Dec 08, 2015 Why a proxy? Apache's Tomcat is a complex beast whose primary role is to render JavaServer Pages. While it can be configured to use and serve the modern web it's often an unnecessarily complex procedure. By using a dedicated reverse-proxy server such as nginx it allows you to separate web applications from the task of web serving. Use a solo instance of.
I am using Apache Tomcat for deploying the application.The application require ProxyPass and ProxyPassReverse to be configured,I have read documents stating that the ProxyPass are served by Apache Server.How can I serve and configure the same using tomcat without using Apache Server.
I have read the below codeis configured in httpd.conf file of Apache server for serving proxyPass and ProxyPassreverse:
starsstars
1 Answer
These directives are used if you have a reverse proxy 'in front' of tomcat. In this case, if the reverse proxy is Apache httpd. The directives are required because tomcat might not know the original request's target, and httpd can 'translate' from what tomcat thinks the request should look like to what the user's browser needs the request to be.
If you do not have a reverse proxy in the game, Tomcat would see the original request data, and all of these instructions can simply be omitted.
If you are using a different reverse proxy (say nginx) you'll need to find the equivalent instructions that make the reverse proxy of your choice adapt both worlds to each other.
Another message of caution: If you're handling everything on Tomcat, make sure you're not running as root just in order to bind to ports 80 or 443. You must not run tomcat as root! (If you don't: Good. I've put it here for everybody who reads it. Can't be repeated often enough)
Not the answer you're looking for? Browse other questions tagged apachetomcat or ask your own question.
When a reverse proxy is used primarily for load balancing, it is obvious why the routing of requests to a pool of N proxied servers should help balance the load.
However, once the server-side computations for the requests are complete and it's time to dispatch the responses back to their clients, how come the single reverse proxy server never becomes a bottleneck?
My intuitive understanding of the reverse proxy concept tells me,
that the reverse proxy server that is proxying N origin servers behind it would obviously NOT become a bottleneck as easily or as early as a setup involving a single-server equivalent of the N proxied servers, BUT it too would become a bottleneck at some point because all N proxied servers' responses are going through it.
that, to delay the above sort of a bottleneck point (from being reached) even further, the N proxied servers should really be dispatching the responses directly to the client 'somehow', instead of doing it via the single reverse proxy sitting in front of them.
Where am I amiss in my understanding of the reverse proxy concept? Maybe point #2 is by definition NOT a reverse proxy server setup, but keeping definitions aside, why #2 is not popular relative to the reverse proxy option?
A reverse proxy, when used for load-balancing, will proxy all traffic to the pool of origin servers. This means that the client TCP connection terminates at the LB (the reverse proxy), and the LB initiates a new TCP connection to one of the origin nodes on behalf of the client. Now the node, after having processed the request, cannot communicate to the client directly, because client TCP connection is open with the Load Balancer's IP. The client is expecting a response from LB, and not from any other random dude, or a random IP (-: of some node. Thus, the response usually flows the same way as the request, via the LB. Also, you do not want to expose the node's IP to the client. This all usually scales very well for request-response systems. So my answer to #1 is: the LB usually scales well for request-response systems. If at all required, more LBs can be added to create redundancy behind a VIP.
Now, having said this, it still makes sense to bypass the LB for writing responses if your responses are huge. For example, if you are streaming videos in response, then you probably don;t want to choke your LB with humongous responses. In such a scenario, one would configure a Direct Server Return LB. This is essentially what you are thinking of in #2. This allows responses to flow directly from origin servers, bypassing the LB, and still hiding the IP of origin nodes from clients. This is achieved by configuring the ARP in a special way, such that the responses written by origin nodes carry the IP of LB. This is not straight forward to setup, and the usual proxy mode of LB is fine for most use cases.
Apache ProxyPass: standalone vs location tag?
apache,reverse-proxy
Using the Location Directive is the preferred method to use. The alternative syntax of Proxypass like this ProxyPass /app http://10.0.0.10/blah can have performance impact when there are many. However depending on your need the alternative syntax might be better. From the documentation: The following alternative syntax is possible, however it...
