You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Mark Bordelon <ma...@gmail.com> on 2019/08/24 12:56:46 UTC
Help with proxy from secure Apache to unsecured Tomcat
VERSIONS AND SETUP:
Both Apache/2.2.34 (Unix) and Apache Tomcat/8.0.53 are running on the same Linux AWS EC2 instance.
CONFIGURATION EXCERPT FROM APACHE'S httpd.conf:
<VirtualHost *:80>
ServerName cloviscorp.com
DocumentRoot /var/www/html/com/cloviscorp
<Directory "/var/www/html/com/cloviscorp">
Order Allow,Deny
Allow From All
AllowOverride All
Options -Indexes
</Directory>
ProxyRequests Off
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
ProxyPreserveHost On
ProxyPass /ClovisWebApp http://localhost:8080/ClovisWebApp
ProxyPassReverse / http://localhost:8080/
<Location "/">
Order allow,deny
Allow from all
</Location>
Header set Access-Control-Allow-Origin null
Header set Access-Control-Allow-Headers "Origin, X-Requested-With, Content-Type"
ErrorLog logs/cloviscorp.com-error_log
CustomLog logs/cloviscorp.com-access_log common
</VirtualHost>
<VirtualHost *:443>
ServerName cloviscorp.com
DocumentRoot /var/www/html/com/cloviscorp
<Directory "/var/www/html/com/cloviscorp">
Order Allow,Deny
Allow From All
AllowOverride All
Options -Indexes
</Directory>
SSLEngine on
SSLCertificateFile "/etc/httpd/server.crt"
SSLCertificateKeyFile "/etc/httpd/server.key"
ProxyRequests Off
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
ProxyPreserveHost On
ProxyPass /ClovisWebApp http://localhost:8080/ClovisWebApp
ProxyPassReverse /ClovisWebApp http://localhost:8080/ClovisWebApp
<Location "/">
Order allow,deny
Allow from all
</Location>
ErrorLog logs/cloviscorp-secure.com-error_log
CustomLog logs/cloviscorp-secure.com-access_log common
</VirtualHost>
CONFIGURATION EXCERPT FROM TOMCAT's server.xml:
<Connector port="8080" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="8443"
proxyName="www.cloviscorp.com"
proxyPort="80"/>
<Connector executor="tomcatThreadPool"
port="8080" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="8443" />
PROBLEM:
A) http://www.cloviscorp.com/ClovisWebApp/textservice/health WORKS FINE
B) https://www.cloviscorp.com/ClovisWebApp/textservice/health RETURNS:
Not Found
The requested URL /ClovisWebApp/textservice/health was not found on this server.
LOGS:
Tomcat logs show nothing, Apache log the following when I hit the second =
(Secure) link:
ssl_error_log:[Sat Aug 24 11:44:36 2019] [error] [client 79.75.96.60] =
File does not exist: /var/www/html/com/cloviscorp/ClovisWebApp
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Help with proxy from secure Apache to unsecured Tomcat
Posted by Christopher Schultz <ch...@christopherschultz.net>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Mark,
On 8/26/19 09:24, Mark Bordelon wrote:
> I also was of the opinion that this had to be an apache issue. The
> ssl logging was taken from the included out-of-the-box
> conf.d/ssl.conf. Issue was solved randomly by setting server name
> to www.cloviscorp.com <http://www.cloviscorp.com/> instead of
> cloviscorp.com <http://cloviscorp.com/>.
Try restoring your previous configuration but also adding:
ServerName cloviscorp.com
ServerAlias www.cloviscorp.com
And (your choice):
UseCanonicalName On
On the Tomcat side, you can either use the "default virtual host"
(recommended, IMO) or you can match the vhost name from httpd and also
provide any aliases you need.
If you need to support multiple non-default vhosts in Tomcat in a
single JVM, then you probably don't want to use the default vhost. But
if everything is going to a single vhost in Tomcat, you are better off
only defining the default vhost (which is, uhh, the default) and
letting everything get mapped to that.
- -chris
>> On Aug 26, 2019, at 03:35, André Warnier (tomcat) <aw...@ice-sa.com>
>> wrote:
>>
>> Hi.
>>
>> That looks more like an Apache httpd issue, than a Tomcat issue
>> (as you mention, the tomcat logfiles do not show anything, and
>> the rest tends to indicate that Apache httpd is not proxying
>> these calls to tomcat, but trying to resolve them locally).
