Mailing-List: contact users-help@tomcat.apache.org; run by ezmlm
Precedence: bulk
Reply-To: "Tomcat Users List" <users@tomcat.apache.org>
MIME-Version: 1.0
In-Reply-To: <CAAOQ9-u6-rzLHqM5o+NA2T42igMs4Y80J4WA-aO64LZC2M2KTA@mail.gmail.com>
References: <CAAOQ9-v8AqMi3aVX84sK=n-zpvvAY=mLLoM8KFnm=12Ei1SeyA@mail.gmail.com>
 <CAGPC6zxC-6k0HDKTjaTk9GvPBYhYVy3+mYA2r_RyKiLg7Mkhng@mail.gmail.com>
 <CAGPC6zxcVjBBsY892fKZgiB7wB10ortwhYU1=fLe9jNUSEFGEA@mail.gmail.com>
 <CAGPC6zwMQH_ABToJ4PA0-GgyMzX8ksMk0QGsJXV7gLb2uAa_mA@mail.gmail.com>
 <CAAOQ9-t3dxgutZYvp6Wcy3wCqQq0_AdOpxb9+6hkUTe1x4-rxg@mail.gmail.com>
 <58ACCFB6.7060803@ice-sa.com> <CAAOQ9-sWjkiMuc0yXUJGK-71cqD1v5VUJ1r8oLhh-5FhB4HeoQ@mail.gmail.com>
 <58AED8EF.4070504@ice-sa.com> <edf80e4f-b62d-e2e2-9826-d3ef88ee7c2e@gmail.com>
 <CAAOQ9-sv_4d-ULCca33hFe7e_qraUL_JTVSjD=u2bZqj2kZtgw@mail.gmail.com>
 <CAAOQ9-ugtSMjXvGFqxDp1qX17E23LuzcG8Dth_BnUxHRALx5WA@mail.gmail.com>
 <CAAOQ9-usMb=Ogr0ArmdU=N8GgoWjA4d5Nq4MN7H6AYDwY12+Ew@mail.gmail.com> <CAAOQ9-u6-rzLHqM5o+NA2T42igMs4Y80J4WA-aO64LZC2M2KTA@mail.gmail.com>
From: Aaron Gray <aaronmgray@gmail.com>
Date: Thu, 23 Feb 2017 12:17:17 -0800
Message-ID: <CAAOQ9-svc6bZaPYddv8Tj+0=RYi3DHRCx5haiOY6KhieeHUFbg@mail.gmail.com>
Subject: Re: Strange URL rewrite when reverse proxy with Apache HTTP Server
To: Tomcat Users List <users@tomcat.apache.org>
Content-Type: multipart/alternative; boundary=94eb2c074e7ee77dba0549384d28
archived-at: Thu, 23 Feb 2017 20:17:48 -0000

--94eb2c074e7ee77dba0549384d28
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

Another weird thing...

If you go to:
https://loadbalancer.domain.com/SelfService
If I am viewing the headers immedaitely I see 302 not found.  Then I wait
the 30 sec for it to totally fail and change the URL in the browser to
https://loadbalancer.domain.com:232700/SelfService

If you just remove the :232700 and hit Enter, it then loads properly.  See
immedaitly 200 OK and it is fine.  Don't navigate anywhere else like to
https://loadbalancer.domain.com/static or else you'll have to repeat the
same thing as above with the :232700 and removing it, hit Enter.

Weird.

Of course none of this is an issue if you dont hit it with the F5 Load
Balancer to start.

On Thu, Feb 23, 2017 at 10:24 AM, Aaron Gray <aaronmgray@gmail.com> wrote:

> I randomly tried https://loadbalancer.domain.com/SelfService/index.html
>
> It works perfectly.  No issues.  I have no idea why its needed to add on
> the /index.html (i'm lucky this exists in the tomcat .war, as it was a
> guess).  This is visually not appealing, but workable.  Maybe I can do so=
me
> url rewrite or something, IF this cant be fixed normally?
>
> On Thu, Feb 23, 2017 at 10:10 AM, Aaron Gray <aaronmgray@gmail.com> wrote=
:
>
>> Okay, guys, please accept my most sincere apology on this thing.  I just
>> figured 1 thing out.
>>
>> browser -> f5:443 -> httpd (23270, https) -> tomcat (http)
>> using the /static works! (see below)
>>
>> If /static/index.html wasnt specified, then it hangs, then comes back as
>> https://loadbalancer.domain.com:23270/static
>> But if you go https://loadbalancer.domain.com/static/index.html it
>> works!!!
>>
>> DirectoryIndex index.html
>> is present.  because if you just go to https://webserver1:23270/static
>> it works fine, no need for the extra /index.html
>>
>> not sure why that is different there.
>>
>> I only found this out using curl and just happened to think of it.
>> So you see the difference, from the tomcat access log, in the two
>> variations.
>>
>> 172.18.160.66 - - [23/Feb/2017:10:00:48 -0800] "GET /static HTTP/1.1" 30=
2
>> -
>> 172.18.160.66 - - [23/Feb/2017:10:03:04 -0800] "GET /static/index.html
>> HTTP/1.1" 200 32
>>
>> Still /SelfService wont work though
>> I cant think of a way to do /SelfService/something...
>> Since it is a web app and i am no developer and its all from the vendor
>> (BMC Software) and it never shows naything other than /SelfService in th=
e
>> URL.  I dont think its a frame, but once again i dont know these things.=
  I
>> know they told me it is HTML5, as it was using Silverlight back in the
>> older release.
>>
>>
>> On Thu, Feb 23, 2017 at 9:22 AM, Aaron Gray <aaronmgray@gmail.com> wrote=
:
>>
>>> Working with my F5 guy, we had an idea, since 80/tcp and 443/tcp were
>>> already open to the VIP on the F5, we simply turned of 80 -> 443 redire=
ct
>>> on the F5, and then configured the F5 to use the non-HTTP port in Apach=
e
>>> HTTP Server (the two backend servers).  So its HTTP the entire way thro=
ugh,
>>> and the same issue persisted.
>>>
>>> browser -> F5(http) -> httpd(http port) -> tomcat(http port, nonssl)
>>>
>>> So i think i can rule out any possibility that the fact I was
>>> terminating SSL in Apache HTTP Server then proxying clear-text back as =
a
>>> reason.  It worked fine like I said if you just go direct to the HTTP
>>> Server and slip the F5.   And F5 works landing the /healthcheck.html (H=
TTP
>>> KeepAlive in the root, which isnt proxied), so all good there.  Just ca=
nt
>>> /SelfService (configured w/ Proxy)
>>>
>>> thanks for your support here though.
>>>
>>> On Thu, Feb 23, 2017 at 9:12 AM, Aaron Gray <aaronmgray@gmail.com>
>>> wrote:
>>>
>>>> SSLProxyEngine On
>>>> Was already turned on this entire time inside the ssl.conf (I include
>>>> it) VirtualHost section.
>>>>
>>>> I am debating turning on HTTPS in Tomcat on the backend 10.x.x.x app
>>>> server, and then HTTPS the whole way through and see if that makes any
>>>> difference.  I may need to request a new firewall to be opened, which =
is
>>>> not able to open until 3/2.  Gonna see.
>>>>
>>>>
>>>> On Thu, Feb 23, 2017 at 8:22 AM, Antonio S. Cofi=C3=B1o <cofinoa@gmail=
.com>
>>>> wrote:
>>>>
>>>>>
>>>>> On 23/02/17 12:43, Andr=C3=A9 Warnier (tomcat) wrote:
>>>>>
>>>>>> On 22.02.2017 19:22, Aaron Gray wrote:
>>>>>>
>>>>>>> So this is interesting.
>>>>>>>
>>>>>>> So from HTTP server #1 (172.1.1.1 example) I hit:
>>>>>>> https://172.1.1.1:23270/static and I see this in the HTTP log:
>>>>>>> 172.1.1.1 - - [22/Feb/2017:10:14:48 -0800] "GET /static/ HTTP/1.1"
>>>>>>> 200 32
>>>>>>> I see this in the Tomcat log:
>>>>>>> 172.1.1.1 - - [22/Feb/2017:10:14:48 -0800] "GET /static/ HTTP/1.1"
>>>>>>> 200 32
>>>>>>> ((( Yes I know they look identical, but the logformat is the same,
>>>>>>> so it
>>>>>>> comes out looking the same, but they are  two diff log files totall=
y
>>>>>>> )))
>>>>>>>
>>>>>>> I then hit the https://loadbalancer.domain.com/static from my Win10
>>>>>>> laptop
>>>>>>>   (10.1.1.2 example)
>>>>>>> and I see this in the HTTP server #1 log, but NOTHING in the tomcat
>>>>>>> access
>>>>>>> log.
>>>>>>> 10.1.1.2 - - [22/Feb/2017:10:20:02 -0800] "-" 408 -
>>>>>>>
>>>>>>> So 408.  Timeout.  Hmm... Why?  We KNOW that it can connect from
>>>>>>> http ->
>>>>>>> tomcat:18080 perfectly.   So is it a timeout BACK to the F5? That i
>>>>>>> dont
>>>>>>> know yet.
>>>>>>>
>>>>>>
>>>>>> It looks as if, in that case, httpd is trying to connect to tomcat,
>>>>>> but
>>>>>> - either it /is/ connecting, and sending the request, but tomcat
>>>>>> never answers
>>>>>> - or it is connecting to something else, which isn't tomcat
>>>>>> (but which accepts the request and doesn't answer either)
>>>>>>
>>>>>> I am not *sure*, but I believe, that if httpd was trying to connect
>>>>>> to something that isn't tomcat, and is not listening on port 18080, =
it
>>>>>> would get a different error, and a different logfile message.  So it=
 would
>>>>>> seem that at least the TCP connection works.
>>>>>>
>>>>>
>>>>>
>>>>> Is the F5 loadbalancer configured to make reverse proxy to a SSL http=
?
>>>>> The directive SSLProxyEngine onthe F5 loadbalencer has to be enabled.
>>>>> http://httpd.apache.org/docs/current/mod/mod_ssl.html#sslproxyengine
>>>>>
>>>>> If the loadbalancer it's delegating the SSL work to the server1
>>>>> server1 https listen =3D 172.1.1.1:23270
>>>>>
>>>>> then the F5 could be connecting as http regular TCP connection to a
>>>>> SSL TCP one and therefor the SSL handshake it's not happening.
>>>>>
>>>>> Antonio
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>> Now there is still a puzzle there : when you connect as
>>>>>> browser --> httpd --> tomcat
>>>>>> then everything works : httpd connects to tomcat, sends a request,
>>>>>> gets a response, and returns it to the browser.
>>>>>>
>>>>>> But when you do the same as :
>>>>>> browser --> F5 --> httpd --> tomcat
>>>>>> it "does not work", and the problem seems to be at httpd --> tomat
>>>>>> Why would it make a difference in httpd --> tomcat, if it is either
>>>>>> the browser or the F5 which sends the request to httpd ?
>>>>>> the httpd --> tomcat connection should be the same, no matter what.
>>>>>>
>>>>>> Hmm, for now as puzzled as you are.
>>>>>> Maybe we have a quantum phenomenon here, where the mere fact of you
>>>>>> looking at the logfile, changes what happened beforehand. Just kiddi=
ng.
>>>>>>
>>>>>> Informational note : the Apache access log line, is written when
>>>>>> Apache *has finished* processing the request (including the possible
>>>>>> round-trip through tomcat) and has sent the response to the client. =
(That's
>>>>>> because, for example, it can also write the time spent, and the size=
 of the
>>>>>> response; so it has to know those before it can write the log line).
>>>>>> I presume that it is the same for tomcat.
>>>>>> Just mentioning this, so that you would maybe have a second look at
>>>>>> the tomcat access log, after a few minutes, to make sure that there =
really
>>>>>> is no corresponding line there.
>>>>>> It could be that tomcat actually /is/ receiving the request, and
>>>>>> processing it, but that it takes a long time, and that httpd tires o=
f
>>>>>> waiting and already times out in the meantime. In such a case, you w=
ould
>>>>>> probably see an error some time later in the tomcat error log, when =
it is
>>>>>> trying to eventually return the response, and finds a closed connect=
ion
>>>>>> instead.
>>>>>> Now again, why it would do that in one case and not the other, is
>>>>>> still a mystery.
>>>>>>
>>>>>> Another note : in the "timeout" log line above, httpd is not showing
>>>>>> the request URL which triggered this timeout.
>>>>>> a) it may be showing some additional information in the Apache error
>>>>>> log
>>>>>> b) these exists an httpd add-on module (mod_log_forensic ?) which
>>>>>> could provide more details in the log, about what happens precisely
>>>>>>
>>>>>>
>>>>>>
>>>>>>> On Tue, Feb 21, 2017 at 3:39 PM, Andr=C3=A9 Warnier (tomcat) <
>>>>>>> aw@ice-sa.com>
>>>>>>> wrote:
>>>>>>>
>>>>>>> On 21.02.2017 23:28, Aaron Gray wrote:
>>>>>>>>
>>>>>>>> Antonio:  The Tomcat server has no knowledge of the F5, or that it
>>>>>>>>> is
>>>>>>>>> being
>>>>>>>>> fronted by an Apache HTTP Server.  I do SSL termination in Apache
>>>>>>>>> HTTP
>>>>>>>>> Server, and clear-text from HTTP to Tomcat.
>>>>>>>>> My redirect port for the normal HTTP listen in Tomcat is commente=
d
>>>>>>>>> out.
>>>>>>>>>       <Connector port=3D"18080" protocol=3D"HTTP/1.1"
>>>>>>>>>                  connectionTimeout=3D"20000" />
>>>>>>>>>       <!-- A "Connector" using the shared thread pool-->
>>>>>>>>>       <!--
>>>>>>>>>       <Connector executor=3D"tomcatThreadPool"
>>>>>>>>>                  port=3D"8080" protocol=3D"HTTP/1.1"
>>>>>>>>>                  connectionTimeout=3D"20000"
>>>>>>>>>                  redirectPort=3D"8443" />
>>>>>>>>>       -->
>>>>>>>>>
>>>>>>>>> Andre:
>>>>>>>>> The URL I am using is https://loadbalancer.domain.com
>>>>>>>>> It is listening on port 80 and 443, if you hit 80, internally it
>>>>>>>>> redirects
>>>>>>>>> you to 443.  No SSL cert on the F5 load balancer.  It simply send=
s
>>>>>>>>> the
>>>>>>>>> traffic to one of the two HTTP servers (round-robin, also tried
>>>>>>>>> persistence, no difference).  The HTTP server is listening only
>>>>>>>>> for HTTPS
>>>>>>>>> on 23270/tcp.
>>>>>>>>> When I access these DMZ webservers via the F5 load balancer (to
>>>>>>>>> which I
>>>>>>>>> dont have access to, but the network folks configure for me), it
>>>>>>>>> hangs.
>>>>>>>>> Eventually returns: server1 https listen =3D 172.1.1.1:23270
>>>>>>>>>
>>>>>>>>> https://loadbalancer.domain.com:23270/SelfService
>>>>>>>>> cant load.
>>>>>>>>>
>>>>>>>>> No idea why the URL is being re-written with the ":23270".
>>>>>>>>> I added static content to the server.xml on 10.1.1.1 (Tomcat) to
>>>>>>>>> test:
>>>>>>>>> <Context docBase=3D"/path/to/tomcat/static" path=3D"/static" />
>>>>>>>>> Then put a simple index.html in there.  Accessing via the Apache
>>>>>>>>> Web
>>>>>>>>> Servers works fine, but if you hit it with the Load Balancer it
>>>>>>>>> once
>>>>>>>>> again
>>>>>>>>> adds the https://loadbalancer.domain.com:23270/static
>>>>>>>>>
>>>>>>>>> Hitting https://loadbalancer.domain.com
>>>>>>>>> I see my "Hello world!" which is all that is in index.html. This
>>>>>>>>> is the
>>>>>>>>> DocumentRoot of HTTP, and *not* proxied over at this time.
>>>>>>>>>
>>>>>>>>>
>>>>>>>> So in this case, there is no delay, and you get the Apache
>>>>>>>> httpd-hosted
>>>>>>>> "index.html" containing "Hello World. Right ?
>>>>>>>>
>>>>>>>>    Only
>>>>>>>>
>>>>>>>> /SelfService and /static are proxied
>>>>>>>>> /static just being my test of static content, but still served up
>>>>>>>>> by
>>>>>>>>> Tomcat..
>>>>>>>>>
>>>>>>>>> It's exactly 30 seconds before the page cannot be loaded when
>>>>>>>>> trying
>>>>>>>>> anything proxied to Tomcat, but also accessed via the F5 load
>>>>>>>>> balancer.
>>>>>>>>> Not sure where the 30 seconds comes from; perhaps a load balancer
>>>>>>>>> time
>>>>>>>>> out,
>>>>>>>>> as I dont see a "30" in my httpd configurations or my tomcat
>>>>>>>>> server.xml
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> You can certainly look at the Apache httpd logs, and the tomcat
>>>>>>>> logs, to
>>>>>>>> see if you get a request or not.
>>>>>>>> In Apache httpd, you can set the loglevel individually for
>>>>>>>> mod_proxy (if
>>>>>>>> you are running v 2.4), and it should show something if it gets th=
is
>>>>>>>> request and forwards it to tomcat.
