Hi Timo. i don't know ajp protocol, but I have a similar configuration. this is my configuration that work fine with apache, mod_proxy as frontend and a tomcat 6 with SSL (8443) as backend. u don't set the end point (spike/ <http://127.0.0.1:8009/spike/>) but only the ProxyPass. I'm using another modules, also. Please check my configuration. I hope it can help you. Read this tutorial, it's very usefull: http://www.apachetutor.org/admin/reverseproxies
Cheers, Mauri LoadModule ssl_module modules/mod_ssl.so LoadFile /usr/lib/libxml2.so LoadModule proxy_html_module modules/mod_proxy_html.so LoadModule xml2enc_module modules/mod_xml2enc.so LoadModule headers_module modules/mod_headers.so AddType application/x-httpd-php .amf AddType video/x-ms-asf asf asx AddType audio/x-ms-wma .wma AddType application/octet-stream .doc .xls .pdf AddType application/x-shockwave-flash swf Listen 443 Listen 80 AddType application/x-x509-ca-cert .crt AddType application/x-pkcs7-crl .crl SSLPassPhraseDialog builtin SSLSessionCache shmcb:/var/cache/mod_ssl/scache(512000) SSLSessionCacheTimeout 300 SSLMutex default SSLRandomSeed startup file:/dev/urandom 256 SSLRandomSeed connect builtin SSLCryptoDevice builtin NameVirtualHost mydomain.com:443 <VirtualHost mydomain.com:443> ServerName mydomain.com ProxyRequests off ProxyPass / https://10.173.90.167:8443/ ProxyHTMLURLMap https://10.173.90.167:8443 / <Location /> ProxyPassReverse https://10.173.90.167:8443/ ProxyHTMLEnable On ProxyHTMLURLMap / / RequestHeader unset Accept-Encoding </Location> SSLEngine on SSLProxyEngine on SSLProtocol all -SSLv2 SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW SSLCertificateFile /etc/httpd/cert/certificate.cer SSLCertificateKeyFile /etc/httpd/cert/certificate.key SSLCertificateChainFile /etc/httpd/cert/IT_Global_CA.cer <Files ~ "\.(cgi|shtml|phtml|php3?)$"> SSLOptions +StdEnvVars </Files> <Directory "/var/www/cgi-bin"> SSLOptions +StdEnvVars </Directory> SetEnvIf User-Agent ".*MSIE.*" \ nokeepalive ssl-unclean-shutdown \ downgrade-1.0 force-response-1.0 CustomLog logs/ssl_request_log \ "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" </VirtualHost> 2010/4/28 Timo Meinen <timomei...@googlemail.com> > Hi, > > I have a problem with our reverse proxy. I asked this question to the > tomcat-users mailinglist, too, but no one could help me and I am > absolutely stuck with this problem. So, I hope some of the httpd > experts here, may have an idea: > > Our configuration is a Apache 2.2 web server, acting as a reverse > proxy for Tomcat 6. This is the configuration: > > ServerName it.localhost.de > ProxyPass / ajp://127.0.0.1:8009/spike/ > ProxyPassReverse / ajp://127.0.0.1:8009/spike/ > ProxyPassReverseCookiePath /spike / > > (This is the configuration in the VirtualHost entry for port 80. There > is a second VHost for SSL with SSLProxyEngine On and SSLEngine On). > > As you can see, the webapp is hosted under ContextPath /spike but > available through the proxy via /. Everything works fine, until the > webapp sends an redirect to HTTPS. This is done via SpringSecurity. > The problem is, that the ProxyPassReverse directive doesn't catch the > ContextPath and converts it, if it includes the complete address. > These are the logs from the web browser: > > GET http://it.localhost.de/users/65 => 302 => > https://it.localhost.de/spike/users/65 > > 1) Why does the ProxyPassReverse doesn't convert