On 23/10/2011 20:51, Mark Eggers wrote: > ----- Original Message ----- > >> From: André Warnier <a...@ice-sa.com> >> To: Tomcat Users List <users@tomcat.apache.org> >> Cc: >> Sent: Sunday, October 23, 2011 5:08 AM >> Subject: Re: URI mapping >> >> Let's restart from the beginning. >> >> You have, say, 3 Tomcat servers running, and for the sake of the example >> let's say that these are >> - a Tomcat 5.x server >> - a Tomcat 6.x server >> - a Tomcat 7.x server >> >> You want to run the same applications on all of them (with identical names >> on >> each server), because for instance these are test servers serving to verify >> that >> a given application runs fine under each of these Tomcat versions. >> >> You want to be able to choose which Tomcat server you are accessing, by >> means of >> some URI prefix. >> Example : >> a request with URI "http://myhost/tomcat7/webapp1"; should be forwarded >> to webapp1 on Tomcat7, while a request with URI >> "http://myhost/tomcat5/webapp1"; should be forwarded to Tomcat5. >> >> Of course, once "inside" the respective Tomcat, you want this prefix >> to have been removed, so that the applications inside this Tomcat look >> similar >> to the same ones in other Tomcats, name-wise. >> Example : >> a request with URI "http://myhost/tomcat7/webapp1"; should be forwarded >> to webapp1 on Tomcat7, whith a request URI of "/webapp1" (and not >> "/tomcat7/webapp1"). >> >> For this, you set up a front-end proxy Apache httpd, which should forward >> the >> requests to individual Tomcats in function of the URI prefix, and strip this >> prefix while doing so. >> >> Preferably, you would like to do the proxying via mod_jk. >> >> That is a problem, because the standard proxying instructions of mod_jk >> (JkMount >> e.g.), do not provide a syntax for forwarding URI's, and modifying these >> URIs at the same time. >> >> That is why Mark originally oriented you to mod_proxy and mod_proxy_ajp, >> which >> can do that, for example as : >> >> ProxyPass /tomcat7 ajp://tomcat7-host:8017 >> ProxyPass /tomcat6 ajp://tomcat6-host:8016 >> ProxyPass /tomcat5 ajp://tomcat7-host:8015 >> (and have each Tomcat listen on the apropriate port with its AJP Connector) >> >> Using the above, a request with URI "http://myhost/tomcat7/webapp1"; >> will be forwarded to the tomcat7 server with a URI of "/webapp1", >> while a request with URI "http://myhost/tomcat5/webapp1"; will be >> forwarded to the tomcat5 server with a URI (also) of "/webapp1". >> >> As far as I understand, this is what you want to achieve (although it is not >> via >> mod_jk, but via mod_proxy_ajp instead). >> >> Mark however pointed out the drawbacks of modifying the URI : when one of >> these >> applications generates a self-referencing URI, it will not by default >> re-insert >> the stripped host prefix. For example, if application "/webapp1" on >> tomcat7 creates a page with a link to itself like >> href="/webapp1/something", it will not magically know to make this >> into href="/tomcat7/webapp1/something". And when this link is clicked >> in the browser, it will generate a request to >> "http://myhost/webapp1/something";, and the above Proxy instructions in >> the front-end won't know what to do with it and will ignore it. >> >> And the same happens with redirects etc.. >> You can overcome this, but it is likely in the end to create more hassle >> than >> you really want. >> >> On the other hand, if you do /not/ modify the URI while proxying the call, >> then >> you end up with a much less easy configuration on the side of the Tomcats, >> as >> you have seen before. >> >> So maybe let's look at another kind of solution, involving DNS and >> VirtualHosts. >> >> Would a solution whereby you access the different Tomcats as follows be >> acceptable ? >> - http://myhost-tomcat7.company.com/webapp1 is forwarded to tomcat7's >> webapp1 >> - http://myhost-tomcat6.company.com/webapp1 is forwarded to tomcat6's >> webapp1 >> - http://myhost-tomcat5.company.com/webapp1 is forwarded to tomcat5's >> webapp1 >> >> If yes, then do as outlined below. >> >> For a start, I suppose that you want to have an Apache httpd front-end, and >> that >> the Apache httpd and all tomcats, all run on the same physical host. >> >> Step 1 : >> Suppose that the front-end Apache httpd host is currently known via DNS as >> "myhost.company.com". >> Define 3 additional DNS aliases for it : >> - myhost-tomcat7.company.com >> - myhost-tomcat6.company.com >> - myhost-tomcat5.company.com >> >> Step 2 : >> define 3 new VirtualHost's in the Apache httpd front-end, one each with >> - ServerName myhost-tomcat7.company.com >> - ServerName myhost-tomcat6.company.com >> - ServerName myhost-tomcat5.company.com >> >> (I assume that you know how to do that) >> >> Step 3 : >> In each of these VirtualHost configurations, add the following lines : >> - in the "myhost-tomcat7.company.com" host, add >> ProxyPass / ajp://myhost-tomcat7.company.com:8017 >> ProxyPassReverse / ajp://myhost-tomcat7.company.com:8017 >> (and similarly for the other VirtualHost's) >> >> Step 4 : >> make each of your Tomcats listen on the corresponding AJP port : >> - tomcat7 listens on port 8017 >> - tomcat6 listens on port 8016 >> - tomcat5 listens on port 8015 >> (in their respective AJP Connector) >> >> The advantage of this is that you are no longer modifying the request URI's, >> with all the complications that this brings. >> All you are doing is modifying the hostname:port part, and that only >> requires a >> ProxyPassReverse directive in the httpd front-end, to rewrite possible >> redirect >> headers generated by the Tomcats. >> Also this way, self-referencing URIs generated by the Tomcats will also >> work, >> without applications modifications. >> Cookies may still require help, check the http config help for that. > > > Andre, > > Your suggestion is how I set up multiple Tomcats (CATALINA_HOME / > CATALINA_BASE) and virtual hosts within those Tomcats. I map each of the > Tomcat virtual hosts to separate named virtual hosts on Apache HTTPD. > > I use mod_jk, and each virtual host gets its own uriworkermap.properties > file. That way I can add and delete Tomcat applications on the fly for each > Apache HTTPD virtual host that's mapped to the appropriate Tomcat virtual > host. > > > Each Apache HTTPD named virtual host forwarded to a single Tomcat uses the > same mod_jk <Connector> (although I could add multiple connectors in > server.xml). > > > Each Tomcat virtual host mapped to an Apache HTTPD named virtual host gets > its own manager application. The access is controlled in part by directives > in an Apache HTTPD <Location> block. I suppose I could add another Realm for > each Tomcat virtual host to control that host's manager application as well. > > I've tested this set up with simple applications and it seems to work fine. I > only have two real issues. One, I don't know any way to combine dynamic > Apache HTTPD virtual hosts with mod_jk and JkMount directives. Two, jk-status > and jk-manager refer to all mod_jk connections on a particular Apache HTTPD > server. > > Neither of these are show-stoppers. > > My question in all of this is about cookies. I gather what you're saying is > that if a person accesses the following: > > http://some-host/app (receives cookie) > > Then that cookie could be used in accessing > > http://other-host/app (uses cookie) > > if named virtual hosts are used for some-host and other-host (mapping them to > the same IP address and port). > > Is this correct?
No, I don't think so. You'd need the two hosts to be sub-domains of the primary cookie domain. The jsessionid cookie is set with the server name of the Tomcat instance, rather than a domain with variable subdomains*, unless you have configured it otherwise (Servlet 3.0 only). p * E.g. variable subdomain: .example.com fixed subdomain : host.example.com > If so, I need to investigate how to manage this with Apache HTTPD. I suppose > it's also very unlikely (but possible) to get matching session ids from > independent Tomcats running in this environment? > > If you have any pointers to the Apache HTTPD documentation concerning this, I > would appreciate it (I know, off-topic). > > . . . . just my two (confused) cents > /mde/ > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org >
signature.asc
Description: OpenPGP digital signature
