• Post Reply Bookmark Topic Watch Topic
  • New Topic

semi complex httpd -> tomcat proxy setup issues  RSS feed

 
Derek Murphy
Greenhorn
Posts: 25
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hiya,
Here's the scoop.

1 apache 2.0.52 server
1 tomcat 6.0.18 server running on the same box on port 18080.

a requests come in to the apache server via a load balancer as follows

web browser -> port 80 - >load balancer ->lb redirects and handles 443 processing -> load balancer redirects (or sends) 80 traffic to the actual apache server.
apache server will then proxy to tomcat(localhost).. tomcat does some stuff, and sends it all back up the chain.

The issue I'm having is with the proxypass statements. The url names I'm dealing with change sometimes within each webapp.. like..

https://load.balanceddomain.com/applicationname -> proxies to http://internal.appserver.com:18080/web/applicationname/home
it can also...
https://load.balanceddomain.com/applicationname -> proxies to http://internal.appserver.com:18080/group/applicationname/home
and rarely could be..
https://load.balanceddomain.com/c/portal/login -> proxies to http://linternal.appserver.com:18080/c/portal/login

as I said before though.. the browser is always https, but the load balancer does all of the 443 processing, so as far as the appserver/tomcat are concerned, they just need to work on 80/18080 (i changed the port myself).

I need to come up with a modular proxypass statement, or some other alternative to allow flexibility to accomodate the 3 situations above.

Any thoughts?
 
Tim Holloway
Bartender
Posts: 18779
74
Android Eclipse IDE Linux
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
mod_jk does not use port 8080 (default) for requests from Apache. It uses a separate proxy port (8009 by default) and a special inter-server protocol protocol (ajp). It also has load balancing capabilities of its own so that one Apache can front multiple Tomcats in a cluster.

The newer proxy module does something similar.
 
Derek Murphy
Greenhorn
Posts: 25
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I'm not trying to get load balancing/clustering working in apache or tomcat. While there are 2 tomcats running on the same box, neither serve the same applications.

tomcat 5.5 - 8080
tomcat 6.0.18 - 18080

im using mod_proxy, not mod_jk. I guess more of what I need to figure out is how to do wildcard type functionality with mod_proxy/proxypass to be able to get some fancy proxying going on.
 
Derek Murphy
Greenhorn
Posts: 25
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I've gotten much further, and I think now my need has changed. Below is the config I'm working with, and now essentially all I need to figure out is how to get /discovery-warranty to always be in the URL, regardless of what someone clicks on, until they go to another location.

For example. http://www.domain.com/discovery-warranty
this needs to be authenticated with a /location directive.

there will be other /discovery-somethings that will be authenticated with a /location directive.

We have a load balancer that checks for www.domain.com/discovery-somethings and if it receives a request for www.domain.com/somethingNotDiscovery it will redirect to a main login page... so I need to make sure for each proxy statement, the url is modified/or maintained to always have discovery-something as the first part(or complete) uri, regardless of what someone clicks on while they are in a particular proxied app.




#
# Proxy back to tomcat
#
<Location /web/testwarranty>
Satisfy any
Options -FollowSymLinks -Indexes
AllowOverride None
Order deny,allow
Deny from all
Allow from env=BYPASS_AUTH

AuthLDAPEnabled on
AuthLDAPAuthoritative on
AuthName "Demo"
AuthType basic
AuthLDAPBindDN "CN=demoadmin,OU=Demo,DC=something,DC=domain,DC=com"
AuthLDAPBindPassword "somepass"
AuthLDAPURL "ldap://ldapserver:3268/DC=something,DC=domain,DC=com?sAMAccountName?sub?(objectClass=user)"
AuthLDAPGroupAttributeIsDN on

Require user "dmurphy"
</Location>

#
<Location /web/guest>
Satisfy any
Options -FollowSymLinks -Indexes
AllowOverride None
ReWriteEngine on
Order deny,allow
Deny from all
Allow from env=BYPASS_AUTH

AuthLDAPEnabled on
AuthLDAPAuthoritative on
AuthName "Demo"
AuthType basic
AuthLDAPBindDN "CN=demoadmin,OU=Demo,DC=something,DC=domain,DC=com"
AuthLDAPBindPassword "somepass"
AuthLDAPURL "ldap://ldapserver:3268/DC=something,DC=domain,DC=com?sAMAccountName?sub?(objectClass=user)"
AuthLDAPGroupAttributeIsDN on

Require user "bwood"
</Location>

# enable the SSL proxying
#SSLProxyEngine On
RewriteEngine on
RewriteRule ^/discovery-warranty$ http://labvm42-107.lab.domain.com:18080/web/testwarranty/home

ProxyRequests off

#the proxy location (app) automatically redirects to web/guest which is why the first location is for web/guest
ProxyPass /discovery-web-guest http://labvm42-107.lab.domain.com:18080
ProxyPassReverse /discovery-web-guest http://labvm42-107.lab.domain.com:18080

ProxyPass /discovery-warranty http://labvm42-107.lab.domain.com:18080/web/testwarranty
ProxyPassReverse /discovery-warranty http://labvm42-107.lab.domain.com:18080/web/testwarranty

#This / catchall seems to be the only way to get additional page clicks to work as each click changes the url in some way.
ProxyPass / http://labvm42-107.lab.domain.com:18080/
ProxyPassReverse / http://labvm42-107.lab.domain.com:18080/
 
Tim Holloway
Bartender
Posts: 18779
74
Android Eclipse IDE Linux
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Is there any particular reason you're proxying using http instead of the ajp protocol?
 
Derek Murphy
Greenhorn
Posts: 25
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Tim Holloway wrote:Is there any particular reason you're proxying using http instead of the ajp protocol?


ignorance?

are you saying instead of..
ProxyPass /discovery-web-guest http://labvm42-107.lab.domain.com:18080
ProxyPassReverse /discovery-web-guest http://labvm42-107.lab.domain.com:18080

it should be

ProxyPass /discovery-web-guest ajp://labvm42-107.lab.domain.com:18080
ProxyPassReverse /discovery-web-guest ajp://labvm42-107.lab.domain.com:18080


If so, what does that really change? Is performance better?
 
It is sorta covered in the JavaRanch Style Guide.
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!