'Re: Help with proxy from secure Apache to unsecured Tomcat'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       tomcat-user
Subject:    Re: Help with proxy from secure Apache to unsecured Tomcat
From:       Christopher Schultz <chris () christopherschultz ! net>
Date:       2019-08-26 15:39:06
Message-ID: 68a40c4f-32bd-3958-d5d9-8ade139ead69 () christopherschultz ! net
[Download RAW message or body]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Mark,

On 8/26/19 09:24, Mark Bordelon wrote:
> I also was of the opinion that this had to be an apache issue. The
> ssl logging was taken from the included out-of-the-box
> conf.d/ssl.conf. Issue was solved randomly by setting server name
> to www.cloviscorp.com <http://www.cloviscorp.com/> instead of
> cloviscorp.com <http://cloviscorp.com/>.

Try restoring your previous configuration but also adding:

ServerName cloviscorp.com
ServerAlias www.cloviscorp.com

And (your choice):

UseCanonicalName On

On the Tomcat side, you can either use the "default virtual host"
(recommended, IMO) or you can match the vhost name from httpd and also
provide any aliases you need.

If you need to support multiple non-default vhosts in Tomcat in a
single JVM, then you probably don't want to use the default vhost. But
if everything is going to a single vhost in Tomcat, you are better off
only defining the default vhost (which is, uhh, the default) and
letting everything get mapped to that.

- -chris

>> On Aug 26, 2019, at 03:35, André Warnier (tomcat) <aw@ice-sa.com>
>> wrote:
>> 
>> Hi.
>> 
>> That looks more like an Apache httpd issue, than a Tomcat issue
>> (as you mention, the tomcat logfiles do not show anything, and
>> the rest tends to indicate that Apache httpd is not proxying
>> these calls to tomcat, but trying to resolve them locally).
>> 
>> This being said, I cannot find any obvious configuration error in
>> the setup below.
>> 
>> The only thing which makes me a bit suspicious is this :
>> 
>>> ssl_error_log:[Sat Aug 24 11:44:36 2019] [error] [client
>>> 79.75.96.60] = File does not exist:
>>> /var/www/html/com/cloviscorp/ClovisWebApp
>> 
>> where does that "ssl_error_log:" prefix come from ? It does not
>> seem to have a reason to be there, considering your configuration
>> copied below.
>> 
>> On 24.08.2019 14:56, Mark Bordelon wrote:
>>> VERSIONS AND SETUP: Both  Apache/2.2.34 (Unix)   and  Apache
>>> Tomcat/8.0.53  are running on the same Linux AWS EC2 instance.
>>> 
>>> 
>>> 
>>> CONFIGURATION EXCERPT FROM APACHE'S httpd.conf:
>>> 
>>> 
>>> <VirtualHost *:80> ServerName cloviscorp.com DocumentRoot
>>> /var/www/html/com/cloviscorp <Directory
>>> "/var/www/html/com/cloviscorp"> Order Allow,Deny Allow From
>>> All AllowOverride All Options -Indexes </Directory>
>>> 
>>> ProxyRequests Off <Proxy *> Order deny,allow Allow from all 
>>> </Proxy> ProxyPreserveHost On ProxyPass /ClovisWebApp
>>> http://localhost:8080/ClovisWebApp ProxyPassReverse /
>>> http://localhost:8080/
>>> 
>>> <Location "/"> Order allow,deny Allow from all </Location>
>>> 
>>> Header set Access-Control-Allow-Origin null Header set
>>> Access-Control-Allow-Headers "Origin, X-Requested-With,
>>> Content-Type"
>>> 
>>> ErrorLog logs/cloviscorp.com-error_log CustomLog
>>> logs/cloviscorp.com-access_log common </VirtualHost>
>>> 
>>> <VirtualHost *:443> ServerName cloviscorp.com DocumentRoot
>>> /var/www/html/com/cloviscorp <Directory
>>> "/var/www/html/com/cloviscorp"> Order Allow,Deny Allow From
>>> All AllowOverride All Options -Indexes </Directory>
>>> 
>>> SSLEngine on SSLCertificateFile "/etc/httpd/server.crt" 
>>> SSLCertificateKeyFile "/etc/httpd/server.key"
>>> 
>>> ProxyRequests Off <Proxy *> Order deny,allow Allow from all 
>>> </Proxy> ProxyPreserveHost On ProxyPass /ClovisWebApp
>>> http://localhost:8080/ClovisWebApp ProxyPassReverse
>>> /ClovisWebApp http://localhost:8080/ClovisWebApp
>>> 
>>> <Location "/"> Order allow,deny Allow from all </Location>
>>> 
>>> ErrorLog logs/cloviscorp-secure.com-error_log CustomLog
>>> logs/cloviscorp-secure.com-access_log common </VirtualHost>
>>> 
>>> 
>>> 
>>> 
>>> CONFIGURATION EXCERPT FROM TOMCAT's server.xml:
>>> 
>>> 
>>> <Connector port="8080" protocol="HTTP/1.1" 
>>> connectionTimeout="20000" redirectPort="8443" 
>>> proxyName="www.cloviscorp.com" proxyPort="80"/>
>>> 
>>> <Connector executor="tomcatThreadPool" port="8080"
>>> protocol="HTTP/1.1" connectionTimeout="20000" 
>>> redirectPort="8443" />
>>> 
>>> 
>>> 
>>> PROBLEM:
>>> 
>>> A) http://www.cloviscorp.com/ClovisWebApp/textservice/health
>>> WORKS FINE B)
>>> https://www.cloviscorp.com/ClovisWebApp/textservice/health
>>> RETURNS: Not Found The requested URL
>>> /ClovisWebApp/textservice/health was not found on this server.
>>> 
>>> 
>>> 
>>> LOGS:
>>> 
>>> Tomcat logs show nothing, Apache log the following when I hit
>>> the second = (Secure) link: ssl_error_log:[Sat Aug 24 11:44:36
>>> 2019] [error] [client 79.75.96.60] = File does not exist:
>>> /var/www/html/com/cloviscorp/ClovisWebApp 
>>> --------------------------------------------------------------------
- -
>>>
>>> 
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>>> For additional commands, e-mail: users-help@tomcat.apache.org
>>> 
>> 
>> 
>> ---------------------------------------------------------------------
>>
>> 
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>> For additional commands, e-mail: users-help@tomcat.apache.org
>> 
> 
> 
-----BEGIN PGP SIGNATURE-----
Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/

iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAl1j/RkACgkQHPApP6U8
pFjfhRAAx1GmXWM3dnG4GGFjeTWV5bAY1jPj60SU/nnAKJyMtlOvU5Xk1Sw1dCKv
QIUmutCKPi5gbYJj94u2ZeHn9fiqYc7KjszgHk/7V20l/q/9FIp19xn5m3wNq45X
nf7aWApcZOnN6DfnrsTVtW3qT0PEvhKWQ6y+vH25YKgBFEi/uuN98LcUg8luWryZ
ZmjgOPLVif8SIl2XM/BZDw+tKyeb1JJPcD9oSDSvMhRBueJhOBmn71SSjayk4Ljv
iSoZ/c5jfwz5EsC8qnrU/h0feqIVSeBOYhs7QBk1RlowUXeW5/QMs3tigmGLuAG3
RYW72zLYAUce9BWc5hY5Q57cHxqiBaWyND+FBkhKbZsTTapxCRe5jRG9mwzNXrTK
wEF2YHUEvLIkcCuAwHTEF/gGcHDeLXYmbCRDS8tXKP0LzV5AzAuUZtCa7uNbPrP4
gjxuAnTjxS2qC4q747NBH0P6lx3kadAJpkaZDIr1AK7WaobQpvIMCyqKGIgTdK98
EVKHFBUhd2Pd+/LjQA9FknMakBV2ZBiXoOv9RgSy6fgUVUt/1zTMfieyTpDSJeAi
ZKZH6eonNu/90tJ4dxr1Yj98m8zgIF5nDPararSz79P6/mkj0SHN+jIYcb0Ub2l3
AOLHwaWSL+rmVJl2YKEFfiWJgmGKumD/ABYdzNwT1Cu7wVaw8ao=
=Sedp
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic