Win a copy of The Java Performance Companion this week in the Performance forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Apache prox to tomcat image problems

 
Joseph Swager
Ranch Hand
Posts: 41
IntelliJ IDE Java Spring
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Ok i hope i posted in the correct forum. So i installed tomcat and apache to act as the proxy.

Im getting the html proxyed, but the images in the tomcat container are not being displayed and the css files in the that container are not being applied.

I'm using ProxyPass ProxyPassReverse in the httpd.conf file.

The sight is 100% jsp no straight html. So i need everything that's passed back to be forwarded back to the apache proxy.
I know the quick fix is making tomcat root user and dropping down to the normal ports of 80 443, but I do not want to lose the security of keeping tomcat's user "tomcat"

Please if anyone knows a good tutorial or examples of how this is done please let me know.

Thanks,
Joe

PS if their is another way for port 80 to be picked up and forwarded to tomcat please let me know.
 
Joseph Swager
Ranch Hand
Posts: 41
IntelliJ IDE Java Spring
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hey I found a better option that fixed all my problems.

# prevent Apache from running on startup
chkconfig --del httpd
# stop Apache from running right now
/etc/rc.d/init.d/httpd stop
# tell iptables to forward incoming requests on port 80 to tomcat
/sbin/iptables -t nat -I PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 8080
# save the iptable rules
/sbin/iptables-save
# make sure iptables starts up by default after a server restart
chkconfig --level 35 iptables on

This worked like a charm and kept my security in tact.

Any drawbacks?

Thanks,

Joe
 
Tim Holloway
Saloon Keeper
Pie
Posts: 18212
53
Android Eclipse IDE Linux
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Nope, as long as you don't need anything other than J2EE on port 80, that's one of the simplest ways to have a Tomcat running without reconfiguring the ports to use port 80 directly. Which isn't recommended, since that requires Tomcat to run as a root user.

If you need non-tomcat services, you'll have to put up a full-blown proxy server, but otherwise, you're fine.
 
Pete Nelson
Ranch Hand
Posts: 147
Debian Eclipse IDE Tomcat Server
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Another option, if you only need it on port 80, would be to change Tomcat's server.xml, specifically the HTTP connector's port attribute. No need to alter your system's iptables this way.
 
Tim Holloway
Saloon Keeper
Pie
Posts: 18212
53
Android Eclipse IDE Linux
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Pete Nelson wrote:Another option, if you only need it on port 80, would be to change Tomcat's server.xml, specifically the HTTP connector's port attribute. No need to alter your system's iptables this way.


However in Linux/Unix systems, listening on port 80 requires that the listener process is running with root privileges. Which means that anyone who can suborn Tomcat can potentially own the entire server - not to mention any other servers whose security depends on no network-internal funny business.

The IPTABLES approach is much safer, because it allows Tomcat to run as an ordinary (non-privileged) user, thus limiting the potential for mischief.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic