tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From André Warnier (tomcat) ...@ice-sa.com>
Subject Apache httpd / tomcat AJP connector(s?)
Date Wed, 24 Apr 2019 09:58:17 GMT
Hi.

This is somewhat of an arcane question and somewhat straddling httpd and tomcat, so if I'm

on the wrong list for this, just let me know.

The question is : is there any particular reason why the combination mod_proxy + 
mod_proxy_ajp (in httpd), does not seem to follow the ProxyPreserveHost directive, when 
proxying something from httpd to tomcat ?

Re :
- http://httpd.apache.org/docs/2.4/mod/mod_proxy.html#proxypreservehost
quote : "When enabled, this option will pass the Host: line from the incoming request to 
the proxied host, instead of the hostname specified in the ProxyPass line."
- https://httpd.apache.org/docs/current/mod/mod_proxy_ajp.html
quote : "Note that usually no ProxyPassReverse directive is necessary. The AJP request 
includes the original host header given to the proxy, and the application server can be 
expected to generate self-referential headers relative to this host, so no rewriting is 
necessary."
- http://tomcat.apache.org/tomcat-8.5-doc/config/ajp.html#Proxy_Support

case :
Apache/2.4.25 (Debian)
Apache Tomcat/8.5.14 (Debian)
(on the same host "debx-dev")

(Note: the configuration listed below is fictitious, interpreted/anonymised/summarised for

the sake of example. I may thus have committed some typo/error; but I hope it provides a 
clear enough idea).

# uname -a
Linux debx-dev 4.9.0-8-amd64 #1 SMP Debian 4.9.144-3.1 (2019-02-19) x86_64 GNU/Linux

On "debx-dev" :
/etc/hosts :
127.0.0.1 localhost myvhost.com mytomcathost.com

httpd config :
...
<VirtualHost *:80>
   Servername myvhost.com
...
ProxyPass /mypath ajp://mytomcathost.com:8009/mypath
ProxyPassReverse / ajp://mytomcathost.com:8009/
ProxyPreserveHost on
...
</VirtualHost>

tomcat server.xml :

...
     <Connector port="8009" protocol="AJP/1.3" redirectPort="8443"
         proxyName="something-different.com"  />
...
     <Engine name="Catalina" defaultHost="localhost">
...
       <Host name="localhost"  appBase="webapps"
             unpackWARs="true" autoDeploy="true">
         <Alias>myvhost.com</Alias>
	<Alias>mytomcathost.com</Alias>
...
	</Host>

Request sent to httpd with URL like : http://myvhost.com/mypath
Received "Host" header in httpd :

Host: myvhost.com

Request proxied to tomcat according to above config.

Received "Host" header in tomcat :

Host: mytomcathost.com

?

- Setting "ProxyPreserveHost off" in httpd does not change the behaviour in any obvious way
- removing or modifying the "proxyName" attribute in the Connector does not change the 
content of the received Host header in any way (*); neither do the <Alias> directives

inside the <Host>

According to the documentation referenced above, I would expect that the Host header as 
received by tomcat would be

Host: myvhost.com

but that does not seem to be the case.

So is this a case of the documentation being wrong, or me misunderstanding it, or a 
feature in mod_proxy/mod_proxy_ajp, or a bug in mod_proxy/mod_proxy_ajp, or something else
?

(*) this may well be changing the result of request.getServerName() and 
request.getServerPort() methods in tomcat, and I have not tested that.
But the point here concerns the received "Host" header itself.

(**) I have not really tested this right now, but I believe that when using mod_proxy + 
mod_proxy_http, to proxy requests to tomcat over HTTP, the ProxyPreserveHost directive 
*does* change the request Host header content.
(It definitely does when the back-end system proxied-to is another Apache httpd instead of

tomcat)

-----------------

Note : in a more general sense, I would suggest this additionally :
(I am mentioning this here, just in case such options would be handled by mod_proxy_ajp 
rather than mod_proxy per se, and could be looked at at the same time as the main issue 
above).

In httpd, the "ProxyPass" directive admits a series of "options" such as
ProxyPass [path] !|url [key=value [key=value ...]] [nocanon] [interpolate] [noquery]
These have an effect on /this/ ProxyPass directive only (as opposed to /all/ ProxyPass 
directives).
The "ProxyPreserveHost" on the other hand seems "global" in effect, which seems to not 
allow doing this selectively, maybe depending on the request URI or the back-end host 
being proxied to.

It would seem more flexible (and clear) to implement the ProxyPreserveHost selectively, as

one of the options of the ProxyPass directive, like e.g.

ProxyPass /mypath ajp://mytomcathost.com:8009/mypath preservehost=[on|off]

(It may even be possible to handle this in such a way as to "override" the global 
ProxyPreserveHost directive, so as to preserve backward configuration compatibility).

Thank you.



---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message