the /spike back to / > in https://it.localhost.de/spike/users/65? Is it because the Header > isn't relative? The protocol is still AJP and so the Proxy should know > how to convert it, right? > 1a) If so, how could the webapp switch from http to https and vice > versa, when not able to send the absolute address with a new protocol? > > After this, I tried to set additional ProxyPassReverse directives: > > ProxyPassReverse / https://it.localhost.de/spike/ > ProxyPassReverse / http://it.localhost.de/spike/ > > This time, the /spike/ is converted to /, but the two directives leads > to an infintive loop of redirects to > http://it.localhost.de/<REQUEST-URI>. > > 2) How can I stop this loop? or better > 3) How can I configure the ProxyPassReverse correctly? > > Thank you very much for any help > Timo > > Here are the debug information from httpd: > > [Tue Apr 27 16:54:39 2010] [debug] mod_proxy_ajp.c(239): proxy: > APR_BUCKET_IS_EOS > [Tue Apr 27 16:54:39 2010] [debug] mod_proxy_ajp.c(244): proxy: data > to read (max 8186 at 4) > [Tue Apr 27 16:54:39 2010] [debug] mod_proxy_ajp.c(259): proxy: got 0 > bytes of data > [Tue Apr 27 16:54:39 2010] [debug] ajp_header.c(652): ajp_read_header: > ajp_ilink_received 04 > [Tue Apr 27 16:54:39 2010] [debug] ajp_header.c(662): ajp_parse_type: got > 04 > [Tue Apr 27 16:54:39 2010] [debug] ajp_header.c(491): > ajp_unmarshal_response: status = 302 > [Tue Apr 27 16:54:39 2010] [debug] ajp_header.c(502): > ajp_unmarshal_response: Number of headers is = 2 > [Tue Apr 27 16:54:39 2010] [debug] proxy_util.c(1071): ppr: real: > ajp://127.0.0.1:9091/spike/ > [Tue Apr 27 16:54:39 2010] [debug] ajp_header.c(564): > ajp_unmarshal_response: Header[0] [Location] = > [https://it.localhost.de/spike/users/3] > [Tue Apr 27 16:54:39 2010] [debug] ajp_header.c(564): > ajp_unmarshal_response: Header[1] [Content-Length] = [0] > [Tue Apr 27 16:54:39 2010] [debug] ajp_header.c(652): ajp_read_header: > ajp_ilink_received 05 > [Tue Apr 27 16:54:39 2010] [debug] ajp_header.c(662): ajp_parse_type: got > 05 > [Tue Apr 27 16:54:39 2010] [debug] mod_proxy_ajp.c(498): proxy: got > response from 127.0.0.1:9091 (127.0.0.1) > [Tue Apr 27 16:54:39 2010] [debug] proxy_util.c(2062): proxy: AJP: has > released connection for (127.0.0.1) > [Tue Apr 27 16:54:39 2010] [info] Initial (No.1) HTTPS request > received for child 9 (server it.localhost.de:80) > [Tue Apr 27 16:54:44 2010] [debug] mod_proxy_ajp.c(45): proxy: AJP: > canonicalising URL //127.0.0.1:9091/spike/spike/users/3 > [Tue Apr 27 16:54:44 2010] [debug] proxy_util.c(1488): [client > 85.183.135.210] proxy: ajp: found worker ajp://127.0.0.1:9091/spike/ > for ajp://127.0.0.1:9091/spike/spike/users/3, referer: > http://it.localhost.de/ > > > Problem is that the "ajp_unmarshal_response: Header[0] [Location] = > [https://it.localhost.de/spike/users/3]"; doesn't remove the /spike in > the response, so that the next request will lead to the > doubled-context-path: ajp://127.0.0.1:9091/spike/spike/users/3. > > --------------------------------------------------------------------- > The official User-To-User support forum of the Apache HTTP Server Project. > See <URL:http://httpd.apache.org/userslist.html> for more info. > To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org > " from the digest: users-digest-unsubscr...@httpd.apache.org > For additional commands, e-mail: users-h...@httpd.apache.org > >
