You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Felix Schumacher <fe...@internetallee.de> on 2013/11/01 11:37:28 UTC
Re: Multi-URL Access 1 Webapp
Am 31.10.2013 20:30, schrieb Chris Arnold:
>> mod_rewrite is what's adding the extra /share/
>> RewriteRule ^/(.*) https://192.168.123.3:8443/share/$1 [P]
>> should be something like either:
>> RewriteRule ^/(.*) https://192.168.123.3:8443/$1 [P]
> This takes me to the tomcat home page, /
If you want to be redirected to /share when the user typed /, you could
add a rewrite rule like
RewriteRule ^/$ /share [R,L]
This will match only on "/".
>
>> or:
>> RewriteRule ^/share/(.*) https://192.168.123.3:8443/share/$1 [P]
> This one gives me a 403 access denied
What happens, if you call the tomcat url directly? Do you get a cookie?
If so, which domain is it for? Maybe you have to add another directive
to rewrite the cookie domain on the way back through httpd, or
alternatively set the right domain in tomcat?
For further information you could look at
http://tomcat.apache.org/tomcat-7.0-doc/proxy-howto.html.
Regards
Felix
>
>> ..depending on whether you want to proxy all URL's to Tomcat, or just the /share ones..
> Looks like i am back to the apache list
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Multi-URL Access 1 Webapp
Posted by Chris Arnold <ca...@electrichendrix.com>.
So i was not able to get any of those to work. So i moved to the third option, mod_jk. It is loaded. I make the changes in my vhost:
#This rewrites https://share.anydomain.tld to our share server
RewriteEngine On
RewriteCond %{HTTP_HOST} ^share\.
RewriteCond %{HTTPS} on
RewriteRule ^/(.*) ajp://192.168.123.3:8443/share/$1 [P]
Got it for those of you following or will need this:
#This rewrites https://share.anydomain.tld to our share server
RewriteEngine On
RewriteCond %{HTTP_HOST} ^share\.
RewriteCond %{HTTPS} on
RewriteCond %{REQUEST_URI} !^/share/
RewriteRule ^/(.*) https://share.example.com:xxxx/share/ [P]
JkMount /share/* worker1
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Multi-URL Access 1 Webapp
Posted by Christopher Schultz <ch...@christopherschultz.net>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Chris,
On 11/1/13, 5:51 PM, Christopher Schultz wrote:
> The above is not using mod_jk. If you are using mod_jk, then you
> are either using the "JkMount" directive, or the "SetHandler jk"
> directive. Anything else is using mod_proxy_(http|ajp).
Apologies, that should have been :
"
SetHandler jakarta-servlet
SetEnv JK_WORKER_NAME my_worker
"
- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.15 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iQIcBAEBCAAGBQJSdCaRAAoJEBzwKT+lPKRYVUcP+QGYk4PoATGximR2Na8jHDc2
+hnPZvwQN582xgzUyfcbWr7W/5VNudhjr2hW/rfdjp/Qq2WcZgImQpKs3AoHBT+C
bHj5h9vPEdZnz/96RmZXOi0/apUFT6TorAkhzP/IX5ojtO2h8z74G8Y8/0UqmrT+
AECvkQgTwDN3U3T1vz8g3bboApwlGtjsQ5fkHOTpGkML9q/dePJzVgFJ1JlorrHo
AV++TJRTo9knnAXcLXoB4pP3m2cJjN2byyIKL0nQNCB+YgM/cneeGXQeFjsyHJz1
+pJf+Q9ouiVbm/yPxEbYEeaZnYFPXKdZAMtZiFeXMWVxbBMdsPY1nZnqMjXhc9qM
7rW3xxZ9m91p90TP2Y1QLcHvns24qY2D6ZuRnXrRL115yFiFUU8pbtA88NonbOlb
A/sXW/XdYGNusVhZqL8MSy44pVgidP4aBMuCnwjIerXbE54WQfFcK9q3aR/nV+RI
hj9FDQxzNVkdJD5sd0UNVMcMosCcYfXJQtJ1Ve0R9CkI6y8x34M2wIYaxnkkRE+J
dfVhNhIu65KkOxhgE+XloZuN+b5N5RzEUoJ6brNi4ZWmEkMGi078nH5bS+2cOKtD
CeJVyC51mIrdD5lOSoMt6ALbK9jZzs4Loq1znStkCnorWVRZ/AjIvSqWtVV7SWqT
AshoB/usIBavuSfGtMMm
=550X
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Multi-URL Access 1 Webapp
Posted by Christopher Schultz <ch...@christopherschultz.net>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Chris,
On 11/1/13, 1:16 PM, Chris Arnold wrote:
> Am 31.10.2013 20:30, schrieb Chris Arnold:
>>> mod_rewrite is what's adding the extra /share/ RewriteRule
>>> ^/(.*) https://192.168.123.3:8443/share/$1 [P] should be
>>> something like either: RewriteRule ^/(.*)
>>> https://192.168.123.3:8443/$1 [P]
>> This takes me to the tomcat home page, /
> If you want to be redirected to /share when the user typed /, you
> could add a rewrite rule like RewriteRule ^/$ /share [R,L] This
> will match only on "/".
