You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Ron Van den Branden <ro...@kantl.be> on 2012/03/29 18:06:47 UTC
[users@httpd] mod_proxy: ProxyPassReverse ignored with ProxyPreserveHost?
Hi,
Apologies for reposting that soon, but I've been thinking more about my
question earlier today (see
<http://markmail.org/message/z3rkvqjjrvecllph>). So, rather than
appearing impatient, I would like to rephrase that question more
clearly. Basically, I have the impression that when ProxyPreserveHost
is switched on, ProxyPassReverse seems to be ignored.
I'll briefly illustrate this observation. With following settings in
httpd.conf:
ProxyPreserveHost off
ProxyPass /apps/ http://localhost:8082/
ProxyPassReverse /apps/ http://localhost:8082/
ProxyPassReverseCookiePath /apps/ /
I can successfully proxy a request for <http://mydomain/apps/my_app/> to
a Tomcat app at <http://localhost:8082/my_app/>. The ProxyPassReverse
directive is working properly, as can be seen for requests that cause an
internal redirection in the Tomcat app: <http://mydomain/apps/my_app/>
correctly redirects (internally, via Tomcat) to
<http://mydomain/apps/my_app/index.htm>.
Yet, when switching on ProxyPreserveHost, internal redirects via Tomcat
fail:
ProxyPreserveHost off
ProxyPass /apps/ http://localhost:8082/
ProxyPassReverse /apps/ http://localhost:8082/
ProxyPassReverseCookiePath /apps/ /
A request for <http://mydomain/apps/my_app/> now redirects to
<http://mydomain/my_app/index.htm>. Moreover, I have the impression
/anything/ can be entered for ProxyPassReverse without making any
difference, e.g.:
ProxyPassReverse /apps/whatever/ http://localhost:8082/
This doesn't affect the redirected URL whatsoever: it always is
redirected to <http://mydomain/my_app/index.htm>. However, with
ProxyPreserveHost switched off, above rule does redirect the original
request to <http://mydomain/apps/whatever/my_app/index.htm>, which is
what I'd expect.
So, my question is: (how) can ProxyPassReverse be made to work in
combination with ProxyPreserveHost?
Kind regards,
Ron
Re: [users@httpd] mod_proxy: ProxyPassReverse ignored with ProxyPreserveHost?
Posted by "ron.vandenbranden@home" <ro...@kantl.be>.
Ok,
Tried this version:
On 30/03/2012 7:09, Bruno Tréguier wrote:
> tcpdump -vvv -X -s 0 -i any port 8080 or port 8082
And captured 4 scenarios, dumped to different files:
-preserveHostOn_noredirect.out: ProxyPreserveHost = on + proxy
request not resulting in a redirect (successful request)
-preserveHostOn_redirect.out: ProxyPreserveHost = on + proxy
request resulting in a redirect (failing request)
-preserveHostOff_noredirect.out: ProxyPreserveHost = off + proxy
request not resulting in a redirect (successful request)
-preserveHostOff_redirect.out: ProxyPreserveHost = off + proxy
request resulting in a redirect (successful request)
(note: I've issued these requests to the real webapp, instead of the
simplified URLs I illustrated my question with; actual paths differ but
principle is the same)
I've attached them in a zip file. Does this help?
Again, many thanks to all for helping me out so far!
Kind regards,
Ron
Re: [users@httpd] mod_proxy: ProxyPassReverse ignored with ProxyPreserveHost?
Posted by Bruno Tréguier <Br...@shom.fr>.
Le 30/03/2012 à 0:32, ron.vandenbranden@home a écrit :
> Thanks, Igor.
>
> On Mar 30, 2012 8:41 AM, "Igor Cicimov" <icicimov@gmail.com
> <ma...@gmail.com>> wrote:
>>
>> tcpdump -vvv -X -s 0 -i eth0 tcp port 8080
>>
>> Needs to be run as root. Replace port 8080 with what ever port you
>> need. Option "-i eth0" is just in case you have more than one
>> network interfaces. If you use it make sure to replace eth0 with
>> correct value for your server.
