Re: Another mod_proxy Question/Issue

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, Oct 31, 2013 at 3:06 PM, Chris Arnold
<carnold@xxxxxxxxxxxxxxxxxxx> wrote:
>>First of all, is "/folder/", "/path/" or "/share/"? You seem to have
>>used them all so far.. please be careful when anonymizing your config
>>that you aren't removing information that is necessary to determine
>>what is wrong....
>
> This really shouldn't matter what it is /folder /path/ or /share as long as i know what goes there. There is certain stuff that i do not want posted to a public mailing list and this is 1.

In fact, whether or not there is a trailing slash or not is possibly
one of the more important things in proxying. There should either be a
trailing slash on both sides of the ProxyPass, or on neither.

IE, these are both fine:

ProxyPass / http://foo/bar/
ProxyPass /baz http://foo/bar

These will probably be incorrect:

ProxyPass / http://foo/bar
ProxyPass /baz http://foo/bar/

To show why, assume /baz/qux is requested on the proxy, it will be
rewritten to these variants:

http://foo/bar/baz/qux (probably right)
http://foo/bar/qux (probably right)
http://foo/barbaz/qux (probably wrong)
http://foo/bar//qux (probably wrong)

>
>>Given your configuration, the error you are showing is impossible -
>>there is absolutely no way that "ProxyPass / /share/" could result in
>>the URL "/shareshare/" being requested on the backend. This leads me
>>to think that your configuration that you are showing here is not
>>indicative of the config you are running.
>
> Seems this is possible but here is the config:
>
> <IfDefine SSL>
> <IfDefine !NOSSL>
>
> <VirtualHost *:443>
>
>         #  General setup for the virtual host
>         #DocumentRoot "/srv/www/htdocs"
>         ServerName servername.tld:443
>         ServerAlias mail.* ifolder.*
>
>         #This rewrites https://mail.anydomain.tld to our mail server
>         RewriteEngine On
>         RewriteCond %{HTTP_HOST} ^mail\.
>         RewriteCond %{HTTPS} on
>         RewriteRule ^/(.*) https://192.168.124.3/$1 [P]
>         #RedirectMatch ^/$ /zimbra/
>
>         RewriteCond %{HTTP_HOST} ^webmail\.
>         RewriteCond %{HTTPS} on
>         RewriteRule ^/(.*) https://192.168.124.3/$1 [P]
>
>
>
>         #ServerAdmin webmaster@xxxxxxxxxxx
>         ErrorLog /var/log/apache2/error_log
>         TransferLog /var/log/apache2/access_log
>
>         SSLProxyEngine On
>         ProxyPreserveHost On
>         ProxyPass / https://192.168.123.3:8443/share
>         ProxyPassReverse / https://192.168.123.3:8443/share
>
> Then there is a series of SSL entries and then:
>
> </VirtualHost>
>
> </IfDefine>
> </IfDefine>
>


Seems like tomcat wants you to access "/share" and not "/share/". When
you access "/share/", tomcat sends you a redirect to "/share", and
there is one of your problems. You should probably fix tomcat so that
it is happy with you accessing "/share/", as this will massively
simplify your proxy setup.

The second problem is probably the ProxyPassReverse not matching what
tomcat generates. ProxyPassReverse works by doing a string replace on
various headers like 'Location' - it will replace the 2nd argument
with the first argument, and then generates a full URI according to
your httpd vhost settings (ServerName and UseCanonicalName settings
mainly). If the 2nd argument does not match the hostname/uris
generated by tomcat, then it will have no effect - this is a common
proxy setup pitfall.

Examine the URL generated by directly requesting that URL on the
tomcat server and looking at the Location header.

Cheers

Tom

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx





[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux