Hi everyone,
@Andre : Yes, the material is quite enough, I am using a AJP connector and
as Spring-security automatically rewrites/redirects to https, that is not
the problem I am having. The problem is that even if *one* Tomcat is going
down, the whole setup is dying, Not the point of this task. I want to keep
one alive and it should keep working.
@Chris : I have no option other then Apache httpd as I see it now, I have
already configured some stuff, which I will be posting below. What I want
is to load-balance between both the Tomcat's, but if one goes down, the
other one should still work. I have already put the JSESSIONID(consumed by
Spring-security), in the config. The problem I am having right now is that
even if *one* tomcat goes down, then I get a 503, service not available.
What am I doing wrong?
Also, is there any way to detect which Tomcat is being used by the user
right now?
Here are the changes I made :
For apache2 in sites-enabled/000-default :
<Proxy balancer://mycluster>
BalancerMember ajp://localhost:8010 route=jvmroute-first
connectiontimeout=10
BalancerMember http://localhost:8011 route=jvmroute-second
connectiontimeout=10
ProxySet stickysession=JSESSIONID
Order Deny,Allow
Deny from none
Allow from all
</Proxy>
<VirtualHost *:80>
ProxyPass / balancer://mycluster/
ProxyPassReverse / balancer://mycluster/
</VirtualHost>
First Apache tomcat instance :
<Connector port="8080" proxyPort="80" protocol="HTTP/1.1"
compression="force" compressionMinSize="1024"
connectionTimeout="20000"
redirectPort="443" URIEncoding="utf-8"
compressableMimeType="text/html,text/xml,text/plain,text/css,text/
javascript,application/x-javascript,application/javascript"/>
<Connector port="443" protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="200" compression="force"
compressionMinSize="1024" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS"
keystoreFile="domain.keystore" keystorePass="password"
URIEncoding="utf-8"
compressableMimeType="text/html,text/xml,text/plain,text/css,text/
javascript,application/x-javascript,application/javascript"
/>
Connector port="8010" protocol="AJP/1.3" redirectPort="443"
URIEncoding="utf-8"
compressableMimeType="text/html,text/xml,text/plain,text/css,text/
javascript,application/x-javascript,application/javascript"
/>
<Engine name="Catalina" defaultHost="localhost" jvmRoute="jvmroute-first">
// No modifications inside
</Engine>
Second tomcat instance :
<Connector port="8081" proxyPort="80" protocol="HTTP/1.1"
compression="force" compressionMinSize="1024"
connectionTimeout="20000"
redirectPort="443" URIEncoding="utf-8"
compressableMimeType="text/html,text/xml,text/plain,text/css,text/
javascript,application/x-javascript,application/javascript"/>
<Connector port="443" protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="200" compression="force"
compressionMinSize="1024" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS"
keystoreFile="keystore" keystorePass="password"
URIEncoding="utf-8"
compressableMimeType="text/html,text/xml,text/plain,text/css,text/
javascript,application/x-javascript,application/javascript"
/>
<Connector port="8011" protocol="AJP/1.3" redirectPort="443"
URIEncoding="utf-8"
compressableMimeType="text/html,text/xml,text/plain,text/css,text/
javascript,application/x-javascript,application/javascript"
/>
<Engine name="Catalina" defaultHost="localhost"
jvmRoute="jvmroute-second">
// No modifications inside
</Engine>
So if I shut down one tomcat, then I cannot access the site. What is the
mistake I am making. Kindly let me know. Thank you.
On Wed, Dec 9, 2015 at 1:29 AM, Christopher Schultz <
ch...@christopherschultz.net> wrote:
> Akshay,
>
> On 12/8/15 8:07 AM, Kernel freak wrote:
> > I am working on a Debian server in which I would like to setup 2
> instances
> > of Apache tomcat which will be load balanced by an Apache HTTP server(Do
> I
> > require a http server? ). In-case one copy of Apache tomcat goes down,
> the
> > other one will automatically comes online.
>
> You won't require Apache httpd, but you will need some kind of proxying
> server. Nginx and haproxy will work. Squid, Varnish, etc. will
> presumably all work as well. This community has expertise with Apache
> httpd -> Tomcat as well as some others. I personally have only ever used
> Apache httpd (and likely haproxy, though I don't actually know what AWS
> ELB is using. In either case, I don't configure it directly, so it
> doesn't matter).
>
> > While I was creating a configuration for one of our server, I know how to
> > relay requests based upon URL to Apache Tomcat, these are the 2 things I
> > don't know.
> >
> > 1) Will this work with https? Reason I ask is, there are many pages which
> > are served under https and the configuration which I have and shown below
> > seems to be calling with http instead of https.
> >
> > 2) How to trigger the 2nd copy of tomcat.
> >
> > Here is what I have till now in Apache web server :
> >
> > // Below is the redirection for tomcat webapps.
> > <VirtualHost *:80>
> > ServerName www.domain_tomcat.de
> > ServerAlias domain_tomcat.de
> > ProxyRequests on
>
> I don't think you want this *at all*. "ProxyRequests" is for
> forward-proxying, like providing a MITM for outgoing HTTP traffic.
>
> > ProxyPreserveHost On
> > <Proxy *>
> > Order deny,allow
> > Allow from all
> > </Proxy>
> >
> > // I was thinking instead of routing to maintenance.html, I would start
> the
> > other app, but that sounds quite hackish. I thought there might be a
> better
> > way.
> > ErrorDocument 503 /maintenance.html
> > ErrorDocument 404 /maintenance.html
> > ErrorDocument 500 /maintenance.html
> >
> > ProxyPass /maintenance.html !
> >
> > // As you can see below, I am redirecting with http, which is my first
> > point, will it automatically redirect to https, as tomcat webapp is using
> > Spring-security and it has specific paths for which it must use https.
> > ProxyPass / http://localhost:8080/
> > ProxyPassReverse / http://localhost:8080/
>
> If your VirtualHost supports HTTPS, then you can still use
> http://localhost:8080 as your target. You just need to make sure that
> you send-over all the appropriate headers to the back-end server, and
> enable the various Valves on the Tomcat side to handle the proxying of
> this information:
>
> http://tomcat.apache.org/tomcat-8.0-doc/config/valve.html#Proxies_Support
>
> > <Location / >
> > Order allow,deny
> > Allow from all
> > </Location>
> > </VirtualHost>
> >
> > My tomcat config is rather simple :
> >
> > <Connector port="8080" proxyPort="80" redirectPort="443"
> > protocol="org.apache.coyote.http11.Http11NioProtocol" compression="force"
> > compressionMinSize="1024"
> > connectionTimeout="20000" maxPostSize="5242880"
> > URIEncoding="utf-8"
> > compressableMimeType="text/html,text/xml,text/plain,text/css,text/
> > javascript,application/x-javascript,application/javascript"/>
> >
> >
> > <Connector port="443"
> > protocol="org.apache.coyote.http11.Http11NioProtocol"
> > maxPostSize="5242880" SSLEnabled="true" maxThreads="200" compr$
> > compressionMinSize="1024" scheme="https" secure="true"
> > clientAuth="false" sslProtocol="TLS"
> > keystoreFile="keystore.jks" keystorePass="PASSWORD"
> > URIEncoding="utf-8"
> > compressableMimeType="text/html,text/xml,text/plain,text/css,text/
> > javascript,application/x-javascript,application/javascript"/>
> >
> > I can setup a similar instance of Tomcat in another location if desired.
> > But how can I handle the switching between them when one goes down.
> Kindly
> > let me know. Thank you. :-)
>
> Do you actually want a hot-standby, or do you want to load-balance
> amongst the servers that are available? Often, it's better to use both
> servers at once and have one of them take all of the load, than to
> completely switch from one to another.
>
> -chris
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>