>>>>>>>> In tomcat, you can either enable an access log (which will show if
>>>>>>>> it
>>>>>>>> receives this request), or you could temporarily remove/rename the
>>>>>>>> /static
>>>>>>>> webapp. This way, it should trigger an error "not found" which you
>>>>>>>> would
>>>>>>>> also see in the error log.
>>>>>>>>
>>>>>>>> There should be nothing between them to hinder it.  We have many
>>>>>>>> load
>>>>>>>>
>>>>>>>>> balancers and this one specifically you dont need to open any
>>>>>>>>> firewall
>>>>>>>>> requests for the specific networks the HTTP servers are on. I did
>>>>>>>>> have to
>>>>>>>>> get the firewall opened up to allow me to hit
>>>>>>>>> https://loadbalancer.domain.com because the VIP for "
>>>>>>>>> loadbalancer.domain.com"
>>>>>>>>> is in the DMZ, and my Desktop & VPN networks cannot hit it on
>>>>>>>>> 80/443
>>>>>>>>> without opening holes.  But beyond that, any connection from the
>>>>>>>>> F5 to the
>>>>>>>>> HTTP Server should be 100% open bi-directional, since same subnet=
.
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> But something isn't working, otherwise you would not be asking.
>>>>>>>> So,
>>>>>>>>
>>>>>>>> a) hitting the tomcat webapps through httpd seems to be working fi=
ne
>>>>>>>>    (browser -> httpd:23270 -> tomcat:18080 -> webapp or static)
>>>>>>>>
>>>>>>>> b) hitting a non-proxied-to-tomcat resource of httpd seems to work
>>>>>>>> fine
>>>>>>>> too, even through the F5
>>>>>>>>    (browser -> F5:443 -> httpd:23270 -> html page)
>>>>>>>>
>>>>>>>> c) it is only when you do :
>>>>>>>>    (browser -> F5:443 -> httpd:23270 -> tomcat:18080 -> webapp or
>>>>>>>> static)
>>>>>>>>    that you see this issue
>>>>>>>>
>>>>>>>> It would really help if you looked in the logs of both httpd and
>>>>>>>> tomcat,
>>>>>>>> and checked for differences betweens cases a, b and c above.
>>>>>>>>
>>>>>>>> I believe that the F5 message with the port 23270 is a minor issue=
,
>>>>>>>> of
>>>>>>>> information disclosure by the F5, that it should not disclose.
>>>>>>>>
>>>>>>>> But the reason why it returns this error is obviously that in that
>>>>>>>> case,
>>>>>>>> it does not get a response from his request to httpd.
>>>>>>>> The reason for this response not coming back to the F5 (in case c
>>>>>>>> only),
>>>>>>>> can be due to either httpd or tomcat. But F5 doesn't know about
>>>>>>>> tomcat. So
>>>>>>>> for the F5, it is httpd which is not responding. Thus,
>>>>>>>> - either httpd is never getting the request from the F5 (unlikely,
>>>>>>>> because
>>>>>>>> in b above it gets it and responds)
>>>>>>>> - or httpd is getting the request from the F5, but not forwarding
>>>>>>>> it to
>>>>>>>> tomcat, but also not returning an immediate error response to F5
>>>>>>>> (which
>>>>>>>> seems also unlikely, because of a and b)
>>>>>>>> - or httpd is getting the request, forwarding it to tomcat, but no=
t
>>>>>>>> getting a response from tomcat. So
>>>>>>>>    - either tomcat is never getting the request from httpd (but in
>>>>>>>> a, it
>>>>>>>> gets it)
>>>>>>>>    - or tomcat is getting the request from httpd, but not
>>>>>>>> responding (but
>>>>>>>> in a, it does)
>>>>>>>>    - or tomcat is getting the request and responding, but the
>>>>>>>> response
>>>>>>>> never gets back to httpd (but in a, it does)
>>>>>>>>
>>>>>>>> So if a and b and c are all accurate, there is something apparentl=
y
>>>>>>>> illogical happening.
>>>>>>>> This would lead to the conclusion that a and b and c cannot all be
>>>>>>>> accurate.
>>>>>>>>
>>>>>>>> The logs.. ?
