile /path/to/server.crt SSLCertificateKeyFile
>>> /path/to/server.key ServerName my.webserver.com ProxyPass /
>>> http://my.webserver.com:8080/ ProxyPassReverse /
>>> http://my.webserver.com:8080/ </VirtualHost>
>>>
>>> the reverse proxy still does not serve the tomcat pages as I would
>>> expect.
>> Given the above setup, what /actually/ happens when you try to request
>> a resource that should go to Tomcat? "does not serve pages as I
>> expect" is not a good description.
>>

>> Oh, and everyone posting NEEDS HELP to it's not necessary to add "HELP
>> NEEDED" or similar text to your subjects.
>>
 > Hi Chris -
 > Sorry for the "HELP NEEDED".
 >
 > What actually happens is that, just for https://my.webserver.com/, I get served the

pages that are
 > at the apache root, *not* what is being served by tomcat at port 8443.
 >
 > I do get the tomcat pages if I explicitly add the port, i.e. https://my.webserver.com:8443/
 > So, the reverse proxy seems to be broken for https only.
 >
 > The reverse proxy works fine for http, i.e. http://my.webserver.com/ gets the tomcat

pages served
 > at http://my.webserver.com:8080/
 >

Ok, that is bizarre.  I am sure that we are missing some piece of the puzzle here, because

if it was a real bug, it would have come out by now.

According to the symptoms, the Apache mod_proxy module either is not activated for that 
HTTPS VirtualHost, or it is activated but decides not to proxy these calls to Tomcat.
Which on the face of it, shouldn't happen.
It could also be that the requests are not being processed by the httpd VirtualHost which

you think is processing them.  Under Apache httpd, the first configured VirtualHost (from

top to bottom of the includes-assembled configuration file), is the default host, which 
catches all requests that arrive there, but where the ServerName doesn't match any of the

configured ones.

Referring to the configuration in your original post, I would try to simplify it, by first

removing the unnecessary/potentially confusing bits.
I would first remove these sections :
<proxy http://my.webserver.com:8080/>
     AllowOverride None
     Order Deny,Allow
     Allow from all
</proxy>
<proxy https://my.webserver.com:8443/>
     AllowOverride None
     Order Deny,Allow
     Allow from all
</proxy>

because they are for *forward* proxying, which is not what you are trying to do here (and

you correctly have "ProxyRequests Off" anyway).
(See http://httpd.apache.org/docs/2.2/mod/mod_proxy.html)

Also, I would remove the "ProxyPreserveHost on" line. See 
"http://httpd.apache.org/docs/2.2/mod/mod_proxy.html#proxypreservehost".

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message