When should same policies be added under both vcl_recv and vcl_fetch?
caching,reverse-proxy,varnish,varnish-vcl
I really cannot see why there should be any case where this is useful. You create hit-for-pass objects when the VCL has no idea that the resulting response cannot be caches. If the VCL can figure our that the response should not be cached you should just 'pass' and be...
Do you have a specific reason to do like this ? Because if not and you only needs to check your app on a device there are few other alternatives. 1 - PhoneGap Developer app You can install this in your device (ex: IPhone) and as long as your phone...
Nginx reverse proxy to Wordpress on an URI
wordpress,symfony2,redirect,nginx,reverse-proxy
I think I managed to come with a so-so solution. Far from being perfect or clean, but... well, it works. blog.domain.com's config: server { listen 80; server_name blog.domain.com; root /home/webserver-blog; access_log /home/webserver-blog/logs/http_access.log; error_log /home/webserver-blog/logs/http_error.log; charset utf-8; client_max_body_size 65m; # Some extra speed open_file_cache max=1000 inactive=20s; open_file_cache_valid 30s; open_file_cache_min_uses 2; open_file_cache_errors...
haproxy: What are its uses?
performance,reverse-proxy,haproxy,f5
You may check this list for alternative Load Balancing tools. Cloud providers (Amazon, Rackspace, Google Compute Engine, Softlayer etc), but also some dedicated/VM server providers, usually offer some cheap Load-Balancing solutions as a service. Haproxy currently seems to be one of the most popular opensource software for Reverse-Proxy, Load-Balancing and...
How to configure Wampserver to act as a WebSocket proxy?
html5,proxy,websocket,wampserver,reverse-proxy
I managed to solve this as follows: Client hosted on my machine at port 6060. Backend server is a Java servlet (annotated as 'ChatProxy') running through Glassfish on my machine at port 8080. Proxy server is on a different machine, which listens on port 6060. The client uses a standard...
How to force Apache 2.2 to send the full certificate chain?
apache,ssl,certificate,reverse-proxy,mod-ssl
You are on the right track. SSLCertificateFile server.crt >> Your public certificate SSLCertificateKeyFile server.key >> Your private key SSLCertificateChainFile chain.crt >> List of intermediate certificates; in your case, only one - GoDaddy intermediate CA Check your server configuration with a tool like SSL Labs to determine if you are sending...
ENOTFOUND error with express.js (nodejs)
javascript,node.js,express,proxy,reverse-proxy
Apparently the internal network limitations constricted external calls. var request = require('request').defaults({'proxy': 'http://myproxy:1234/'}); solved the problem...
Elasticsearch head plugin not working through nginx reverse proxy
I was able to work out two solutions to get around the permission, so I'll present them both. One thing to know about my nginx set-up is that I did not use sudo to install it. I unarchived the tar file, configured, and make installed it, so it was residing...
Using Varnish only as a Reverse Proxy without caching
linux,reverse-proxy,varnish
if you want varnish to do nothing with the request at all you should use pipe. This prevens varnish from rewriting the headers. the response is send back from varnish direclty sub vcl_recv { return(pipe); } ...
How to make your Plone site accessible via IIS
iis,plone,reverse-proxy
One option is enfold proxy which is probably one of the first things to come up. I didn't realise at the time there was a free version otherwise I might have investigated that first; still now you get to benefit from my experiences. So If you don't want to use...
What's difference between static and non-static resources?
In this case, a static resource refers to one that is not generated with code on the fly, meaning that its contents won't change from request to request. Images, JavaScript, CSS, etc., are all candidates for this. Basically, you set a large cache time for these resources, and your Nginx...
