Hi, I have a problem with our reverse proxy. I asked this question to the tomcat-users mailinglist, too, but no one could help me and I am absolutely stuck with this problem. So, I hope some of the httpd experts here, may have an idea: Our configuration is a Apache 2.2 web server, acting as a reverse proxy for Tomcat 6. This is the configuration: ServerName it.localhost.de ProxyPass / ajp://127.0.0.1:8009/spike/ ProxyPassReverse / ajp://127.0.0.1:8009/spike/ ProxyPassReverseCookiePath /spike / (This is the configuration in the VirtualHost entry for port 80. There is a second VHost for SSL with SSLProxyEngine On and SSLEngine On). As you can see, the webapp is hosted under ContextPath /spike but available through the proxy via /. Everything works fine, until the webapp sends an redirect to HTTPS. This is done via SpringSecurity. The problem is, that the ProxyPassReverse directive doesn't catch the ContextPath and converts it, if it includes the complete address. These are the logs from the web browser: GET http://it.localhost.de/users/65 => 302 => https://it.localhost.de/spike/users/65 1) Why does the ProxyPassReverse doesn't convert the /spike back to / in https://it.localhost.de/spike/users/65? Is it because the Header isn't relative? The protocol is still AJP and so the Proxy should know how to convert it, right? 1a) If so, how could the webapp switch from http to https and vice versa, when not able to send the absolute address with a new protocol? After this, I tried to set additional ProxyPassReverse directives: ProxyPassReverse / https://it.localhost.de/spike/ ProxyPassReverse / http://it.localhost.de/spike/ This time, the /spike/ is converted to /, but the two directives leads to an infintive loop of redirects to http://it.localhost.de/<REQUEST-URI>. 2) How can I stop this loop? or better 3) How can I configure the ProxyPassReverse correctly? Thank you very much for any help Timo Here are the debug information from httpd: [Tue Apr 27 16:54:39 2010] [debug] mod_proxy_ajp.c(239): proxy: APR_BUCKET_IS_EOS [Tue Apr 27 16:54:39 2010] [debug] mod_proxy_ajp.c(244): proxy: data to read (max 8186 at 4) [Tue Apr 27 16:54:39 2010] [debug] mod_proxy_ajp.c(259): proxy: got 0 bytes of data [Tue Apr 27 16:54:39 2010] [debug] ajp_header.c(652): ajp_read_header: ajp_ilink_received 04 [Tue Apr 27 16:54:39 2010] [debug] ajp_header.c(662): ajp_parse_type: got 04 [Tue Apr 27 16:54:39 2010] [debug] ajp_header.c(491): ajp_unmarshal_response: status = 302 [Tue Apr 27 16:54:39 2010] [debug] ajp_header.c(502): ajp_unmarshal_response: Number of headers is = 2 [Tue Apr 27 16:54:39 2010] [debug] proxy_util.c(1071): ppr: real: ajp://127.0.0.1:9091/spike/ [Tue Apr 27 16:54:39 2010] [debug] ajp_header.c(564): ajp_unmarshal_response: Header[0] [Location] = [https://it.localhost.de/spike/users/3] [Tue Apr 27 16:54:39 2010] [debug] ajp_header.c(564): ajp_unmarshal_response: Header[1] [Content-Length] = [0] [Tue Apr 27 16:54:39 2010] [debug] ajp_header.c(652): ajp_read_header: ajp_ilink_received 05 [Tue Apr 27 16:54:39 2010] [debug] ajp_header.c(662): ajp_parse_type: got 05 [Tue Apr 27 16:54:39 2010] [debug] mod_proxy_ajp.c(498): proxy: got response from 127.0.0.1:9091 (127.0.0.1) [Tue Apr 27 16:54:39 2010] [debug] proxy_util.c(2062): proxy: AJP: has released connection for (127.0.0.1) [Tue Apr 27 16:54:39 2010] [info] Initial (No.1) HTTPS request received for child 9 (server it.localhost.de:80) [Tue Apr 27 16:54:44 2010] [debug] mod_proxy_ajp.c(45): proxy: AJP: canonicalising URL //127.0.0.1:9091/spike/spike/users/3 [Tue Apr 27 16:54:44 2010] [debug] proxy_util.c(1488): [client 85.183.135.210] proxy: ajp: found worker ajp://127.0.0.1:9091/spike/ for ajp://127.0.0.1:9091/spike/spike/users/3, referer: http://it.localhost.de/ Problem is that the "ajp_unmarshal_response: Header[0] [Location] = [https://it.localhost.de/spike/users/3]"; doesn't remove the /spike in the response, so that the next request will lead to the doubled-context-path: ajp://127.0.0.1:9091/spike/spike/users/3. --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|