tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From André Warnier ...@ice-sa.com>
Subject Re: Strange URL rewrite when reverse proxy with Apache HTTP Server
Date Tue, 21 Feb 2017 22:10:32 GMT
On 21.02.2017 20:45, Aaron Gray wrote:
> I have an application server from a vendor that comes bundled with an
> additional Apache Tomcat server.  The webapp SelfService.war is vendor
> supplied too.
>
> Here's my problem (IP's replaced to protect the innocent):
>
> networks:
> DMZ=172.x.x.x
> INTERNAL=10.x.x.x
>
> server1 https listen = 172.1.1.1:23270
> server2 https listen = 172.1.1.2:23270
> F5 load balancer hostname = loadbalancer.domain.com:443
> backend tomcat server = 10.1.1.1:18080
>
> mod_proxy configuration:
> ProxyPass /SelfService http://10.1.1.1:18080/SelfService
> ProxyPassReverse /SelfService http://10.1.1.1:18080/SelfService
>
> When I access these DMZ webservers which mod_proxy back to Apache Tomcat as:
> https://172.1.1.1:23270/SelfService
> and
> https://172.1.1.2:23270/SelfService <https://172.1.1.1:23270/SelfService>
> They load properly. Perfectly, every time!

Ok, so there is no problem in tomcat, nor with the webapp itself.

>
> When I access these DMZ webservers via the F5 load balancer (to which I
> dont have access to, but the network folks configure for me), it hangs.

What is the URL you are using, when you do the access via the F5 load balancer ?
(just to make sure)

> Eventually returns:
> https://loadbalancer.domain.com:23270/SelfService
> cant load.
>

"Eventually" meaning that there is a delay ? how long ?

> No idea why the URL is being re-written with the ":23270".
> I added static content to the server.xml on 10.1.1.1 (Tomcat) to test:
> <Context docBase="/path/to/tomcat/static" path="/static" />
> Then put a simple index.html in there.  Accessing via the Apache Web
> Servers works fine, but if you hit it with the Load Balancer it once again
> adds the https://loadbalancer.domain.com:23270/static
>
> Do you have any thoughts?  Thanks so much, I have been working with this
> for weeks now with no success
>

I don't know the F5 internals, but at first sight, it sounds like 2 problems, of which the

first is a misconfiguration of the load-balancer.
Internally, it should have a configuration similar to your Apache configurations, with a 
ProxyPass and a ProxyPassReverse (at least in the principle), and it should never show 
this ":23270" to the caller. The URL is not really being "rewritten". It looks more like a

"leakage" of some information that the F5 should keep to itself.
It obviously replace the hostname to which it is supposed to proxy, by his own hostname 
before returning this error message. But it seems to forget to also replace the port by 
its own port.
The second problem, if it returns this error in the first place, seems to indicate that 
there is somewhere, in addition, a communications issue between the F5 and the Apache 
httpds. The F5 is obviously never getting a response from the httpds.
What is between the F5 and the httpds ? It looks like whatever it is, allows packets from

the F5 *to* a httpd but maybe not return packets *from* the httpd to the F5
(or they get wrongly routed back).
I have seen this kind of issue before, with servers hosted "in the cloud".


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message