Return-Path: 
 <users-return-254329-apmail-tomcat-users-archive=tomcat.apache.org@tomcat.apache.org>
X-Original-To: apmail-tomcat-users-archive@www.apache.org
Delivered-To: apmail-tomcat-users-archive@www.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id 51DCC18E6F
	for <apmail-tomcat-users-archive@www.apache.org>;
 Fri, 31 Jul 2015 09:45:06 +0000 (UTC)
Received: (qmail 64968 invoked by uid 500); 31 Jul 2015 09:44:44 -0000
Delivered-To: apmail-tomcat-users-archive@tomcat.apache.org
Received: (qmail 64905 invoked by uid 500); 31 Jul 2015 09:44:44 -0000
Mailing-List: contact users-help@tomcat.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:users-help@tomcat.apache.org>
List-Unsubscribe: <mailto:users-unsubscribe@tomcat.apache.org>
List-Post: <mailto:users@tomcat.apache.org>
List-Id: <users.tomcat.apache.org>
Reply-To: "Tomcat Users List" <users@tomcat.apache.org>
Delivered-To: mailing list users@tomcat.apache.org
Received: (qmail 64894 invoked by uid 99); 31 Jul 2015 09:44:44 -0000
Received: from Unknown (HELO spamd3-us-west.apache.org) (209.188.14.142)
    by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 31 Jul 2015 09:44:44 +0000
Received: from localhost (localhost [127.0.0.1])
	by spamd3-us-west.apache.org (ASF Mail Server at spamd3-us-west.apache.org)
 with ESMTP id 196E8195E50
	for <users@tomcat.apache.org>; Fri, 31 Jul 2015 09:44:44 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at spamd3-us-west.apache.org
X-Spam-Flag: NO
X-Spam-Score: 0.7
X-Spam-Level: 
X-Spam-Status: No, score=0.7 tagged_above=-999 required=6.31
	tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1,
	KAM_ASCII_DIVIDERS=0.8, SPF_PASS=-0.001, URIBL_BLOCKED=0.001]
	autolearn=disabled
Authentication-Results: spamd3-us-west.apache.org (amavisd-new);
	dkim=pass (2048-bit key) header.d=gmail.com
Received: from mx1-us-west.apache.org ([10.40.0.8])
	by localhost (spamd3-us-west.apache.org [10.40.0.10]) (amavisd-new,
 port 10024)
	with ESMTP id f2ReQyBYpzlP for <users@tomcat.apache.org>;
	Fri, 31 Jul 2015 09:44:34 +0000 (UTC)
Received: from mail-wi0-f172.google.com (mail-wi0-f172.google.com
 [209.85.212.172])
	by mx1-us-west.apache.org (ASF Mail Server at mx1-us-west.apache.org) with
 ESMTPS id 13560213B7
	for <users@tomcat.apache.org>; Fri, 31 Jul 2015 09:44:34 +0000 (UTC)
Received: by wicgj17 with SMTP id gj17so9877262wic.1
        for <users@tomcat.apache.org>; Fri, 31 Jul 2015 02:44:32 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20120113;
        h=mime-version:in-reply-to:references:date:message-id:subject:from:to
         :content-type;
        bh=KFCEtz1JMziTvjKT/SWPHez6kzwO6sgeBzU0Ka1DykU=;
        b=Vqkwl8JDSOUB0kYYZlMF2FMgtcFQcCHIkgnNNVhmyOuAmqoX231Oj4OEI5xnGcZMCF
         li4Ho5ZNwhJGeRkHdu0BISSiSDPe6uUiL3AlzOmbkKlJgW8otFDy63VbOrrkPO6fjB8C
         R7dSbaj462ltiiO7ey1uVG5TDP5waIG1nwHGEMOiab0FhtUxZygbSqUGJvPvAWRr2nBA
         R5MT5tQFNVjfYJ2E9qRnsxe7QY+cvjzM3xbF14aE2gH5IE5gvrvpFWytSvbOWYruC9DP
         Y3WxKDp9WC4pWNUK3i8sd6p3SiZrjBimoNRud1UHERcjT6E2kTPgh2wYuTAcp2YGOElS
         4Jhw==
MIME-Version: 1.0
X-Received: by 10.180.103.69 with SMTP id fu5mr4786144wib.95.1438335872575;
 Fri, 31 Jul 2015 02:44:32 -0700 (PDT)
Received: by 10.194.133.199 with HTTP; Fri, 31 Jul 2015 02:44:32 -0700 (PDT)
In-Reply-To: 
 <2ED690F914CB71469716F8312FEC1B422D9D3818@APSWP0839.ms.ds.uhc.com>
References: <2ED690F914CB71469716F8312FEC1B422D9D2E24@APSWP0839.ms.ds.uhc.com>
	<55BA4C43.9000808@christopherschultz.net>
	<CAE3SZN101ZHhb7TnS7nbcNOZSXoUqnUYDtHD02xEXeGqu=h7iw@mail.gmail.com>
	<2ED690F914CB71469716F8312FEC1B422D9D3818@APSWP0839.ms.ds.uhc.com>
Date: Fri, 31 Jul 2015 11:44:32 +0200
Message-ID: 
 <CAE3SZN2fxU7JO56d7ojaXJHTQXdtXRw-7vVGnp5ytP5ebDkWOw@mail.gmail.com>
Subject: Re: Client using VIP ----> protocol HTTPS--> F5 ---->protocol HTTP
 ----> TOMCAT - Does not work
From: =?UTF-8?Q?Aur=C3=A9lien_Terrestris?= <aterrestris@gmail.com>
To: Tomcat Users List <users@tomcat.apache.org>
Content-Type: text/plain; charset=UTF-8