>>
>> This being said, I cannot find any obvious configuration error in
>> the setup below.
>>
>> The only thing which makes me a bit suspicious is this :
>>
>>> ssl_error_log:[Sat Aug 24 11:44:36 2019] [error] [client
>>> 79.75.96.60] = File does not exist:
>>> /var/www/html/com/cloviscorp/ClovisWebApp
>>
>> where does that "ssl_error_log:" prefix come from ? It does not
>> seem to have a reason to be there, considering your configuration
>> copied below.
>>
>> On 24.08.2019 14:56, Mark Bordelon wrote:
>>> VERSIONS AND SETUP: Both Apache/2.2.34 (Unix) and Apache
>>> Tomcat/8.0.53 are running on the same Linux AWS EC2 instance.
>>>
>>>
>>>
>>> CONFIGURATION EXCERPT FROM APACHE'S httpd.conf:
>>>
>>>
>>> <VirtualHost *:80> ServerName cloviscorp.com DocumentRoot
>>> /var/www/html/com/cloviscorp <Directory
>>> "/var/www/html/com/cloviscorp"> Order Allow,Deny Allow From
>>> All AllowOverride All Options -Indexes </Directory>
>>>
>>> ProxyRequests Off <Proxy *> Order deny,allow Allow from all
>>> </Proxy> ProxyPreserveHost On ProxyPass /ClovisWebApp
>>> http://localhost:8080/ClovisWebApp ProxyPassReverse /
>>> http://localhost:8080/
>>>
>>> <Location "/"> Order allow,deny Allow from all </Location>
>>>
>>> Header set Access-Control-Allow-Origin null Header set
>>> Access-Control-Allow-Headers "Origin, X-Requested-With,
>>> Content-Type"
>>>
>>> ErrorLog logs/cloviscorp.com-error_log CustomLog
>>> logs/cloviscorp.com-access_log common </VirtualHost>
>>>
>>> <VirtualHost *:443> ServerName cloviscorp.com DocumentRoot
>>> /var/www/html/com/cloviscorp <Directory
>>> "/var/www/html/com/cloviscorp"> Order Allow,Deny Allow From
>>> All AllowOverride All Options -Indexes </Directory>
>>>
>>> SSLEngine on SSLCertificateFile "/etc/httpd/server.crt"
>>> SSLCertificateKeyFile "/etc/httpd/server.key"
>>>
>>> ProxyRequests Off <Proxy *> Order deny,allow Allow from all
>>> </Proxy> ProxyPreserveHost On ProxyPass /ClovisWebApp
>>> http://localhost:8080/ClovisWebApp ProxyPassReverse
>>> /ClovisWebApp http://localhost:8080/ClovisWebApp
>>>
>>> <Location "/"> Order allow,deny Allow from all </Location>
>>>
>>> ErrorLog logs/cloviscorp-secure.com-error_log CustomLog
>>> logs/cloviscorp-secure.com-access_log common </VirtualHost>
>>>
>>>
>>>
>>>
>>> CONFIGURATION EXCERPT FROM TOMCAT's server.xml:
>>>
>>>
>>> <Connector port="8080" protocol="HTTP/1.1"
>>> connectionTimeout="20000" redirectPort="8443"
>>> proxyName="www.cloviscorp.com" proxyPort="80"/>
>>>
>>> <Connector executor="tomcatThreadPool" port="8080"
>>> protocol="HTTP/1.1" connectionTimeout="20000"
>>> redirectPort="8443" />
>>>
>>>
>>>
>>> PROBLEM:
>>>
>>> A) http://www.cloviscorp.com/ClovisWebApp/textservice/health
>>> WORKS FINE B)
>>> https://www.cloviscorp.com/ClovisWebApp/textservice/health
>>> RETURNS: Not Found The requested URL
>>> /ClovisWebApp/textservice/health was not found on this server.
>>>
>>>
>>>
>>> LOGS:
>>>
>>> Tomcat logs show nothing, Apache log the following when I hit
>>> the second = (Secure) link: ssl_error_log:[Sat Aug 24 11:44:36
>>> 2019] [error] [client 79.75.96.60] = File does not exist:
>>> /var/www/html/com/cloviscorp/ClovisWebApp
>>> --------------------------------------------------------------------
- -
>>>
>>>
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>>> For additional commands, e-mail: users-help@tomcat.apache.org
>>>
>>
>>
>> ---------------------------------------------------------------------
>>
>>
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>> For additional commands, e-mail: users-help@tomcat.apache.org
>>
>
>
-----BEGIN PGP SIGNATURE-----
Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/
iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAl1j/RkACgkQHPApP6U8
pFjfhRAAx1GmXWM3dnG4GGFjeTWV5bAY1jPj60SU/nnAKJyMtlOvU5Xk1Sw1dCKv
QIUmutCKPi5gbYJj94u2ZeHn9fiqYc7KjszgHk/7V20l/q/9FIp19xn5m3wNq45X
nf7aWApcZOnN6DfnrsTVtW3qT0PEvhKWQ6y+vH25YKgBFEi/uuN98LcUg8luWryZ
ZmjgOPLVif8SIl2XM/BZDw+tKyeb1JJPcD9oSDSvMhRBueJhOBmn71SSjayk4Ljv
iSoZ/c5jfwz5EsC8qnrU/h0feqIVSeBOYhs7QBk1RlowUXeW5/QMs3tigmGLuAG3
RYW72zLYAUce9BWc5hY5Q57cHxqiBaWyND+FBkhKbZsTTapxCRe5jRG9mwzNXrTK
wEF2YHUEvLIkcCuAwHTEF/gGcHDeLXYmbCRDS8tXKP0LzV5AzAuUZtCa7uNbPrP4
gjxuAnTjxS2qC4q747NBH0P6lx3kadAJpkaZDIr1AK7WaobQpvIMCyqKGIgTdK98
EVKHFBUhd2Pd+/LjQA9FknMakBV2ZBiXoOv9RgSy6fgUVUt/1zTMfieyTpDSJeAi
ZKZH6eonNu/90tJ4dxr1Yj98m8zgIF5nDPararSz79P6/mkj0SHN+jIYcb0Ub2l3
AOLHwaWSL+rmVJl2YKEFfiWJgmGKumD/ABYdzNwT1Cu7wVaw8ao=
=Sedp
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Help with proxy from secure Apache to unsecured Tomcat
Posted by Mark Bordelon <ma...@gmail.com>.
I also was of the opinion that this had to be an apache issue.
The ssl logging was taken from the included out-of-the-box conf.d/ssl.conf.
Issue was solved randomly by setting server name to www.cloviscorp.com <http://www.cloviscorp.com/> instead of cloviscorp.com <http://cloviscorp.com/>.
> On Aug 26, 2019, at 03:35, André Warnier (tomcat) <aw...@ice-sa.com> wrote:
>
> Hi.
>
> That looks more like an Apache httpd issue, than a Tomcat issue (as you mention, the tomcat logfiles do not show anything, and the rest tends to indicate that Apache httpd is not proxying these calls to tomcat, but trying to resolve them locally).
>
> This being said, I cannot find any obvious configuration error in the setup below.
>
> The only thing which makes me a bit suspicious is this :
>
> > ssl_error_log:[Sat Aug 24 11:44:36 2019] [error] [client 79.75.96.60] =
> > File does not exist: /var/www/html/com/cloviscorp/ClovisWebApp
>
> where does that "ssl_error_log:" prefix come from ?
> It does not seem to have a reason to be there, considering your configuration copied below.
>
> On 24.08.2019 14:56, Mark Bordelon wrote:
>> VERSIONS AND SETUP:
>> Both Apache/2.2.34 (Unix) and Apache Tomcat/8.0.53 are running on the same Linux AWS EC2 instance.