Reverse Proxy in Python using WSGI
python,proxy,wsgi,reverse-proxy
See the Paste proxy middleware. http://pythonpaste.org/wsgiproxy/ ...
upstream timed out (110: Connection timed out) for static content?
nginx,reverse-proxy,connections
OK, I didn't like reading manuals, but to answer my question: nginx close upstream connection after request solved it. So what was the problem: I've configured upstream to use keepalive but Nginx doc suggests to set following options in proxy location: proxy_http_version 1.1; proxy_set_header Connection '; That's it and thousand...
apache websockets reverse proxy
apache,websocket,reverse-proxy
Yes, its possible. We have used Apache to reverse proxy websocket. Make sure that your Apache is built with the module: mod_proxy_wstunnel. Which is supported after Version 2.4.5. Then you just need to find out which port for your websocket is using. If it is also using 3050, then you...
How to set up a reverse proxy in nodejs for multiple targets?
javascript,node.js,proxy,reverse-proxy
First of all, this is a forward proxy, second, here is a working code of what you want, modify it as you please call this from http://127.0.0.1:5432/yahoo.com var request = require('request'); var express = require('express')(); var session = require('cookie-session'); express.set('trust proxy', 1) express.use(session({ keys: ['key1', 'key2'] })) express.use(function(req,res,next) { if(req.url.indexOf('.com')...
Flask + Nginx proxy: Does it matter which one serves static files?
python,nginx,proxy,flask,reverse-proxy
Yes, it counts. nginx is written in C and handles all what shall web server handle for your static files. Apart from speed, you will also get lower load on your Python code. Regarding caching - if you like, nginx can serve for your app also as a cache, see...
Well, in fact it is quiet easy... Having such folders configured: /var/www/static/ |- css/* |- js/* medias/* The following httpd configuration will redirect static/* to the /var/www and the rest will be proxied # first rewrite for statics RewriteEngine On RewriteRule ^/context/static/(.+)$ /static/$1 # then proxy remaining... ProxyPass /context...
Apache ProxyPassReverse not rewriting Location header properly
Turns out I had improperly diagnosed this. The backend webserver (in this case, it happened to be rails) was actually specifying the http URL explicitly. This is because it was using the incoming request parameters to build its redirection URL. So, since ProxyPreserveHost was enabled, it was getting the host...
How can I make a special URL like 'http://appname/
networking,nginx,proxy,reverse-proxy
You would need to run your own DNS server on the intranet with rules for these names. For implementing the server, you may wish to look into Zonefiles with BIND. How to configure machines on your network to use this DNS server is a matter of how network settings for...
Magento frontend redirect error while using reverse proxy
apache,magento,reverse-proxy
For the record, reverse proxy needed the directive ProxyPreserveHost On As it is set to Off by default there was an infinite redirection as Magento was trying to access the external address which was transformed as local ip by reverse proxy ans so on. With ProxyPreserveHost On reverse proxy transmits...
gitlab behind https terminating reverse proxy and oauth
github,oauth,https,reverse-proxy,gitlab
After some playing around I found out that setting the following in the nginx config solves the issue: proxy_set_header X-Forwarded-Proto https; Since I always want to access my gitlab instance via https, this works well for me and seems to also make oauth possible now. Sorry, I should've played around...
I think your configuration should be correct, but it seems that this is the intended behaviour of jwilder/nginx-proxy. See these lines in the file nginx.tmpl: https://github.com/jwilder/nginx-proxy/blob/master/nginx.tmpl#L89-L94 It seems that if a certificate is found, you will always be redirected to https. EDIT: I found the confirmation in the documentation The...
Configure Apache as reverse proxy and tomcat over https
apache,tomcat,https,reverse-proxy
any issue as in 'anything else but additional setup requirements, more performance issues and more things to break'? I can't think of some, but refuse to give a blank 'pass' to go with this. You'll have to argue for what you want to achieve. If you can't trust the connection...
AJAX Post Request for application with Reverse Proxy not working
ajax,iis-7.5,http-post,reverse-proxy
The issue was that there was one module entry which was causing some issues, removed that module and everything was working fine. Regrads, Tarun...