>>
>>> or: RewriteRule ^/share/(.*)
>>> https://192.168.123.3:8443/share/$1 [P]
>> This one gives me a 403 access denied
>
> Here is a response from the apache list: <snip> what is happening
> is when you go to https://share.example.com, Tomcat tries to
> redirect you to /xxx/xxx/ If you go directly to
> https://share.example.com/2ndpage/ then you get the login form, but
> none of the resources (images, css) that should go along with it.
> (I do not know why proxy is not working directly to the root, it
> would probably be a lot of trouble to investigate.)
>
> In general, that is the point of ProxyPassReverse: to catch this
> type of response and rewrite it. We did not look at that much, but
> it could potentially solve the problem. I suspect it would need to
> be something like (one or both, depending on exactly what is
> happening) ProxyPassReverse / https://192.168.123.3:8443/xxx/
> ProxyPassReverse / https://share.example.com/xxx/
>
> Another option is to look for a setting in Tomcat that would remove
> /xxx. I don't know anything about alfresco, so I am not sure where
> to start with that.
>
> A third option might be to use mod_jk instead of Proxy, but I don't
> know exactly how to do that either. </snip>
>
> So i was not able to get any of those to work. So i moved to the
> third option, mod_jk. It is loaded. I make the changes in my
> vhost: #This rewrites https://share.anydomain.tld to our share
> server RewriteEngine On RewriteCond %{HTTP_HOST} ^share\.
> RewriteCond %{HTTPS} on RewriteRule ^/(.*)
> ajp://192.168.123.3:8443/share/$1 [P]
The above is not using mod_jk. If you are using mod_jk, then you are
either using the "JkMount" directive, or the "SetHandler jk"
directive. Anything else is using mod_proxy_(http|ajp).
> This gives internal server error 500 when going to
> https://share.example.com. Here are the apache logs:
>
> Fri Nov 01 12:49:32 2013] [notice] Apache/2.2.12 (Linux/SUSE)
> mod_ssl/2.2.12 OpenSSL/0.9.8j-fips mod_jk/1.2.26 PHP/5.2.14 with
> Suhosin-Patch mod_perl/2.0.4 Perl/v5.10.0 configured -- resuming
> normal operations [Fri Nov 01 12:49:41 2013] [warn] proxy: No
> protocol handler was valid for the URL /. If you are using a DSO
> version of mod_proxy, make sure the proxy submodules are included
> in the configuration using LoadModule. [Fri Nov 01 12:49:41 2013]
> [warn] proxy: No protocol handler was valid for the URL
> /error/HTTP_INTERNAL_SERVER_ERROR.html.var. If you are using a DSO
> version of mod_proxy, make sure the proxy submodules are included
> in the configuration using LoadModule. [Fri Nov 01 12:50:07 2013]
> [warn] proxy: No protocol handler was valid for the URL
> /share/page/. If you are using a DSO version of mod_proxy, make
> sure the proxy submodules are included in the configuration using
> LoadModule. [Fri Nov 01 12:50:07 2013] [warn] proxy: No protocol
> handler was valid for the URL
> /error/HTTP_INTERNAL_SERVER_ERROR.html.var. If you are using a DSO
> version of mod_proxy, make sure the proxy submodules are included