>>
>>
>>
>> CONFIGURATION EXCERPT FROM APACHE'S httpd.conf:
>>
>>
>> <VirtualHost *:80>
>> ServerName cloviscorp.com
>> DocumentRoot /var/www/html/com/cloviscorp
>> <Directory "/var/www/html/com/cloviscorp">
>> Order Allow,Deny
>> Allow From All
>> AllowOverride All
>> Options -Indexes
>> </Directory>
>>
>> ProxyRequests Off
>> <Proxy *>
>> Order deny,allow
>> Allow from all
>> </Proxy>
>> ProxyPreserveHost On
>> ProxyPass /ClovisWebApp http://localhost:8080/ClovisWebApp
>> ProxyPassReverse / http://localhost:8080/
>>
>> <Location "/">
>> Order allow,deny
>> Allow from all
>> </Location>
>>
>> Header set Access-Control-Allow-Origin null
>> Header set Access-Control-Allow-Headers "Origin, X-Requested-With, Content-Type"
>>
>> ErrorLog logs/cloviscorp.com-error_log
>> CustomLog logs/cloviscorp.com-access_log common
>> </VirtualHost>
>>
>> <VirtualHost *:443>
>> ServerName cloviscorp.com
>> DocumentRoot /var/www/html/com/cloviscorp
>> <Directory "/var/www/html/com/cloviscorp">
>> Order Allow,Deny
>> Allow From All
>> AllowOverride All
>> Options -Indexes
>> </Directory>
>>
>> SSLEngine on
>> SSLCertificateFile "/etc/httpd/server.crt"
>> SSLCertificateKeyFile "/etc/httpd/server.key"
>>
>> ProxyRequests Off
>> <Proxy *>
>> Order deny,allow
>> Allow from all
>> </Proxy>
>> ProxyPreserveHost On
>> ProxyPass /ClovisWebApp http://localhost:8080/ClovisWebApp
>> ProxyPassReverse /ClovisWebApp http://localhost:8080/ClovisWebApp
>>
>> <Location "/">
>> Order allow,deny
>> Allow from all
>> </Location>
>>
>> ErrorLog logs/cloviscorp-secure.com-error_log
>> CustomLog logs/cloviscorp-secure.com-access_log common
>> </VirtualHost>
>>
>>
>>
>>
>> CONFIGURATION EXCERPT FROM TOMCAT's server.xml:
>>
>>
>> <Connector port="8080" protocol="HTTP/1.1"
>> connectionTimeout="20000"
>> redirectPort="8443"
>> proxyName="www.cloviscorp.com"
>> proxyPort="80"/>
>>
>> <Connector executor="tomcatThreadPool"
>> port="8080" protocol="HTTP/1.1"
>> connectionTimeout="20000"
>> redirectPort="8443" />
>>
>>
>>
>> PROBLEM:
>>
>> A) http://www.cloviscorp.com/ClovisWebApp/textservice/health WORKS FINE
>> B) https://www.cloviscorp.com/ClovisWebApp/textservice/health RETURNS:
>> Not Found
>> The requested URL /ClovisWebApp/textservice/health was not found on this server.
>>
>>
>>
>> LOGS:
>>
>> Tomcat logs show nothing, Apache log the following when I hit the second =
>> (Secure) link:
>> ssl_error_log:[Sat Aug 24 11:44:36 2019] [error] [client 79.75.96.60] =
>> File does not exist: /var/www/html/com/cloviscorp/ClovisWebApp
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>> For additional commands, e-mail: users-help@tomcat.apache.org
>>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
Re: Help with proxy from secure Apache to unsecured Tomcat
Posted by "André Warnier (tomcat)" <aw...@ice-sa.com>.
Hi.
That looks more like an Apache httpd issue, than a Tomcat issue (as you mention, the
tomcat logfiles do not show anything, and the rest tends to indicate that Apache httpd is
not proxying these calls to tomcat, but trying to resolve them locally).
This being said, I cannot find any obvious configuration error in the setup below.
The only thing which makes me a bit suspicious is this :
> ssl_error_log:[Sat Aug 24 11:44:36 2019] [error] [client 79.75.96.60] =
> File does not exist: /var/www/html/com/cloviscorp/ClovisWebApp
where does that "ssl_error_log:" prefix come from ?
It does not seem to have a reason to be there, considering your configuration copied below.
On 24.08.2019 14:56, Mark Bordelon wrote:
> VERSIONS AND SETUP:
> Both Apache/2.2.34 (Unix) and Apache Tomcat/8.0.53 are running on the same Linux AWS EC2 instance.