Map a url directory to localhost
proxy,reverse-proxy,hosts
This can be done with Fiddler In the AutoResponder tab, tick 'Enabled automatic responses' and 'Unmatched requests passthrough' Add a rule... Match: regex:(?i)http://int.company.com/site/localspoof/(.*) Respond with: http://127.0.0.1:8008/localspoof/$1 This will capture all traffic under subfolder on a site, and transparently map a local server / folder to any resources specified in the...
How to perform proxypassreverse with regex
regex,apache,reverse-proxy
In order to use a regex you must use ProxyPassMatch: ProxyPassMatch ^/server-(d+)/$ server-$1.{My server} The purpose of ProxyPassReverse is to fix any Location headers that the proxy server issues for itself. For example if I proxy mywebsite.com to bluewebsite.com and bluewebsite.com issues a redirect to bluewebsite.com/1, ProxyPassReverse will intercept it...
How to configure Nginx to try two upstreams before 404ing?
nginx,configuration,reverse-proxy
After further googling, I came upon this solution: location / { # Send 404s to B error_page 404 = @backendB; proxy_intercept_errors on; log_not_found off; # Try the proxy like normal proxy_set_header X-Forwarded-For $remote_addr; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_pass http://A; } location @backendB { # If A didn't work,...
WL-Proxy-Client-Cert header not sent
apache,servlets,weblogic,reverse-proxy
I have finally got an answer from Oracle support on this. The problem was that i had to add one SSL directive to my virtual host configuration: SSLOptions +ExportCertData It goes under 'IfModule ossl_module', right next to 'SSLVerifyClient require' directive that specifies 2-way authentication for the proxy. Note that after...
How rewrite target URL in reverse proxy developed with Apache http-core-4.3.3
java,apache,reverse-proxy,apache-httpcomponents
HttpRequest and HttpResponse objects are very cheap. When implementing a proxy with HttpCore you should always be making a copy of incoming messages instead of passing the same object for several reasons: URI rewriting being one handling of so called hop-by-hop headers being another protocol upgrade / downgrade when for...
Rails app on heroku - reverse proxy to bluehost WordPress site (https to http) - Chrome/FF won't load assets. How to fix?
ruby-on-rails,wordpress,ssl,heroku,reverse-proxy
I eventually resolved this by getting an SSL certificate for the blog (myappblog.com) as well. Once the blog site and the app site were both secure, this wasn't a problem anymore.
Apache proxy - HTTP to HTTPS
windows,apache,proxy,reverse-proxy,mod-proxy
A quick search reveals that something like this: http://superuser.com/questions/704781/apache-mod-proxy-with-automatic-authentication Should allow you to perform the authentication and add it into the header....
Injecting reverse proxy HTTP headers into Express.js app
Using a plain Header will set a response header. You need to add a request header so your downstream app can access it, therefore you need to use the RequestHeader directive like so: RequestHeader set X-Script-Name '/app'...
Nginx proxy_pass not working in selinux
nginx,reverse-proxy,selinux
Read about audit2allow and used it to create a policy to allow access to the denied requests for nginx. [root]# sudo cat /var/log/audit/audit.log | grep nginx | grep denied | audit2allow -m nginxlocalconf > nginxlocalconf.te [root]# cat nginxlocalconf.te module nginxlocalconf 1.0; require { type httpd_t; type var_t; type transproxy_port_t; class...
How to configure OwnCloud and Reverse Proxy?
apache,proxy,reverse-proxy,owncloud
I was able to use Apache reverse proxy module. For me, using ProxyPassReverse directly was not able to route back to the original route. By using ProxyPass, ProxyHTMLURLMap and creation of link locations it did work out well....
why Jenkins complains reserve proxy setup is broken
jenkins,reverse-proxy
It turns out everything works fine even though the annoying message persistently appears. I think it is a minor bug of the version.
nginx proxy_pass to a linked docker container
nginx,docker,reverse-proxy
You should take a look at this answer about using /etc/hosts as your resolver: Using /etc/hosts as resolver for url rewriting Basically, your dns or resolver does not use /etc/hosts to resolve names during a lookup, but you can work around this by installing dnsmasq and using 127.0.0.1 as your...