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> On Tue, Feb 21, 2017 at 2:05 PM, Antonio S. Cofino <
>>>>>>>> cofinoa@gmail.com>
>>>>>>>>
>>>>>>>>> wrote:
>>>>>>>>>
>>>>>>>>> Aaron, on tomcat instances change the redirectPort attributte on
>>>>>>>>> the http
>>>>>>>>>
>>>>>>>>>> conect=C3=B3 to the loabbalancer's port 443
>>>>>>>>>>
>>>>>>>>>> My guess is that your webapp has restriction rule requesting SSL
>>>>>>>>>> con
>>>>>>>>>> fidntial channel. Therefore the non-confidential to the 18080
>>>>>>>>>> port from
>>>>>>>>>> the
>>>>>>>>>> balancer are redirected to the 23270 port, but it should be 443.
>>>>>>>>>>
>>>>>>>>>> Antonio
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> El 21/2/2017 19:46, "Aaron Gray" <aaronmgray@gmail.com> escribi=
=C3=B3:
>>>>>>>>>>
>>>>>>>>>> I have an application server from a vendor that comes bundled
>>>>>>>>>> with an
>>>>>>>>>> additional Apache Tomcat server.  The webapp SelfService.war is
>>>>>>>>>> vendor
>>>>>>>>>> supplied too.
>>>>>>>>>>
>>>>>>>>>> Here's my problem (IP's replaced to protect the innocent):
>>>>>>>>>>
>>>>>>>>>> networks:
>>>>>>>>>> DMZ=3D172.x.x.x
>>>>>>>>>> INTERNAL=3D10.x.x.x
>>>>>>>>>>
>>>>>>>>>> server1 https listen =3D 172.1.1.1:23270
>>>>>>>>>> server2 https listen =3D 172.1.1.2:23270
>>>>>>>>>> F5 load balancer hostname =3D loadbalancer.domain.com:443
>>>>>>>>>> backend tomcat server =3D 10.1.1.1:18080
>>>>>>>>>>
>>>>>>>>>> mod_proxy configuration:
>>>>>>>>>> ProxyPass /SelfService http://10.1.1.1:18080/SelfService
>>>>>>>>>> ProxyPassReverse /SelfService http://10.1.1.1:18080/SelfService
>>>>>>>>>>
>>>>>>>>>> When I access these DMZ webservers which mod_proxy back to Apach=
e
>>>>>>>>>> Tomcat
>>>>>>>>>> as:
>>>>>>>>>> https://172.1.1.1:23270/SelfService
>>>>>>>>>> and
>>>>>>>>>> https://172.1.1.2:23270/SelfService <
>>>>>>>>>> https://172.1.1.1:23270/SelfService
>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> They load properly. Perfectly, every time!
>>>>>>>>>>
>>>>>>>>>> When I access these DMZ webservers via the F5 load balancer (to
>>>>>>>>>> which I
>>>>>>>>>> dont have access to, but the network folks configure for me), it
>>>>>>>>>> hangs.
>>>>>>>>>> Eventually returns:
>>>>>>>>>> https://loadbalancer.domain.com:23270/SelfService
>>>>>>>>>> cant load.
>>>>>>>>>>
>>>>>>>>>> No idea why the URL is being re-written with the ":23270".
>>>>>>>>>> I added static content to the server.xml on 10.1.1.1 (Tomcat) to
>>>>>>>>>> test:
>>>>>>>>>> <Context docBase=3D"/path/to/tomcat/static" path=3D"/static" />
>>>>>>>>>> Then put a simple index.html in there.  Accessing via the Apache
>>>>>>>>>> Web
>>>>>>>>>> Servers works fine, but if you hit it with the Load Balancer it
>>>>>>>>>> once
>>>>>>>>>> again
>>>>>>>>>> adds the https://loadbalancer.domain.com:23270/static
>>>>>>>>>>
>>>>>>>>>> Do you have any thoughts?  Thanks so much, I have been working
>>>>>>>>>> with this
>>>>>>>>>> for weeks now with no success
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>
>>>>>>>> ------------------------------------------------------------
>>>>>>>> ---------
>>>>>>>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>>>>>>>> For additional commands, e-mail: users-help@tomcat.apache.org
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>
>>>>>> --------------------------------------------------------------------=
-
>>>>>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>>>>>> For additional commands, e-mail: users-help@tomcat.apache.org
>>>>>>
>>>>>>
>>>>>
>>>>> ---------------------------------------------------------------------
>>>>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>>>>> For additional commands, e-mail: users-help@tomcat.apache.org
>>>>>
>>>>>
>>>>
>>>
>>
>

--94eb2c074e7ee77dba0549384d28--