>>
>
> Hmm, tcpdump returns nothing for reverse proxied requests: while
> <http://mydomain/apps/my_app/> is correctly proxied to
> <http://localhost:8082/my_app/>, nothing of this is traced by tcpdump.
Hi,
This is probably because the proxied requests are using the "loopback"
interface, so in order to capture both dialogues (between your client
and your "proxy" vhost, and between your "proxy" vhost and your app
vhost, you need to use the "any" pseudo-interface (meaning all the
interfaces than can be found on your machine), and monitor both ports
(8080 and 8082):
tcpdump -vvv -X -s 0 -i any port 8080 or port 8082
If you're only interested in proxied requests, then using the "lo"
interface and asking for what's using port 8082 is sufficient:
tcpdump -vvv -X -s 0 -i lo port 8082
Best regards,
Bruno
--
- Service Hydrographique et Oceanographique de la Marine - DMGS/INF
- 13, rue du Chatellier - CS 92803 - 29228 Brest Cedex 2, FRANCE
- Phone: +33 2 98 22 17 49 - Email: Bruno.Treguier@shom.fr
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] mod_proxy: ProxyPassReverse ignored with ProxyPreserveHost?
Posted by "ron.vandenbranden@home" <ro...@kantl.be>.
Thanks, Igor.
On Mar 30, 2012 8:41 AM, "Igor Cicimov" <icicimov@gmail.com
<ma...@gmail.com>> wrote:
>
> tcpdump -vvv -X -s 0 -i eth0 tcp port 8080
>
> Needs to be run as root. Replace port 8080 with what ever port you
> need. Option "-i eth0" is just in case you have more than one
> network interfaces. If you use it make sure to replace eth0 with
> correct value for your server.
>
Hmm, tcpdump returns nothing for reverse proxied requests: while
<http://mydomain/apps/my_app/> is correctly proxied to
<http://localhost:8082/my_app/>, nothing of this is traced by tcpdump.
OTOH, direct (non-proxied) requests are picked up:
<http://mydomain:8080/my_app/> returns a load of tcpdump output.
Best,
Ron
Re: [users@httpd] mod_proxy: ProxyPassReverse ignored with ProxyPreserveHost?
Posted by Igor Cicimov <ic...@gmail.com>.
Or
tcpdump -vvv -X -s 0 -i eth0 -n -w tcpdump.pcap tcp port 8080
If you want to dump into a file tcpdump.pcap to inspect it later with
Wireshark.
On Mar 30, 2012 8:41 AM, "Igor Cicimov" <ic...@gmail.com> wrote:
> tcpdump -vvv -X -s 0 -i eth0 tcp port 8080
>
> Needs to be run as root. Replace port 8080 with what ever port you need.
> Option "-i eth0" is just in case you have more than one network interfaces.
> If you use it make sure to replace eth0 with correct value for your server.
> On Mar 30, 2012 4:55 AM, "ron.vandenbranden@home" <
> ron.vandenbranden@kantl.be> wrote:
>
>> Hi,
>>
>> Thanks for your detailed suggestions, Tom.
>>
>> On 29/03/2012 18:22, Tom Evans wrote:
>>
>>> On Thu, Mar 29, 2012 at 5:06 PM, Ron Van den Branden
>>> <ro...@kantl.be> wrote:
>>>
>>>> Yet, when switching on ProxyPreserveHost, internal redirects via Tomcat
>>>> fail:
>>>>
>>>> ProxyPreserveHost off
>>>>
>>> ^^^^ This should be "on" surely?
>>>
>>
>> Ouch, my bad, sorry. Surely, 'on' is what I meant.
>>
>> So, what URL does your backend server generate? Does the Location
>>> header, as seen by Apache, contain "http://localhost:8082/" when
>>> ProxyPreserveHost is on, or does it contain something else?
