[SOLVED] apache as a front end to a tomcat application

jamesbon · 02-01-2011, 08:06 AM

Hi,
I am trying to use Apache as a front end to an application which runs on a
Tomcat server.On lan I am able to correctly see it but from internet things are not working.
I tried understanding mod_jk page but I was unable to get to the correct settings.
following is the application I am trying to get up and running
https://confluence.sakaiproject.org/.../DOC/Sakai+2.7
(the binary version of above page).

Apache vhost and the URL where I am trying all this can be read here
http://pastebin.com/L32D6ii5

On lan it is accessible
http://192.168.1.4:8080/portal
perfectly but from internet I am not clear as what is wrong with it.

szboardstretcher · 02-01-2011, 09:42 AM

If you are unable to get to the page from the internet, have you made the proper firewall adjustments? Is the application listening on the correct interface?

Are you making a Virtual IP connection to a lan interface?

What are you doing to be able to access this from the internet?

jamesbon · 02-01-2011, 10:31 AM

Hi to be able to access the application from internet I just type the URL from my computer at home like you will be doing.Where as to access it from within the organization I access it as http://192.168.1.4:8080/portal nothing special this is how it works after installation as link here says in section 8

Quote:

Once Tomcat has started successfully, you should be able to direct your browser to its gateway page at http://localhost:8080/portal (or replace 'localhost' with the name of the server where it's installed)

Here is a link following which I am setting apache reverse proxy for sakai
https://confluence.sakaiproject.org/...+mod_proxy_ajp

I am not clear with 2 things on above URL
1) Point no 5
2) Point no 7

Where should I create ajp.conf on server where Apache is running or on server where sakai is running.
Since both are different machines.

Then confusion is in ajp.conf and what should I use in vhost configuration.
as the link says to do some thing like

Quote:

ProxyPass / ajp://localhost:8009/
ProxyPassReverse / ajp://localhost:8009/

in my case the server on which Apache is running and the server where
Sakai is are physically different machines.
So should I replace localhost by IP of machine where sakai
(tomcat) instance is running.Is that correct or it is saying me to point to localhost of machine where Apache is running?

I am not clear with point no 7 of URL.
Which says

Quote:

"Once again, ensure you have the line in httpd.conf that is going to
load this ajp.conf file."

here is it referring to the Apache vhost file or apache2.conf I am
having a Ubuntu server which does not have httpd.conf What I till now
have understood the server which faces the internet I should have some
thing defined in Apache vhost on that server.
Correct me if I am wrong.
Here is the apache configuration if some one wants to have a look

Quote:

<VirtualHost *:80>

ProxyRequests off
<Proxy *>
Order deny,allow
Allow from all
</Proxy>

ProxyPreserveHost Off
ProxyHTMLInterp On

ProxyPass /portal http://192.168.1.4:8080/portal
ProxyPassReverse /portal http://192.168.1.4:8080/portal

ProxyPass / http://192.168.1.4/
ProxyPassReverse / http://192.168.1.4/

</VirtualHost>

The above configuration is server on which Apache is running and
mod_proxy_ajp of Apache is configured
I have created a file named ajp.conf but not clear with the entries.

bathory · 02-01-2011, 12:26 PM

Hi,

1.

Quote:

So my guess is I should replace localhost by IP of machine where sakai
(tomcat) instance is running.Is that guess correct?

You're correct. You should use:

Code:

ProxyPass / ajp://192.168.1.4:8009/
ProxyPassReverse / ajp://192.168.1.4:8009/

2.
Just make sure that in /etc/apache2/apache2.conf there is:

Quote:

Include /private/etc/apache2/other/*.conf

3.

Quote:

Here is the apache configuration if some one wants to have a look
Quote:
<VirtualHost *:80>

ProxyRequests off
<Proxy *>
Order deny,allow
Allow from all
</Proxy>

ProxyPreserveHost Off
ProxyHTMLInterp On

ProxyPass /portal http://192.168.1.4:8080/portal
ProxyPassReverse /portal http://192.168.1.4:8080/portal

ProxyPass / http://192.168.1.4/
ProxyPassReverse / http://192.168.1.4/

</VirtualHost>
The above configuration is server on which Apache is running and
mod_proxy_ajp of Apache is configured

You can put all of these in /etc/apache2/sites-enabled/000-default

jamesbon · 02-01-2011, 01:09 PM

I cannot put it in 000-default.The problem is I am having one webserver where Apache is running which is acting as a reverse proxy to at least 3 different sites.
The URLs of those sites are software.openitup.in,research.openitup.in,social.openitup.in and then there are several different applications running behind each of the above URL.
What I have to do is install 10 different LMSes as given on this page
http://barrysampson.com/2009/04/open...ves-to-moodle/
all on the domain research.openitup.in

Now comes the problem.The site
has 7 different LMSes
The last one of above is not working and the problem right now I posted is about sakai.If I create a file ajp.conf then remaining of my sites are not accessible.

bathory · 02-01-2011, 01:41 PM

Quote:

I cannot put it in 000-default.The problem is I am having one webserver where Apache is running which is acting as a reverse proxy to at least 3 different sites.