Another nginx reverse proxy issue
ssl,nginx,reverse-proxy
The config below should do a similar redirect as you mentioned without entering a loop: upstream my_upstream_server { server 10.20.30.40:12345; } server { server_name ssl-enabled.example.com; listen 443 ssl; ssl_certificate /etc/ssl/server.crt; ssl_certificate_key /etc/ssl/server.key; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers HIGH:!aNULL:!MD5; location /upstream { proxy_pass http://my_upstream_server/; proxy_redirect off; proxy_set_header Host $host; proxy_set_header X-Real-IP...
Reverse Proxy: Why response dispatch is not a bottleneck?
A reverse proxy, when used for load-balancing, will proxy all traffic to the pool of origin servers. This means that the client TCP connection terminates at the LB (the reverse proxy), and the LB initiates a new TCP connection to one of the origin nodes on behalf of the client....
Do HTTPS Reverse Proxies without CONNECT exist?
https,connect,reverse-proxy
I found the answer. Not 'reverse' proxy but forward proxy is the answer in this case.
Nginx reverse proxy configuration for multiple domains
apache,nginx,webserver,cpanel,reverse-proxy
You config is almost correct server { listen frontip:80 default_server; location / { proxy_pass http://127.0.0.1:8080; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_redirect http://$host:8000/ http://$host/; } } But best way to you do not use 8080 port. All you need is tell to nginx to bind only external ip. Add ip...
You can use mod_headers to remove the duplicate header. See their official docs for information on how to enable it. Then you can add a line like this to your configuration file so that the first part of header disappears: RequestHeader edit Authorization '^BASIC abc123, ' ' Let me know...
lighttpd reverse proxy - all responses are blank pages
reverse-proxy,lighttpd
For those who find this question and have the same problem .... I switched to nginx and had it running in 15 minutes. Not sure why lighttpd wasn't able to do the same.
Remote nginx proxy server - unable to download file from website?
php,nginx,joomla,proxy,reverse-proxy
Resolved the issue.... The proxy was stripping all the request/get variables from the request. Note the changes under the 'location' directive From proxy_pass http://$host$uri; To proxy_pass http://$host$request_uri; ...
proxying relative urls with nginx
nginx,proxy,webserver,reverse-proxy
Based on your updated comments; if the upstream backend sends the referer header, you could do something like this: location ~* ^/(css|js)/.+.(css|js)$ { #checking if referer is from app1 if ($http_referer ~ '^.*/app1'){ return 417; } #checking if referer is from app2 if ($http_referer ~ '^.*/app2'){ return 418; } }...
You missed proxy_set_header Host $host; And actually, I don't see any reason to have X-Forwarded-Host and X-Forwarded-Server headers....
Login backend in TYPO3 with Proxy
ubuntu,proxy,apache2,typo3,reverse-proxy
So now, I can say that not possible like I what to do (I think.) So now I use two ServerNames...
Require https with Spring Security behind a reverse proxy
java,https,spring-security,reverse-proxy
If your site is HTTPS and you're running Apache Tomcat behind another system that's handling TLS termination, you can tell Tomcat to 'pretend' that it's handling the TLS termination. This makes request.isSecure() return true; To do so, you need to add secure='true' to your Connector config in server.xml. https://tomcat.apache.org/tomcat-7.0-doc/config/http.html See...
TLS, headers and proxies : how to answer the client?
ssl,encryption,nginx,reverse-proxy
How 7) happens ? I think that it cannot be reencrypted randomly, right ? it has to get a key in a cache or something, no ? 7 happens by encrypting the response data with the session key that was negotiated during the SSL handshake....
A custom proxy yields Incompatible magic value 1012089682
http,reverse-proxy
There was indeed a bug in my proxy code. I am not exactly sure what caused the symptoms described above, but fixing the code so that it didn't re-authenticate every time fixed my issue.