On Thu, Oct 31, 2013 at 3:06 PM, Chris Arnold
<carnold@xxxxxxxxxxxxxxxxxxx> wrote:
>>First of all, is "/folder/", "/path/" or "/share/"? You seem to have
>>used them all so far.. please be careful when anonymizing your config
>>that you aren't removing information that is necessary to determine
>>what is wrong....
>
> This really shouldn't matter what it is /folder /path/ or /share as long as i know what goes there. There is certain stuff that i do not want posted to a public mailing list and this is 1.
In fact, whether or not there is a trailing slash or not is possibly
one of the more important things in proxying. There should either be a
trailing slash on both sides of the ProxyPass, or on neither.
IE, these are both fine:
ProxyPass / http://foo/bar/
ProxyPass /baz http://foo/bar
These will probably be incorrect:
ProxyPass / http://foo/bar
ProxyPass /baz http://foo/bar/
To show why, assume /baz/qux is requested on the proxy, it will be
rewritten to these variants:
http://foo/bar/baz/qux (probably right)
http://foo/bar/qux (probably right)
http://foo/barbaz/qux (probably wrong)
http://foo/bar//qux (probably wrong)
>
>>Given your configuration, the error you are showing is impossible -
>>there is absolutely no way that "ProxyPass / /share/" could result in
>>the URL "/shareshare/" being requested on the backend. This leads me
>>to think that your configuration that you are showing here is not
>>indicative of the config you are running.
>
> Seems this is possible but here is the config:
>
> <IfDefine SSL>
> <IfDefine !NOSSL>
>
> <VirtualHost *:443>
>
> # General setup for the virtual host
> #DocumentRoot "/srv/www/htdocs"
> ServerName servername.tld:443
> ServerAlias mail.* ifolder.*
>
> #This rewrites https://mail.anydomain.tld to our mail server
> RewriteEngine On
> RewriteCond %{HTTP_HOST} ^mail\.
> RewriteCond %{HTTPS} on
> RewriteRule ^/(.*) https://192.168.124.3/$1 [P]
> #RedirectMatch ^/$ /zimbra/
>
> RewriteCond %{HTTP_HOST} ^webmail\.
> RewriteCond %{HTTPS} on
> RewriteRule ^/(.*) https://192.168.124.3/$1 [P]
>
>
>
> #ServerAdmin webmaster@xxxxxxxxxxx
> ErrorLog /var/log/apache2/error_log
> TransferLog /var/log/apache2/access_log
>
> SSLProxyEngine On
> ProxyPreserveHost On
> ProxyPass / https://192.168.123.3:8443/share
> ProxyPassReverse / https://192.168.123.3:8443/share
>
> Then there is a series of SSL entries and then:
>
> </VirtualHost>
>
> </IfDefine>
> </IfDefine>
>
Seems like tomcat wants you to access "/share" and not "/share/". When
you access "/share/", tomcat sends you a redirect to "/share", and
there is one of your problems. You should probably fix tomcat so that
it is happy with you accessing "/share/", as this will massively
simplify your proxy setup.
The second problem is probably the ProxyPassReverse not matching what
tomcat generates. ProxyPassReverse works by doing a string replace on
various headers like 'Location' - it will replace the 2nd argument
with the first argument, and then generates a full URI according to
your httpd vhost settings (ServerName and UseCanonicalName settings
mainly). If the 2nd argument does not match the hostname/uris
generated by tomcat, then it will have no effect - this is a common
proxy setup pitfall.
Examine the URL generated by directly requesting that URL on the
tomcat server and looking at the Location header.
Cheers
Tom
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|