As I understand it, you have 3 vhosts defined. In this case put the reverse proxy directives into the file that defines research.openitup.in

Quote:

http://research.openitup.in/dokeos/
http://research.openitup.in/docebolms/
http://research.openitup.in/ilias/
http://research.openitup.in/efront/

The last one of above is not working and the problem right now I posted is about sakai.If I create a file ajp.conf then remaining of my sites are not accessible.

You don't need to put the proxy stuff in both ajp.conf and into the vhost definition. Delete ajp.conf and add the following in the vhost research.openitup.in among the other ProxyPass* directives

Code:

ProxyPass /efront ajp://192.168.1.4:8009/efront
ProxyPassReverse /efront ajp://192.168.1.4:8009/efront

jamesbon · 02-02-2011, 01:38 AM

Quote:

Originally Posted by bathory

As I understand it, you have 3 vhosts defined.

Yes correct.

Quote:

Originally Posted by bathory

In this case put the reverse proxy directives into the file that defines research.openitup.in

Ok.

Quote:

Originally Posted by bathory

You don't need to put the proxy stuff in both ajp.conf and into the vhost definition.

Thanks for clarifying this out this was really helpful.

Quote:

Originally Posted by bathory

Delete ajp.conf and add the following in the vhost research.openitup.in among the other ProxyPass* directives

Ok the question is about sakai currently not efront.

So I get what you are saying in the vhost configuration file
I put the following

Code:

ProxyPass /portal ajp://192.168.1.4:8009/portal
ProxyPassReverse /portal ajp://192.168.1.4:8009/portal

and the server where sakai is actually running
One doc here says
https://confluence.sakaiproject.org/...+mod_proxy_ajp
to configure Tomcat in point no 2

Quote:

<Connector port="8009"
enableLookups="false" redirectPort="8443" protocol="AJP/1.3" URIEncoding="UTF-8" />

and comment out server.xml I have done changes accordingly if you want to have a look at server.xml
it is here http://pastebin.com/vpn0qmM4
as per the doc
https://confluence.sakaiproject.org/...+mod_proxy_ajp
I have made changes to sakai.properties can be seen here http://pastebin.com/Z9dhwfsZ

Quote:

serverUrl=http://localhost:80

the above line was edited on the system (which different from where Apache is running) as the doc here says to adjust the serverUrl.

Now you access the site http://research.openitup.in/portal
I am currently trying to get sakai up and running efront will still take some time once I finish this one.
Here is the apache vhost file for research.openitup.in after doing changes as you specified (but this machine is different from where the things are actually running)

Code:

<VirtualHost *:80>


        ServerName research.openitup.in
        ProxyRequests off
        <Proxy *>
        Order deny,allow
        Allow from all
        </Proxy>

        ProxyPreserveHost Off

        ProxyPass /portal ajp://192.168.1.4:8009/portal
        ProxyPassReverse /portal ajp://192.168.1.4:8009/portal


       ProxyPass / http://192.168.1.4/
       ProxyPassReverse / http://192.168.1.4/

</VirtualHost>

Something is coming on internet but a correct site which is available from inside is as following snapshot
http://www.flickr.com/photos/55167530@N02/5408354690/
so this is what it should look like after all redirections.
DO not be bothered by the URL in snapshot (the snapshot was working when I got the first time sakai working on this site)
Currently after doing all as I mentioned above the site is not accessible correctly.

bathory · 02-02-2011, 03:20 AM

Hi,

According to the documentation of what you're trying to setup, there is no need to proxy the /portal URI. Just proxy / to the backend <server-IP>:8009/.
Try the following:

Code:

<VirtualHost *:80>
        ServerName research.openitup.in
        
        <Proxy *>
        Order deny,allow
        Allow from all
        </Proxy>
       ProxyRequests off
       ProxyPreserveHost On
       ProxyPass / http://192.168.1.4:8009/
       ProxyPassReverse / http://192.168.1.4:8009/
</VirtualHost>

jamesbon · 02-02-2011, 04:26 AM

Quote:

Originally Posted by bathory

Hi,

According to the documentation of what you're trying to setup, there is no need to proxy the /portal URI. Just proxy / to the backend <server-IP>:8009/.