You're wellcome Lewis.

Chris, it looks like you had another understanding of the question, which was :
"So my first question is:  Why do I not see the VIP driven requests in the log?"

The requests were in the log, but with another client IP. At least
Tomcat provides this valve when most of other software don't.

A.T.

2015-07-30 19:00 GMT+02:00 Kramer, Lewis <lewis_kramer@uhc.com>:
> Sorry.  I mean thanks Aurelien.
>
> Hi,
>
> in your server.xml, add this before your acces log valve :
>
> <Valve className="org.apache.catalina.valves.RemoteIpValve" />
>
> It's working for our hosting behind F5
>
> 2015-07-30 18:09 GMT+02:00 Christopher Schultz <chris@christopherschultz.net>:
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA256
>>
>> Lew,
>>
>> On 7/29/15 4:50 PM, Kramer, Lewis wrote:
>>> I am new to Tomcat.
>>
>> Welcome to the community.
>>
>>> I'm still struggling with many of the concepts. That said here we
>>> go:
>>>
>>> Tomcat Version 8.0.14 Mainly out of the box configuration.
>>
>> If possible, upgrade to 8.0.latest.
>>
>>> Client is using VIP to connect to an F5 via HTTPS  (port 443)
>>
>> Sorry... what's "VIP"?
>>
>>> The F5 connects to the Tomcat host via HTTP (port 8080)
>>>
>>> Our F5 team indicates that they are sure they have configured the
>>> F5 properly (they do it all the time for HTTP Server and Jboss
>>> Application Server installations. They have not done this with Tomcat
>>> before)
>>
>> If everyone is speaking HTTP, it should be the same.
>>
>>> I have created an access log valve at the engine level to see what
>>> the request looks like. <Valve
>>> className="org.apache.catalina.valves.AccessLogValve"
>>> directory="logs" prefix="catalina_access_log" suffix=".txt"
>>> pattern="%h %H %l %u %t &quot;%r&quot; %s %b" />
>>>
>>> I see requests that are direct connected to the Tomcat host directly,
>>> either from a client accessing the web application hosted on the
>>> tomcat server (via HTTP) or from the F5 for healthcheck purposes in
>>> the log (also via HTTP). I do not see any client requests that use
>>> the VIP showing up in the log.
>>
>> So the F5 can get to you (healthcheck) but client requests don't make
>> it through? Sounds like a problem mapping the actual incoming requests
>> to Tomcat.
>>
>>> So my first question is: Why do I not see the VIP driven requests in
>>> the log? Am I not logging correctly? Does not seeing the requests in
>>> the log mean they are not making it to the Tomcat server?
>>
>> The log looks properly configured. If they aren't in the log, they
>> probably aren't reaching Tomcat. It wouldn't hurt to watch the NIC to
>> see if any traffic is coming over. Try something like tcpdump or
>> Wireshark to see if anything is coming in.
>>
>>> Thinking that this might be a proxy problem I tried this which didn't
>>> work
>>>
>>> <Connector port="8080" protocol="HTTP/1.1"
>>> connectionTimeout="20000" redirectPort="8443" proxyName="VIP name"
>>> proxyPort="443" scheme="HTTPS" disableUploadTimeout="true" />
>>>
>>> I've recently begun reading about the proxy support valve but am
>>> still digesting the information. At this point I am not even sure how
>>> I might use it.
>>
>> Tomcat treats proxies just like any other HTTP client, so it shouldn't
>> require much study (until you want to get the client's REAL ip
>> address, for instance).
>>
>> How is the F5 set up to route requests to Tomcat? Is it done by URL
>> pattern or something? Or anything that comes-in for a specific IP goes
>> to Tomcat?
>>
>> Can you confirm if the F5 is even getting the requests?
>>
>> - -chris
>> -----BEGIN PGP SIGNATURE-----
>> Comment: GPGTools - http://gpgtools.org
>>
>> iQIcBAEBCAAGBQJVukxDAAoJEBzwKT+lPKRY0zwP/0VZOjQDkISaYP0Ru1t3lkeQ
>> bM0ao6s0SpUZNgBPhrFj9a53PC4FbWPa0SjqLeKQJ4fmuc2kgbnUSOVOEQefbNMO
>> wZC2Fvv6Ry8Vr4UnE5XoldJFV98NwRWW6T684fCQPZWEPeD1OEQMapG9jAzpC4eT
>> rCape0UoZ6OyNzJuMdQ3yTit5iOQdx5BLUzKao+Tejk/DZHqXZoW/4+xyatoOPIo
>> KzR1B84xsFJx3TKedH1vOTGLM54+KLX/aFiPAdUsZJQVVJmZ61OPEDR1KiHu3O/F
>> wi58vmmaX56aspA/f1CybZ5HJDvvn4zNqPjLWivaWr2j2l1zJT1BMOgeWbBF+Mzx
>> 66ARRovYoJjRY6n6SfysCnUL1IqoaphYzUWrg5HCn5EhyhzysshzKNLk1GtXFdry
>> 5M0XW+sIuNd0PanHHRyN1u4LChsi80X0UhwyfxqIHTZ/FZH0oCGV0ZQ32BXtlioe
>> vBbOq5Dig+jKpxbek0/iXOuIst8snrlAYqHlYImxnxQnD0tRhzIVyJjy2aXzm2+T
>> pxaKzoke1weZjvmfdg4qhO4nEIJvyFtlh44o34Us5IWGayUErq7RK57ECr1uhXDb
>> PCGvuIBN6WbHWE44BJKLCEq/XhcUDvRjrII0vWbf3Cwo5upeCDUd5o0Py/6meJKv
>> rHT6P/DUjhJcIT6DTRjc
>> =PNJY
>> -----END PGP SIGNATURE-----
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>> For additional commands, e-mail: users-help@tomcat.apache.org
>>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>
>
> This e-mail, including attachments, may include confidential and/or
> proprietary information, and may be used only by the person or entity
> to which it is addressed. If the reader of this e-mail is not the intended
> recipient or his or her authorized agent, the reader is hereby notified
> that any dissemination, distribution or copying of this e-mail is
> prohibited. If you have received this e-mail in error, please notify the
> sender by replying to this message and delete this e-mail immediately.

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org