Return-Path: X-Original-To: apmail-tomcat-users-archive@www.apache.org Delivered-To: apmail-tomcat-users-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 5A28817F85 for ; Fri, 15 May 2015 12:03:57 +0000 (UTC) Received: (qmail 79209 invoked by uid 500); 15 May 2015 12:03:53 -0000 Delivered-To: apmail-tomcat-users-archive@tomcat.apache.org Received: (qmail 79143 invoked by uid 500); 15 May 2015 12:03:53 -0000 Mailing-List: contact users-help@tomcat.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "Tomcat Users List" Delivered-To: mailing list users@tomcat.apache.org Received: (qmail 79132 invoked by uid 99); 15 May 2015 12:03:53 -0000 Received: from Unknown (HELO spamd1-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 15 May 2015 12:03:53 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd1-us-west.apache.org (ASF Mail Server at spamd1-us-west.apache.org) with ESMTP id 4E611C5169 for ; Fri, 15 May 2015 12:03:53 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd1-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: 1.001 X-Spam-Level: * X-Spam-Status: No, score=1.001 tagged_above=-999 required=6.31 tests=[KAM_LAZY_DOMAIN_SECURITY=1, URIBL_BLOCKED=0.001] autolearn=disabled Received: from mx1-eu-west.apache.org ([10.40.0.8]) by localhost (spamd1-us-west.apache.org [10.40.0.7]) (amavisd-new, port 10024) with ESMTP id eTqCMgbipFhK for ; Fri, 15 May 2015 12:03:46 +0000 (UTC) Received: from vms173025pub.verizon.net (vms173025pub.verizon.net [206.46.173.25]) by mx1-eu-west.apache.org (ASF Mail Server at mx1-eu-west.apache.org) with ESMTPS id 61E23212C8 for ; Fri, 15 May 2015 12:03:45 +0000 (UTC) Received: from Christophers-MacBook-Pro.local ([173.79.164.201]) by vms173025.mailsrvcs.net (Oracle Communications Messaging Server 7.0.5.32.0 64bit (built Jul 16 2014)) with ESMTPA id <0NOE00KMU44OETU1@vms173025.mailsrvcs.net> for users@tomcat.apache.org; Fri, 15 May 2015 07:02:53 -0500 (CDT) X-CMAE-Score: 0 X-CMAE-Analysis: v=2.1 cv=Ap5ZB14n c=1 sm=1 tr=0 a=YZvWn4c/W8VqgPENxCgm9A==:117 a=cGdM_UB1h6QA:10 a=IkcTkHD0fZMA:10 a=-57I09spAAAA:8 a=oR5dmqMzAAAA:8 a=-9mUelKeXuEA:10 a=h1PgugrvaO0A:10 a=A1X0JdhQAAAA:8 a=j4nzMFrpAAAA:8 a=YQo1Iy1Jd7R4kIlWr0AA:9 a=QEXdDO2ut3YA:10 Message-id: <5555E067.8070609@christopherschultz.net> Date: Fri, 15 May 2015 08:02:47 -0400 From: Christopher Schultz User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:31.0) Gecko/20100101 Thunderbird/31.6.0 MIME-version: 1.0 To: Tomcat Users List Subject: Re: AJP config questions References: In-reply-to: Content-type: text/plain; charset=utf-8 Content-transfer-encoding: 8bit -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Jeffrey, On 5/14/15 6:38 PM, Jeffrey Janner wrote: > (Hopefully, this isn't a duplicate post, but I sent the original a > half-hour ago and I haven't seen it come back yet.) > > Guys, it's been a long time since I did any work with AJP, but it > looks like something I'll be implementing soon. I have a couple of > basic questions, mostly related to ProxyPassReverse, but also one > related to SSL. > > I know to turn on mod_proxy and mod_proxy_ajp and a simple > ProxyPass where the source and dest paths match, i.e. both are > "/foo". The question is if they differ. The httpd docs give this > example: > > Rewriting Proxied Path ProxyPass /apps/foo > ajp://backend.example.com:8009/foo ProxyPassReverse /apps/foo > http://www.example.com/foo > > but don't mention if you need to turn on the RewriteEngine. Also, > the second line doesn't look correct. Shouldn't it be > http://www.example.com/app/foo? Or maybe > ajp://backend.example.com:8009/foo? Trying to re-name the context path during proxying is a road that ends in tears. ProxyPassReverse only re-writes headers like SetCookie and Location. If you have links within your pages, you'll need to use something like mod_html to re-write all of them as the page is streamed back to the client. Best practice is to re-name the application to apps#foo.war if that's really the URL path you want to use. (The above configuration does not use mod_rewrite, hence the absence of "RewriteEngine On".) > BTW: we don't seem to be able to get the example to work. > "ProxyPass /myapp ajp://localhost:8009/myapp" works, but > "ProxyPass /app ajp://localhost:8009/myapp" does not work, and > we've tried various iterations of ProxyPassReverse with it. When you say "doesn't work", what do you really mean? > What's the best way to handle ROOT.war, assuming there are other > webapps to deploy as well? This is tough. I would recommend that you put all web applications in distinct paths, and not use ROOT at all. It makes proxying a little more sane IMHO. You can definitely still do it (just do all your ProxyPasses for the non-ROOT webapps *first* in httpd.conf, and then have one that does something like "ProxyPass / [endpoint]" last to handle the ROOT webapp. > What if I don't want ROOT.war, but want to send / to a specific > webapp? Put index.html into ROOT/index.html and do a redirect (or something roughly equivalent, like using RedirectMatch ^/$ /webapp/). > SSL Question: Since our web.xml is configured to redirect all > requests to SSL in the area, how does that > effect the options that need to be supplied in the connector? Right > now, we just have the basic config as it comes in the initial > conf.xml. When using mod_proxy_ajp, the SSL information should be passed-over from httpd to Tomcat just like when you are using mod_jk, so I don't think you'll get a redirect storm. mod_jk sends-over some extra stuff by default that mod_proxy_ajp I think does not, but I can't remember off the top of my head what those things are. > Sorry for being a newbie on this, but the last time I messed with > Apache proxy was 4.0 and then I used JK. You can still certainly use mod_jk, but you'll find the same issues with path-rewriting. I've been using mod_jk forever and I have no plans to abandon it. mod_jk is alive and well if you'd prefer to use something with which you have previous experience. But you do have to build it separately, since it doesn't come bundled with httpd (which is definitely a bummer). - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 Comment: GPGTools - http://gpgtools.org iQIcBAEBCAAGBQJVVeBnAAoJEBzwKT+lPKRYsAwP/086jW4zeX/5BZxJyMsEbjLp fEJCj8tJguyKoXRkgVIqeVW9aHK86elY3JYaAx/00GmrZACZbk2J963XB58E3YyV C3bd3K1BkHGYsWCoYwqEcNUIygnaJEuWrydXalcJrvrsk5vprkkFKQE/yu2Wu7gg vdNcbLe+LwySbYAJdzrBWYiyTFqarA/ShFkyMcpsEz+TWpbcDZptfpLLs2M30lPz /53OaJvfVs4yle/nXaqvG7R61RXc1/JkEOVApXMhn+lCnP2XBwNhVtpqsAjwIRMv ArdZClXH5wEpB+8rwWZVwMVQhJZJqGZXjBX8k9r1zNoXzomN6TWnB6zcnjOBpMVC RaErv9KQmSDsRWwmz5wyhdHWNPOVo48g0oCZhg22cF4tCXd879x25P4HIEyR5hT/ oJppa8kT7nSSaRQbq3s0n1LrBUMa7FqF+544zID6HnATSlNVADP5DOMUFrrEU+yH sAtsKsdjeuvO01FsI7f246vtwZ4VbXu8UfFswgFanHFFLGV0oLOOHbYyNEQF5tVU VeAsAMAg4dkNplW70XL4CGXho7WVEauCoivWVYxIvgQXyBA8q1NO89ZwGHO2wE5L lODTZ/16d/pI3VTxZJB10ENpVFQrpoXZz4Qaq24UCI6cli4OVGlBuelsCzgocga3 0T/nQcypPZ7IMQB4B0wy =ZtFn -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org For additional commands, e-mail: users-help@tomcat.apache.org