>
>
>
> CONFIGURATION EXCERPT FROM APACHE'S httpd.conf:
>
>
> <VirtualHost *:80>
> ServerName cloviscorp.com
> DocumentRoot /var/www/html/com/cloviscorp
> <Directory "/var/www/html/com/cloviscorp">
> Order Allow,Deny
> Allow From All
> AllowOverride All
> Options -Indexes
> </Directory>
>
> ProxyRequests Off
> <Proxy *>
> Order deny,allow
> Allow from all
> </Proxy>
> ProxyPreserveHost On
> ProxyPass /ClovisWebApp http://localhost:8080/ClovisWebApp
> ProxyPassReverse / http://localhost:8080/
>
> <Location "/">
> Order allow,deny
> Allow from all
> </Location>
>
> Header set Access-Control-Allow-Origin null
> Header set Access-Control-Allow-Headers "Origin, X-Requested-With, Content-Type"
>
> ErrorLog logs/cloviscorp.com-error_log
> CustomLog logs/cloviscorp.com-access_log common
> </VirtualHost>
>
> <VirtualHost *:443>
> ServerName cloviscorp.com
> DocumentRoot /var/www/html/com/cloviscorp
> <Directory "/var/www/html/com/cloviscorp">
> Order Allow,Deny
> Allow From All
> AllowOverride All
> Options -Indexes
> </Directory>
>
> SSLEngine on
> SSLCertificateFile "/etc/httpd/server.crt"
> SSLCertificateKeyFile "/etc/httpd/server.key"
>
> ProxyRequests Off
> <Proxy *>
> Order deny,allow
> Allow from all
> </Proxy>
> ProxyPreserveHost On
> ProxyPass /ClovisWebApp http://localhost:8080/ClovisWebApp
> ProxyPassReverse /ClovisWebApp http://localhost:8080/ClovisWebApp
>
> <Location "/">
> Order allow,deny
> Allow from all
> </Location>
>
> ErrorLog logs/cloviscorp-secure.com-error_log
> CustomLog logs/cloviscorp-secure.com-access_log common
> </VirtualHost>
>
>
>
>
> CONFIGURATION EXCERPT FROM TOMCAT's server.xml:
>
>
> <Connector port="8080" protocol="HTTP/1.1"
> connectionTimeout="20000"
> redirectPort="8443"
> proxyName="www.cloviscorp.com"
> proxyPort="80"/>
>
> <Connector executor="tomcatThreadPool"
> port="8080" protocol="HTTP/1.1"
> connectionTimeout="20000"
> redirectPort="8443" />
>
>
>
> PROBLEM:
>
> A) http://www.cloviscorp.com/ClovisWebApp/textservice/health WORKS FINE
> B) https://www.cloviscorp.com/ClovisWebApp/textservice/health RETURNS:
> Not Found
> The requested URL /ClovisWebApp/textservice/health was not found on this server.
>
>
>
> LOGS:
>
> Tomcat logs show nothing, Apache log the following when I hit the second =
> (Secure) link:
> ssl_error_log:[Sat Aug 24 11:44:36 2019] [error] [client 79.75.96.60] =
> File does not exist: /var/www/html/com/cloviscorp/ClovisWebApp
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Help with proxy from secure Apache to unsecured Tomcat
Posted by Mark Bordelon <ma...@gmail.com>.
Dear Chris,
All that messiness and variance was the result of lots of experimentation. I will immediately clean up and normalize the ProxyPassReverse sections, as well as remove the unnecessary ProxyRequest and Proxy element. Thank you very much for pointing it out.
> On Aug 26, 2019, at 06:27, Christopher Schultz <ch...@christopherschultz.net> wrote:
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> Mark,
>
> On 8/24/19 08:56, Mark Bordelon wrote:
>> CONFIGURATION EXCERPT FROM APACHE'S httpd.conf:
>>
>> <VirtualHost *:80>
>
> [snip]
>
>> ProxyPass /ClovisWebApp http://localhost:8080/ClovisWebApp <http://localhost:8080/ClovisWebApp>
>> ProxyPassReverse / http://localhost:8080/ <http://localhost:8080/>
>
> [snip]
>
>> </VirtualHost>
>
> Does not match this:
>
>> <VirtualHost *:443>
>
> [snip]
>
>> ProxyPass /ClovisWebApp http://localhost:8080/ClovisWebApp <http://localhost:8080/ClovisWebApp>
>> ProxyPassReverse /ClovisWebApp http://localhost:8080/ClovisWebApp <http://localhost:8080/ClovisWebApp>
>
> [snip]
>
>> </VirtualHost>
>
> Is that intentional?
>
> Also, I think you might want to map:
>
> ProxyPass /ClovisWebApp/ http://localhost:8080/ClovisWebApp/ <http://localhost:8080/ClovisWebApp/>
> ProxyPassReverse /ClovisWebApp/ http://localhost:8080/ClovisWebApp/ <http://localhost:8080/ClovisWebApp/>
>
> (Note the trailing slashes.)
>
> Aside from your above mapping, this looks really weird to me:
>
> ProxyRequests Off
> <Proxy *>
> Order deny,allow
> Allow from all
> </Proxy>
>
> If you have "ProxyRequests Off" (which is the default, BTW), then why
> do you have a <Proxy> section. Do you have plans to use httpd as a
> *forward* proxy? That "Allow from all" is ... probably a bad idea.