>>>
>>> The best way to debug reverse proxying is to run tcpdump on the proxy
>>> server. That way, you can see the request as the reverse proxy sees
>>> it, the request as the backend sees it, the raw response generated by
>>> the backend and the processed response returned by the proxy. Without
>>> seeing those things, we're probably just guessing.
>>>
>>
>> I've briefly checked: I can run tcpdump on the proxy server. Yet, I don't
>> know it at all. Do you perhaps know the command to achieve the task you
>> mention, so I can produce more useful reports? Un/fortunately, I'm leaving
>> on holiday tomorrow; but maybe I still have some time to look into this
>> tonight.
>>
>> Kind regards,
>>
>> Ron
>>
>> ------------------------------**------------------------------**---------
>> To unsubscribe, e-mail: users-unsubscribe@httpd.**apache.org<us...@httpd.apache.org>
>> For additional commands, e-mail: users-help@httpd.apache.org
>>
>>
Re: [users@httpd] mod_proxy: ProxyPassReverse ignored with ProxyPreserveHost?
Posted by Igor Cicimov <ic...@gmail.com>.
tcpdump -vvv -X -s 0 -i eth0 tcp port 8080
Needs to be run as root. Replace port 8080 with what ever port you need.
Option "-i eth0" is just in case you have more than one network interfaces.
If you use it make sure to replace eth0 with correct value for your server.
On Mar 30, 2012 4:55 AM, "ron.vandenbranden@home" <
ron.vandenbranden@kantl.be> wrote:
> Hi,
>
> Thanks for your detailed suggestions, Tom.
>
> On 29/03/2012 18:22, Tom Evans wrote:
>
>> On Thu, Mar 29, 2012 at 5:06 PM, Ron Van den Branden
>> <ro...@kantl.be> wrote:
>>
>>> Yet, when switching on ProxyPreserveHost, internal redirects via Tomcat
>>> fail:
>>>
>>> ProxyPreserveHost off
>>>
>> ^^^^ This should be "on" surely?
>>
>
> Ouch, my bad, sorry. Surely, 'on' is what I meant.
>
> So, what URL does your backend server generate? Does the Location
>> header, as seen by Apache, contain "http://localhost:8082/" when
>> ProxyPreserveHost is on, or does it contain something else?
>>
>> The best way to debug reverse proxying is to run tcpdump on the proxy
>> server. That way, you can see the request as the reverse proxy sees
>> it, the request as the backend sees it, the raw response generated by
>> the backend and the processed response returned by the proxy. Without
>> seeing those things, we're probably just guessing.
>>
>
> I've briefly checked: I can run tcpdump on the proxy server. Yet, I don't
> know it at all. Do you perhaps know the command to achieve the task you
> mention, so I can produce more useful reports? Un/fortunately, I'm leaving
> on holiday tomorrow; but maybe I still have some time to look into this
> tonight.
>
> Kind regards,
>
> Ron
>
> ------------------------------**------------------------------**---------
> To unsubscribe, e-mail: users-unsubscribe@httpd.**apache.org<us...@httpd.apache.org>
> For additional commands, e-mail: users-help@httpd.apache.org
>
>
Re: [users@httpd] mod_proxy: ProxyPassReverse ignored with ProxyPreserveHost?
Posted by "ron.vandenbranden@home" <ro...@kantl.be>.
Hi,
Thanks for your detailed suggestions, Tom.
On 29/03/2012 18:22, Tom Evans wrote:
> On Thu, Mar 29, 2012 at 5:06 PM, Ron Van den Branden
> <ro...@kantl.be> wrote:
>> Yet, when switching on ProxyPreserveHost, internal redirects via Tomcat
>> fail:
>>
>> ProxyPreserveHost off
> ^^^^ This should be "on" surely?
Ouch, my bad, sorry. Surely, 'on' is what I meant.