Bathory that exactly is the problem if I do

Quote:

ProxyPass / http://192.168.1.4:8009/
ProxyPassReverse / http://192.168.1.4:8009/

to get research.openitup.in/portal working then my site
research.openitup.in will stop working if you notice in above configuration the site
research.openitup.in itself is coming from a proxy.
So we can not
do a

Quote:

ProxyPass / http://192.168.1.4:8009/

and then at the same time

Quote:

ProxyPass / http://192.168.1.4/

Note the following

Quote:

<VirtualHost *:80>

ServerName research.openitup.in
ProxyRequests off
<Proxy *>
Order deny,allow
Allow from all
</Proxy>

ProxyPreserveHost Off

ProxyPass /portal ajp://192.168.1.4:8009/portal
ProxyPassReverse /portal ajp://192.168.1.4:8009/portal

ProxyPass / http://192.168.1.4/
ProxyPassReverse / http://192.168.1.4/

</VirtualHost>

So I am using /portal because / is already proxied inside.So root i.e. / of site can't be forwarded twice.

bathory · 02-02-2011, 06:44 AM

So you have "/" proxied somewhere else and you want /portal to be proxied at <tomcat-ip>:8009/
I don't think this is going to work. Since the application developer says that you need to use "/" in reverse proxy, I guess this is the way he deployed the application.
Maybe you should try the other way around, i.e. do something like:

Code:

ProxyPass /something/ http://192.168.1.4/
ProxyPassReverse /something/ http://192.168.1.4/

ProxyPass / http://192.168.1.4:8009/
ProxyPassReverse / http://192.168.1.4:8009/

dlugasx · 02-02-2011, 08:02 AM

The best answer for this is mod_proxy_ajp.

Normal proxy for Java application is not good idea.

Instead of using mod_jk, mod_proxy, iptables transparent proxy or whatever... just use this

Few lines and working... as should be

http://www.zeitoun.net/articles/conf...h-tomcat/start

jamesbon · 02-02-2011, 11:00 AM

Quote:

Originally Posted by bathory

So you have "/" proxied somewhere else and you want /portal to be proxied at <tomcat-ip>:8009/
I don't think this is going to work. Since the application developer says that you need to use "/" in reverse proxy, I guess this is the way he deployed the application.
Maybe you should try the other way around, i.e. do something like:

Code:

ProxyPass /something/ http://192.168.1.4/
ProxyPassReverse /something/ http://192.168.1.4/

ProxyPass / http://192.168.1.4:8009/
ProxyPassReverse / http://192.168.1.4:8009/

I got your point.I think you are correct here let me inform my admins and see if I can get one more machine for the same.It might take a week or so but I surely will update on this part.
what I found is all requests are at /

i.e. press Ctrl+Shift+I in Chrome you will see headers and then
what you said is making sense,so either I do what you said or I get one more domain name
if this is what can work.

Quote:

Originally Posted by dlugasx

The best answer for this is mod_proxy_ajp.

Thanks for your link I checked that how ever I am already using mod_proxy_ajp.This thread is about that only.Welcome back to the world

bathory · 02-02-2011, 01:52 PM

OK, I've downloaded the app and tested locally
It looks like you need another ProxyPass* set for the /library path, because otherwise you cannot access that URI. So try:

Code:

ProxyRequests Off
ProxyPreserveHost On

ProxyPass / http://192.168.1.4/
ProxyPassReverse / http://192.168.1.4/

ProxyPass /portal ajp://192.168.1.4:8009/portal
ProxyPassReverse /portal ajp://192.168.1.4:8009/portal

ProxyPass /library ajp://192.168.1.4:8009/library
ProxyPassReverse /library ajp://192.168.1.4:8009/library

jamesbon · 02-03-2011, 02:05 AM

Hi thanks you are right that same seemed to me also for /library but by looking at the headers if we test that then there are internal pages which when used might need that sort of modification and it does work that way.But looking at the headers in each of the different location if we add a ProxyPass directive then that will not be a good thing.

How ever following your previous suggestion I have obtained a different URL for the same.
Check this on a new site of mine for sakai

social.openitup.in

the Apache Configuration for this one is

Quote:

<VirtualHost *:80 >

ServerName social.openitup.in
ServerAdmin webmaster@localhost
ServerName social.openitup.in

ProxyRequests off
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
ProxyPass / ajp://192.168.1.4:8009
ProxyPassReverse / ajp://192.168.1.4:8009

</VirtualHost>

If you see on my new link social.openitup.in the Tomcat home page can be seen.
I think we are close enough.

in the file sakai.properties I have following entry

Quote:

serverUrl=http://localhost:80

The above file is on different machine i.e. where sakai is present.

server.xml
I have commented following

Quote:

and enabled following

Quote:

I think by now we have followed the instructions on doc correctly.
But some thing is still missing.Let me know what you think for this new URL social.openitup.in for sakai.
I got your point for /library and other URL's I had observed that in http_live plugin for firefox.

bathory · 02-03-2011, 02:53 AM

Hi,

According to the documentation (par. 2.2), you need an index.html page that redirects / to /portal
I think that in sakai.properties you should replace localhost with the hostname (or the IP address?) of the box running tomcat in the following 2 places:

Quote:

# The URL to the server, including transport, DNS name, and port, if any.
serverUrl=http://localhost:80

# the DNS name of the server.
serverName=localhost

That's because your new site gives a 502 error response, due to some dns error

Also in your virtualhost, you have ServerName mentioned twice and you miss the

Code:

ProxyPreserveHost On