>
> - -chris
>
>> CONFIGURATION EXCERPT FROM TOMCAT's server.xml:
>>
>>
>> <Connector port="8080" protocol="HTTP/1.1"
>> connectionTimeout="20000" redirectPort="8443"
>> proxyName="www.cloviscorp.com" proxyPort="80"/>
>>
>> <Connector executor="tomcatThreadPool" port="8080"
>> protocol="HTTP/1.1" connectionTimeout="20000" redirectPort="8443"
>> />
>>
>>
>>
>> PROBLEM:
>>
>> A) http://www.cloviscorp.com/ClovisWebApp/textservice/health WORKS
>> FINE B) https://www.cloviscorp.com/ClovisWebApp/textservice/health
>> RETURNS: Not Found The requested URL
>> /ClovisWebApp/textservice/health was not found on this server.
>>
>>
>>
>> LOGS:
>>
>> Tomcat logs show nothing, Apache log the following when I hit the
>> second = (Secure) link: ssl_error_log:[Sat Aug 24 11:44:36 2019]
>> [error] [client 79.75.96.60] = File does not exist:
>> /var/www/html/com/cloviscorp/ClovisWebApp
>> ---------------------------------------------------------------------
>>
>>
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org <ma...@tomcat.apache.org>
>> For additional commands, e-mail: users-help@tomcat.apache.org <ma...@tomcat.apache.org>
>>
> -----BEGIN PGP SIGNATURE-----
> Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/ <https://www.enigmail.net/>
>
> iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAl1j3icACgkQHPApP6U8
> pFiQ/BAAtJc/5VuuablzpslEWune5q31qnqJiOUX1YdTQBbniJHURT27XhqXcX+2
> rsTYDAA4hMqRnZ03DhhQVpTD7VQ9gOPX/y0I1tuEj3dZk+FmXTXdcJgJXDd5LPTW
> geY3xw9RojSzbQb7UCNPRAAzIvY69tqI8piUvZek33ICg2NHkJcw0MICw+SI4Soz
> tZehLAoqwb7RypJ+rEjnvQXiETsb9o7mZSB5hsIuNI3s+rC7kUAGxqrQrRXtodC3
> JCe+ul2mXGGiFUti4a0XPgYCMmIWMovwqyFXIH7uRCC1L1mGALKPMK/EtXX1gqct
> 4EwDMZ4OVZ9LTqYdh/bDT5DZR2XvBDQkt3/PBTTrVrgHYk8eEb3JkbI6iXsQ6xHF
> WLnwaND3F8CP9KtsSfWxgwTyjOKBIOXEuOjviIpNx4nELUwgsVOdELJPngzf9oXL
> dmzuwMIcD3EiUjMb8vQvUxUKGV30CQKKjSlcuz3Yb3wCqdyzUClVzODkt5ytCC7W
> jUlNHoOKzm/wEXoWpsaSKhr8jZh90VMu4iCKQgwN5Y0WRemzPm56xsHF9AA+owLF
> PX47XL0NIDn5VlcXQFkrRdwiP0/YsgWaY6PJt1VAheoPfen9D8cPIkayGVWPs7a6
> NeqCtVUzqbapUv6kyXzthQmZ+nwfp9dpmbNKhslB6OthBQYOpo8=
> =M26S
> -----END PGP SIGNATURE-----
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org <ma...@tomcat.apache.org>
> For additional commands, e-mail: users-help@tomcat.apache.org <ma...@tomcat.apache.org>
Re: Help with proxy from secure Apache to unsecured Tomcat
Posted by Christopher Schultz <ch...@christopherschultz.net>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Mark,
On 8/24/19 08:56, Mark Bordelon wrote:
> CONFIGURATION EXCERPT FROM APACHE'S httpd.conf:
>
> <VirtualHost *:80>
[snip]
> ProxyPass /ClovisWebApp http://localhost:8080/ClovisWebApp
> ProxyPassReverse / http://localhost:8080/
[snip]
> </VirtualHost>
Does not match this:
> <VirtualHost *:443>
[snip]
> ProxyPass /ClovisWebApp http://localhost:8080/ClovisWebApp
> ProxyPassReverse /ClovisWebApp http://localhost:8080/ClovisWebApp
[snip]
> </VirtualHost>
Is that intentional?
Also, I think you might want to map:
ProxyPass /ClovisWebApp/ http://localhost:8080/ClovisWebApp/
ProxyPassReverse /ClovisWebApp/ http://localhost:8080/ClovisWebApp/
(Note the trailing slashes.)
Aside from your above mapping, this looks really weird to me:
ProxyRequests Off
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
If you have "ProxyRequests Off" (which is the default, BTW), then why
do you have a <Proxy> section. Do you have plans to use httpd as a
*forward* proxy? That "Allow from all" is ... probably a bad idea.
- -chris
> CONFIGURATION EXCERPT FROM TOMCAT's server.xml:
>
>
> <Connector port="8080" protocol="HTTP/1.1"
> connectionTimeout="20000" redirectPort="8443"
> proxyName="www.cloviscorp.com" proxyPort="80"/>
>
> <Connector executor="tomcatThreadPool" port="8080"
> protocol="HTTP/1.1" connectionTimeout="20000" redirectPort="8443"
> />
>
>
>
> PROBLEM:
>
> A) http://www.cloviscorp.com/ClovisWebApp/textservice/health WORKS
> FINE B) https://www.cloviscorp.com/ClovisWebApp/textservice/health
> RETURNS: Not Found The requested URL
> /ClovisWebApp/textservice/health was not found on this server.
>
>
>
> LOGS:
>
> Tomcat logs show nothing, Apache log the following when I hit the
> second = (Secure) link: ssl_error_log:[Sat Aug 24 11:44:36 2019]
> [error] [client 79.75.96.60] = File does not exist:
> /var/www/html/com/cloviscorp/ClovisWebApp
> ---------------------------------------------------------------------
>
>
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
-----BEGIN PGP SIGNATURE-----
Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/
iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAl1j3icACgkQHPApP6U8
pFiQ/BAAtJc/5VuuablzpslEWune5q31qnqJiOUX1YdTQBbniJHURT27XhqXcX+2
rsTYDAA4hMqRnZ03DhhQVpTD7VQ9gOPX/y0I1tuEj3dZk+FmXTXdcJgJXDd5LPTW
geY3xw9RojSzbQb7UCNPRAAzIvY69tqI8piUvZek33ICg2NHkJcw0MICw+SI4Soz
tZehLAoqwb7RypJ+rEjnvQXiETsb9o7mZSB5hsIuNI3s+rC7kUAGxqrQrRXtodC3
JCe+ul2mXGGiFUti4a0XPgYCMmIWMovwqyFXIH7uRCC1L1mGALKPMK/EtXX1gqct
4EwDMZ4OVZ9LTqYdh/bDT5DZR2XvBDQkt3/PBTTrVrgHYk8eEb3JkbI6iXsQ6xHF
WLnwaND3F8CP9KtsSfWxgwTyjOKBIOXEuOjviIpNx4nELUwgsVOdELJPngzf9oXL
dmzuwMIcD3EiUjMb8vQvUxUKGV30CQKKjSlcuz3Yb3wCqdyzUClVzODkt5ytCC7W
jUlNHoOKzm/wEXoWpsaSKhr8jZh90VMu4iCKQgwN5Y0WRemzPm56xsHF9AA+owLF
PX47XL0NIDn5VlcXQFkrRdwiP0/YsgWaY6PJt1VAheoPfen9D8cPIkayGVWPs7a6
NeqCtVUzqbapUv6kyXzthQmZ+nwfp9dpmbNKhslB6OthBQYOpo8=
=M26S
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Help with proxy from secure Apache to unsecured Tomcat
Posted by Christopher Schultz <ch...@christopherschultz.net>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Mark,
Sorry for top-posting, but are you seeing an httpd error message or a
Tomcat one? If you can't tell, please post all of the response headers
you get.
- -chris
On 8/24/19 08:56, Mark Bordelon wrote:
> VERSIONS AND SETUP: Both Apache/2.2.34 (Unix) and Apache
> Tomcat/8.0.53 are running on the same Linux AWS EC2 instance.
>
>
>
> CONFIGURATION EXCERPT FROM APACHE'S httpd.conf:
>
>
> <VirtualHost *:80> ServerName cloviscorp.com DocumentRoot
> /var/www/html/com/cloviscorp <Directory
> "/var/www/html/com/cloviscorp"> Order Allow,Deny Allow From All
> AllowOverride All Options -Indexes </Directory>
>
> ProxyRequests Off <Proxy *> Order deny,allow Allow from all
> </Proxy> ProxyPreserveHost On ProxyPass /ClovisWebApp
> http://localhost:8080/ClovisWebApp ProxyPassReverse /
> http://localhost:8080/
>
> <Location "/"> Order allow,deny Allow from all </Location>
>
> Header set Access-Control-Allow-Origin null Header set
> Access-Control-Allow-Headers "Origin, X-Requested-With,
> Content-Type"
>
> ErrorLog logs/cloviscorp.com-error_log CustomLog
> logs/cloviscorp.com-access_log common </VirtualHost>
>
> <VirtualHost *:443> ServerName cloviscorp.com DocumentRoot
> /var/www/html/com/cloviscorp <Directory
> "/var/www/html/com/cloviscorp"> Order Allow,Deny Allow From All
> AllowOverride All Options -Indexes </Directory>
>
> SSLEngine on SSLCertificateFile "/etc/httpd/server.crt"
> SSLCertificateKeyFile "/etc/httpd/server.key"
>
> ProxyRequests Off <Proxy *> Order deny,allow Allow from all
> </Proxy> ProxyPreserveHost On ProxyPass /ClovisWebApp
> http://localhost:8080/ClovisWebApp ProxyPassReverse /ClovisWebApp
> http://localhost:8080/ClovisWebApp
>
> <Location "/"> Order allow,deny Allow from all </Location>
>
> ErrorLog logs/cloviscorp-secure.com-error_log CustomLog
> logs/cloviscorp-secure.com-access_log common </VirtualHost>
>
>
>
>
> CONFIGURATION EXCERPT FROM TOMCAT's server.xml:
>
>
> <Connector port="8080" protocol="HTTP/1.1"
> connectionTimeout="20000" redirectPort="8443"
> proxyName="www.cloviscorp.com" proxyPort="80"/>
>
> <Connector executor="tomcatThreadPool" port="8080"
> protocol="HTTP/1.1" connectionTimeout="20000" redirectPort="8443"
> />
>
>
>
> PROBLEM:
>
> A) http://www.cloviscorp.com/ClovisWebApp/textservice/health WORKS
> FINE B) https://www.cloviscorp.com/ClovisWebApp/textservice/health
> RETURNS: Not Found The requested URL
> /ClovisWebApp/textservice/health was not found on this server.
>
>
>
> LOGS:
>
> Tomcat logs show nothing, Apache log the following when I hit the
> second = (Secure) link: ssl_error_log:[Sat Aug 24 11:44:36 2019]
> [error] [client 79.75.96.60] = File does not exist:
> /var/www/html/com/cloviscorp/ClovisWebApp
> ---------------------------------------------------------------------
>
>
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
-----BEGIN PGP SIGNATURE-----
Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/
iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAl1j3QEACgkQHPApP6U8
pFgwgw//e6Vd1SB+qNUWvh0Khk0aavl1qu4Fw+U7Ulk3PK8GYv9EyQtOdTUu/oN4
5ZlZBHfi0AUMv3iIUev0QPiDUe96FKsejVyu0z0VK9yaoYz+Gut8RNY4fWkY9Ks7
9w2TrMrMXXN81jxK9y0XAljrZkMsnIo6TI3kODjUDHu52A5XPI4GED06uYNQIg/E
gPwc8g7wxOxpxjrzIz0IYOZbVjYqInRAtAw0yvduQqBqcz2grmZrySRR52t2B1gV
cwT6LgES+xx69qmppK8bB2gd9qW82VmtBdRlQupJBvJxUsodtOlaMYYVaqi+lrhO
3+KHTsjpUBUu8p7RKRMP1IQTyHE65luXO9JGQ5Tk7LmNOOE8V6ZyPjfKOf2ioLQE
Z5FQ2okUJTMGL3OLJHk/OwJS0Y2T9wdehjpCXJV0rNQXI0OwXu3F5+a6UNRBNbzn
GhjsmYS5H+RlLGo6QM0Iv/tVYaYpL3I7tJbz6aa0SELtvafv5vjs4aOHREfADD9u
EYtanq9VYdI/l0CHFd+P/jCZp0JXZzgcr4XAhDAGTmhY+W+5NiVymWnRPZc7SZ6E
kk0PnFlwq1gCNPMc7g8Er9fWGhk8Pfo3yONV2W1ndWznjTgQj4CHQ2XH53zo/rif
FFnWpyF+TUgHuN/CtdSkpwcUBfNWfyGz5gCJGNOgxIQX0adneuc=
=C5Ze
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org