> So, what URL does your backend server generate? Does the Location
> header, as seen by Apache, contain "http://localhost:8082/" when
> ProxyPreserveHost is on, or does it contain something else?
>
> The best way to debug reverse proxying is to run tcpdump on the proxy
> server. That way, you can see the request as the reverse proxy sees
> it, the request as the backend sees it, the raw response generated by
> the backend and the processed response returned by the proxy. Without
> seeing those things, we're probably just guessing.
I've briefly checked: I can run tcpdump on the proxy server. Yet, I
don't know it at all. Do you perhaps know the command to achieve the
task you mention, so I can produce more useful reports? Un/fortunately,
I'm leaving on holiday tomorrow; but maybe I still have some time to
look into this tonight.
Kind regards,
Ron
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] mod_proxy: ProxyPassReverse ignored with ProxyPreserveHost?
Posted by Tom Evans <te...@googlemail.com>.
On Thu, Mar 29, 2012 at 5:06 PM, Ron Van den Branden
<ro...@kantl.be> wrote:
> Hi,
>
> Apologies for reposting that soon, but I've been thinking more about my
> question earlier today (see <http://markmail.org/message/z3rkvqjjrvecllph>).
> So, rather than appearing impatient, I would like to rephrase that question
> more clearly. Basically, I have the impression that when ProxyPreserveHost
> is switched on, ProxyPassReverse seems to be ignored.
>
> I'll briefly illustrate this observation. With following settings in
> httpd.conf:
>
> ProxyPreserveHost off
> ProxyPass /apps/ http://localhost:8082/
> ProxyPassReverse /apps/ http://localhost:8082/
> ProxyPassReverseCookiePath /apps/ /
>
> I can successfully proxy a request for <http://mydomain/apps/my_app/> to a
> Tomcat app at <http://localhost:8082/my_app/>. The ProxyPassReverse
> directive is working properly, as can be seen for requests that cause an
> internal redirection in the Tomcat app: <http://mydomain/apps/my_app/>
> correctly redirects (internally, via Tomcat) to
> <http://mydomain/apps/my_app/index.htm>.
>
> Yet, when switching on ProxyPreserveHost, internal redirects via Tomcat
> fail:
>
> ProxyPreserveHost off
^^^^ This should be "on" surely?
> ProxyPass /apps/ http://localhost:8082/
> ProxyPassReverse /apps/ http://localhost:8082/
> ProxyPassReverseCookiePath /apps/ /
>
> A request for <http://mydomain/apps/my_app/> now redirects to
> <http://mydomain/my_app/index.htm>. Moreover, I have the impression anything
> can be entered for ProxyPassReverse without making any difference, e.g.:
>
> ProxyPassReverse /apps/whatever/ http://localhost:8082/
>
> This doesn't affect the redirected URL whatsoever: it always is redirected
> to <http://mydomain/my_app/index.htm>. However, with ProxyPreserveHost
> switched off, above rule does redirect the original request to
> <http://mydomain/apps/whatever/my_app/index.htm>, which is what I'd expect.
>
> So, my question is: (how) can ProxyPassReverse be made to work in
> combination with ProxyPreserveHost?
>
> Kind regards,
>
> Ron
ProxyPassReverse has a *very* specific meaning. When it sees a header
value with the 2nd argument, it will replace it with the first
argument, and then use standard apache semantics to turn that into a
fully qualified URL. See UseCanonicalName for details on that.
So, what URL does your backend server generate? Does the Location
header, as seen by Apache, contain "http://localhost:8082/" when
ProxyPreserveHost is on, or does it contain something else?
The best way to debug reverse proxying is to run tcpdump on the proxy
server. That way, you can see the request as the reverse proxy sees
it, the request as the backend sees it, the raw response generated by
the backend and the processed response returned by the proxy. Without
seeing those things, we're probably just guessing.
If you can't use tcpdump, you will need to find some other way of
examining the "Location" header, eg a custom log format.
Cheers
Tom
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org