> in the configuration using LoadModule. [Fri Nov 01 12:50:07 2013]
> [warn] proxy: No protocol handler was valid for the URL
> /favicon.ico. If you are using a DSO version of mod_proxy, make
> sure the proxy submodules are included in the configuration using
> LoadModule. [Fri Nov 01 12:50:07 2013] [warn] proxy: No protocol
> handler was valid for the URL
> /error/HTTP_INTERNAL_SERVER_ERROR.html.var. If you are using a DSO
> version of mod_proxy, make sure the proxy submodules are included
> in the configuration using LoadModule. [Fri Nov 01 12:50:07 2013]
> [warn] proxy: No protocol handler was valid for the URL
> /favicon.ico. If you are using a DSO version of mod_proxy, make
> sure the proxy submodules are included in the configuration using
> LoadModule. [Fri Nov 01 12:50:07 2013] [warn] proxy: No protocol
> handler was valid for the URL
> /error/HTTP_INTERNAL_SERVER_ERROR.html.var. If you are using a DSO
> version of mod_proxy, make sure the proxy submodules are included
> in the configuration using LoadModule
... or not using anything at all. Only mod_proxy_ajp understands
ajp:// URLs.
> How can i get users to type in http://share.example.com and this
> land on https://share.example.com/xxx/xxx?
<VirtualHost ...>
ServerName share.example.com
RedirectPermanent / https://share.example.com/xxx/xxx?
</VirtualHost>
?
Honestly, I don't know why you don't just use a redirect instead of
trying to modify requests in-flight. Redirects are easy and set
everything up for the user with a single request/response without
having to do all kinds of backflips.
- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.15 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iQIcBAEBCAAGBQJSdCJ9AAoJEBzwKT+lPKRYBd8QAKnEaoo0h6zV7N5tGSRGlEI9
EozedC5YCnUDKx6PqR7uNUaVTY9lGIwsXSeseI0uUqNzG7OVgMJkwNZcnqEEUvpQ
6e2zQpuf1prc6sUWvISWGmydd3NzoTZilPkGMigGQc94B+KPACZdIb8rTyVZ9wl7
OSHahwlK4YPH2xzrJbDCa8j6gFxqgTUQdZhMSH+TAGkCNNw/js/zQptFGxj96CjI
+JsO16nk4O7EhGbVWtMT98p9BhM6gSwiM9JJO9tPqgOjCDUbTvmMbrhyUyJtI+dH
EKXvmEthXdnFtecrdEMJAfn3nbaoCTXJFyaeVJfc3MDagVbfPtYQlO2NVBHpItDI
jpGHjh10yr6sQCVBE7EZQZD/z2NL1OrnDw/C21ODZy+PRymzqmguSgu3f4JKgHHV
OiRHHT1FeUgwjQdaal0CnBSOlxZSsi9rYs2dOnuViGgyiklxOgKvkl6hkl2NjkTW
FqU25wRpHK++NCYRezha6PT1Ap0/ksJgV7deccIUYj9eEdkuR0ncxakpArteW/gx
vOKkPu1qJ77S71ipaw6u0g2FlmOC/6EmCs99LFBGJ3PF0hPFSpa9SREaLwQpbKrG
P5oH9qVgpmHtiK+MigkD7wHnVw2UR8AIsnzgJXz9W5anqmwU2x4dLXqQhXSguzDJ
6ugenqsbIQ5FyDX5i81A
=D8vm
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Multi-URL Access 1 Webapp
Posted by Chris Arnold <ca...@electrichendrix.com>.
Am 31.10.2013 20:30, schrieb Chris Arnold:
>> mod_rewrite is what's adding the extra /share/
>> RewriteRule ^/(.*) https://192.168.123.3:8443/share/$1 [P]
>> should be something like either:
>> RewriteRule ^/(.*) https://192.168.123.3:8443/$1 [P]
> This takes me to the tomcat home page, /
If you want to be redirected to /share when the user typed /, you could
add a rewrite rule like
RewriteRule ^/$ /share [R,L]
This will match only on "/".
>
>> or:
>> RewriteRule ^/share/(.*) https://192.168.123.3:8443/share/$1 [P]
> This one gives me a 403 access denied
Here is a response from the apache list:
<snip>
what is happening is when you go to https://share.example.com, Tomcat tries to redirect you to /xxx/xxx/
If you go directly to https://share.example.com/2ndpage/ then you get the login form, but none of the resources (images, css) that should go along with it.
(I do not know why proxy is not working directly to the root, it would probably be a lot of trouble to investigate.)
In general, that is the point of ProxyPassReverse: to catch this type of response and rewrite it. We did not look at that much, but it could potentially solve the problem.
I suspect it would need to be something like (one or both, depending on exactly what is happening)
ProxyPassReverse / https://192.168.123.3:8443/xxx/
ProxyPassReverse / https://share.example.com/xxx/
Another option is to look for a setting in Tomcat that would remove /xxx. I don't know anything about alfresco, so I am not sure where to start with that.
A third option might be to use mod_jk instead of Proxy, but I don't know exactly how to do that either.
</snip>
So i was not able to get any of those to work. So i moved to the third option, mod_jk. It is loaded. I make the changes in my vhost:
#This rewrites https://share.anydomain.tld to our share server
RewriteEngine On
RewriteCond %{HTTP_HOST} ^share\.
RewriteCond %{HTTPS} on
RewriteRule ^/(.*) ajp://192.168.123.3:8443/share/$1 [P]
This gives internal server error 500 when going to https://share.example.com. Here are the apache logs:
Fri Nov 01 12:49:32 2013] [notice] Apache/2.2.12 (Linux/SUSE) mod_ssl/2.2.12 OpenSSL/0.9.8j-fips mod_jk/1.2.26 PHP/5.2.14 with Suhosin-Patch mod_perl/2.0.4 Perl/v5.10.0 configured -- resuming normal operations
[Fri Nov 01 12:49:41 2013] [warn] proxy: No protocol handler was valid for the URL /. If you are using a DSO version of mod_proxy, make sure the proxy submodules are included in the configuration using LoadModule.
[Fri Nov 01 12:49:41 2013] [warn] proxy: No protocol handler was valid for the URL /error/HTTP_INTERNAL_SERVER_ERROR.html.var. If you are using a DSO version of mod_proxy, make sure the proxy submodules are included in the configuration using LoadModule.
[Fri Nov 01 12:50:07 2013] [warn] proxy: No protocol handler was valid for the URL /share/page/. If you are using a DSO version of mod_proxy, make sure the proxy submodules are included in the configuration using LoadModule.
[Fri Nov 01 12:50:07 2013] [warn] proxy: No protocol handler was valid for the URL /error/HTTP_INTERNAL_SERVER_ERROR.html.var. If you are using a DSO version of mod_proxy, make sure the proxy submodules are included in the configuration using LoadModule.
[Fri Nov 01 12:50:07 2013] [warn] proxy: No protocol handler was valid for the URL /favicon.ico. If you are using a DSO version of mod_proxy, make sure the proxy submodules are included in the configuration using LoadModule.
[Fri Nov 01 12:50:07 2013] [warn] proxy: No protocol handler was valid for the URL /error/HTTP_INTERNAL_SERVER_ERROR.html.var. If you are using a DSO version of mod_proxy, make sure the proxy submodules are included in the configuration using LoadModule.
[Fri Nov 01 12:50:07 2013] [warn] proxy: No protocol handler was valid for the URL /favicon.ico. If you are using a DSO version of mod_proxy, make sure the proxy submodules are included in the configuration using LoadModule.
[Fri Nov 01 12:50:07 2013] [warn] proxy: No protocol handler was valid for the URL /error/HTTP_INTERNAL_SERVER_ERROR.html.var. If you are using a DSO version of mod_proxy, make sure the proxy submodules are included in the configuration using LoadModule
How can i get users to type in http://share.example.com and this land on https://share.example.com/xxx/xxx?
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org